From 2f9c201f3e9f20c93e432326c0ddfdb19229b02a Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 10:43:34 -0800 Subject: [PATCH 01/13] Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs. --- initrd/bin/config-gui.sh | 135 +++++++++++++++++++++++++++++++++++++++ initrd/bin/gui-init | 6 ++ 2 files changed, 141 insertions(+) create mode 100755 initrd/bin/config-gui.sh diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh new file mode 100755 index 000000000..c716a77d1 --- /dev/null +++ b/initrd/bin/config-gui.sh @@ -0,0 +1,135 @@ +#!/bin/sh +# +set -e -o pipefail +. /etc/functions +. /etc/config + +file_selector() { + FILE="" + FILE_LIST=$1 + MENU_MSG=${2:-"Choose the file"} +# create file menu options + if [ `cat "$FILE_LIST" | wc -l` -gt 0 ]; then + option="" + while [ -z "$option" ] + do + MENU_OPTIONS="" + n=0 + while read option + do + n=`expr $n + 1` + option=$(echo $option | tr " " "_") + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < $FILE_LIST + + MENU_OPTIONS="$MENU_OPTIONS a Abort" + whiptail --clear --title "Select your File" \ + --menu "${MENU_MSG} [1-$n, a to abort]:" 20 120 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail || die "Aborting" + + option_index=$(cat /tmp/whiptail) + + if [ "$option_index" = "a" ]; then + option="a" + return + fi + + option=`head -n $option_index $FILE_LIST | tail -1` + if [ "$option" == "a" ]; then + return + fi + done + if [ -n "$option" ]; then + FILE=$option + fi + else + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \ + --msgbox "No Files found matching the pattern. Aborting." 16 60 + exit 1 + fi +} +replace_config() { + CONFIG_OPTION=$1 + NEW_SETTING=$2 + + awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /etc/config > /tmp/config + awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /etc/config >> /tmp/config + grep -v "^export ${CONFIG_OPTION}=" /etc/config | grep -v "^${CONFIG_OPTION}=" >> /tmp/config + mv /tmp/config /etc/config +} + +while true; do + unset menu_choice + whiptail --clear --title "Config Management Menu" \ + --menu "This menu lets you change existing configuration options for the existing BIOS session.\n\nIf you want those changes to persist after reboot\n\nyou must also save them to the running BIOS." 20 90 10 \ + 'b' ' Change the /boot device' \ + 'u' ' Change the USB boot device' \ + 's' ' Save the current configuration to the running BIOS' \ + 'x' ' Exit' \ + 2>/tmp/whiptail || recovery "GUI menu failed" + + menu_choice=$(cat /tmp/whiptail) + + case "$menu_choice" in + "x" ) + exit 0 + ;; + "b" ) + CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'` + find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt + file_selector "/tmp/filelist.txt" "Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION." + if [ "$FILE" == "" ]; then + return + else + SELECTED_FILE=$FILE + fi + + replace_config "CONFIG_BOOT_DEV" "$SELECTED_FILE" + + whiptail --title 'Config change successful' \ + --msgbox "The /boot device was successfully changed to $SELECTED_FILE" 16 60 + ;; + "u" ) + CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'` + find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt + file_selector "/tmp/filelist.txt" "Choose the default USB boot device.\n\nCurrently set to $CURRENT_OPTION." + if [ "$FILE" == "" ]; then + return + else + SELECTED_FILE=$FILE + fi + + replace_config "CONFIG_USB_BOOT_DEV" "$SELECTED_FILE" + + whiptail --title 'Config change successful' \ + --msgbox "The USB boot device was successfully changed to $SELECTED_FILE" 16 60 + ;; + "s" ) + /bin/flash.sh -r /tmp/config-gui.rom + if [ ! -s /tmp/config-gui.rom ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \ + --msgbox "Unable to read BIOS" 16 60 + exit 1 + fi + + if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config") then + cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config" + fi + cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config" -f /etc/config + + if (whiptail --title 'Update ROM?' \ + --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then + /bin/flash.sh /tmp/config-gui.rom + whiptail --title 'BIOS Updated Successfully' \ + --msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60 + umount /media + /bin/reboot + else + exit 0 + fi + ;; + esac + +done +exit 0 diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 957ebba41..20f12280b 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -183,6 +183,7 @@ while true; do --menu "Configure Advanced Settings" 20 90 10 \ 'g' ' Generate new TOTP/HOTP secret' \ 's' ' Update checksums and sign all files in /boot' \ + 'c' ' Change configuration settings -->' \ 'f' ' Flash/Update the BIOS -->' \ 'p' ' Reset the TPM' \ 'n' ' TOTP/HOTP does not match after refresh, troubleshoot' \ @@ -286,6 +287,11 @@ while true; do continue fi + if [ "$totp_confirm" = "c" ]; then + config-gui.sh + continue + fi + if [ "$totp_confirm" = "f" ]; then flash-gui.sh continue From de18c706dcdb3bc6d7b4fa7c53403713356a684c Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 12:56:39 -0800 Subject: [PATCH 02/13] Load USB modules before scanning for USB devices --- initrd/bin/config-gui.