mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-31 00:24:17 +00:00
d67360a24b
Changed the checking of required hashes or required rollback state to be right before boot, allowing the user to sign/set defaults in interactive mode. Also cleaned up usages of recovery and fixed iso parameter regression.
21 lines
370 B
Bash
Executable File
21 lines
370 B
Bash
Executable File
#!/bin/sh
|
|
# Boot a USB installation
|
|
|
|
. /etc/functions
|
|
. /etc/config
|
|
|
|
# Confirm we have a good TOTP unseal
|
|
if ! confirm_totp ; then
|
|
recovery 'Failed to unseal TOTP'
|
|
fi
|
|
|
|
# Extend PCR4 as soon as possible
|
|
tpm extend -ix 4 -ic usb
|
|
|
|
if [ ! "$totp_confirm" = "y" ]; then
|
|
recovery "Failed to confirm validity of TOTP"
|
|
fi
|
|
|
|
usb-scan
|
|
recovery "Something failed during USB boot"
|