mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-12 07:52:56 +00:00
baa30a2026
USB smart card readers are most full speed devices, and there is no "rate-matching hubs" beneath the root hub on older (e.g. GM45) plat- forms, which has companion OHCI or UHCI controllers and needs cor- responding drivers to communicate with card readers directly plugged into the motherboard, otherwise a discrete USB hub should be inserted between the motherboard and the reader. This time I make inserting linux modules for OHCI and UHCI controllable with option CONFIG_LINUX_USB_COMPANION_CONTROLLER. A linux config for x200 is added as an example. Tested on my x200s and elitebook revolve 810g1.
65 lines
1.4 KiB
Bash
Executable File
65 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
# Sign a valid directory of kexec params
|
|
set -e -o pipefail
|
|
. /etc/config
|
|
. /etc/functions
|
|
|
|
rollback="n"
|
|
update_counter="n"
|
|
while getopts "p:c:u" arg; do
|
|
case $arg in
|
|
p) paramsdir="$OPTARG" ;;
|
|
c) counter="$OPTARG"; rollback="y" ;;
|
|
u) update_counter="y"; rollback="y" ;;
|
|
esac
|
|
done
|
|
|
|
if [ -z "$paramsdir" ]; then
|
|
die "Usage: $0 -p /boot [ -u | -c counter ]"
|
|
fi
|
|
|
|
paramsdir="${paramsdir%%/}"
|
|
|
|
confirm_gpg_card
|
|
|
|
if [ "$rollback" = "y" ]; then
|
|
rollback_file="$paramsdir/kexec_rollback.txt"
|
|
|
|
if [ -n "$counter" ]; then
|
|
# use existing counter
|
|
read_tpm_counter $counter \
|
|
|| die "$paramsdir: Unable to read tpm counter '$counter'"
|
|
else
|
|
# increment counter
|
|
check_tpm_counter $rollback_file \
|
|
|| die "$paramsdir: Unable to find/create tpm counter"
|
|
counter="$TPM_COUNTER"
|
|
|
|
increment_tpm_counter $counter \
|
|
|| die "$paramsdir: Unable to increment tpm counter"
|
|
fi
|
|
|
|
sha256sum /tmp/counter-$counter > $rollback_file \
|
|
|| die "$paramsdir: Unable to create rollback file"
|
|
fi
|
|
|
|
param_files=`find $paramsdir/kexec*.txt`
|
|
if [ -z "$param_files" ]; then
|
|
die "$paramsdir: No kexec parameter files to sign"
|
|
fi
|
|
|
|
for tries in 1 2 3; do
|
|
if sha256sum $param_files | gpg \
|
|
--digest-algo SHA256 \
|
|
--detach-sign \
|
|
-a \
|
|
> $paramsdir/kexec.sig \
|
|
; then
|
|
# successful - update the validated params
|
|
check_config $paramsdir
|
|
exit 0
|
|
fi
|
|
done
|
|
|
|
die "$paramsdir: Unable to sign kexec hashes"
|