heads/initrd/init
2017-04-10 13:11:19 -04:00

67 lines
1.4 KiB
Bash
Executable File

#!/bin/ash
# First thing it is vital to mount the /dev and other system directories
mkdir /proc /sys /dev /tmp /boot /media 2>&- 1>&-
mount /dev
mount /proc
mount /sys
# Setup our path
export PATH=/sbin:/bin
# Now it is safe to print a banner
if [ -r /etc/motd ]; then
cat /etc/motd
fi
# Load the date from the hardware clock, setting it in local time
hwclock -l -s
# Read the system configuration parameters
. /config
if [ -z "$CONFIG_TIMEOUT" ]; then
CONFIG_TIMEOUT=10
fi
while true; do
boot_option=
# Verify the user's TPM secret
echo "TPM TOTP:"
if ! unsealtotp.sh ; then
echo '!!!!!'
echo '!!!!! TPM TOTP secret not found.'
echo '!!!!! This firmware can not be trusted.'
echo '!!!!! Entering recovery shell'
echo '!!!!!'
tpm extend -ix 4 -ic "tpm-failure"
exec /bin/ash
fi
# Secret decrypted ok, so prompt for a next step
read \
-t "$CONFIG_TIMEOUT" \
-p "Enter for normal boot or 'r' for recovery shell: " \
-n 1 \
boot_option
if [ "$boot_option" = "r" ]; then
# Start an interactive shell
echo '***** Starting recovery shell'
tpm extend -ix 4 -ic "recovery"
exec /bin/ash
fi
if [ "$boot_option" = "" ]; then
if [ ! -x "$CONFIG_BOOTSCRIPT" ]; then
echo '!!!!! Boot script missing? Entering recovery shell'
tpm extend -ix 4 -ic "boot-failure"
exec /bin/ash
fi
echo '***** Normal boot'
tpm extend -ix 4 -ic "normal-boot"
exec "$CONFIG_BOOTSCRIPT"
fi
done