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index c716a77d1..5ce137b03 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -91,6 +91,9 @@ while true; do --msgbox "The /boot device was successfully changed to $SELECTED_FILE" 16 60 ;; "u" ) + whiptail --title 'Insert a USB thumb drive' \ + --msgbox "Insert a USB thumb drive so we can detect the device" 16 60 + enable_usb CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'` find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the default USB boot device.\n\nCurrently set to $CURRENT_OPTION." @@ -123,7 +126,6 @@ while true; do /bin/flash.sh /tmp/config-gui.rom whiptail --title 'BIOS Updated Successfully' \ --msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60 - umount /media /bin/reboot else exit 0 From f47df1edd688ef862564d417064402ab52ad59d0 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 13:10:45 -0800 Subject: [PATCH 03/13] Use mount-usb instead of enable_usb to find USB drives --- initrd/bin/config-gui.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 5ce137b03..941479480 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -93,7 +93,7 @@ while true; do "u" ) whiptail --title 'Insert a USB thumb drive' \ --msgbox "Insert a USB thumb drive so we can detect the device" 16 60 - enable_usb + mount-usb CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'` find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the default USB boot device.\n\nCurrently set to $CURRENT_OPTION." From 49a131fa4b523a33779920a65331169168bdce9d Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 13:51:46 -0800 Subject: [PATCH 04/13] Fix formatting on the default config GUI menu text --- initrd/bin/config-gui.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 941479480..67c5fbfaf 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -62,7 +62,7 @@ replace_config() { while true; do unset menu_choice whiptail --clear --title "Config Management Menu" \ - --menu "This menu lets you change existing configuration options for the existing BIOS session.\n\nIf you want those changes to persist after reboot\n\nyou must also save them to the running BIOS." 20 90 10 \ + --menu "This menu lets you change settings for the current BIOS session.\n\nAll changes will revert after a reboot,\n\nunless you also save them to the running BIOS." 20 90 10 \ 'b' ' Change the /boot device' \ 'u' ' Change the USB boot device' \ 's' ' Save the current configuration to the running BIOS' \ From 3eb62eed1a18caae4161ecb956c20b1f203212c3 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 15:24:28 -0800 Subject: [PATCH 05/13] Use global /tmp/config that combines multiple config files As part of the config gui we want to be able to have the system define new config options without them being lost if the user makes their own changes in CBFS. To allow that this change creates a function initiated in init that combines all /etc/config* files into /tmp/config. All existing scripts have been changed to source /tmp/config instead of /etc/config. The config-gui.sh script now uses /etc/config.user to hold user configuration options but the combine_configs function will allow that to expand as others want to split configuration out further. As it stands here are the current config files: /etc/config -- Compiled-in configuration options /etc/config.user -- User preferences that override /etc/config /tmp/config -- Running config referenced by the BIOS, combination of existing configs --- initrd/bin/config-gui.sh | 27 ++++++++++----------------- initrd/bin/flash-gui.sh | 2 +- initrd/bin/flash.sh | 2 +- initrd/bin/generic-init | 2 +- initrd/bin/gui-init | 2 +- initrd/bin/kexec-boot | 2 +- initrd/bin/kexec-iso-init | 2 +- initrd/bin/kexec-save-default | 2 +- initrd/bin/kexec-seal-key | 2 +- initrd/bin/kexec-select-boot | 2 +- initrd/bin/kexec-sign-config | 2 +- initrd/bin/usb-init | 2 +- initrd/bin/usb-scan | 2 +- initrd/bin/x230-flash.init | 2 +- initrd/etc/functions | 17 +++++++++++++++++ initrd/init | 3 ++- 16 files changed, 42 insertions(+), 31 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 67c5fbfaf..55b3831c4 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -2,7 +2,7 @@ # set -e -o pipefail . /etc/functions -. /etc/config +. /tmp/config file_selector() { FILE="" @@ -49,15 +49,6 @@ file_selector() { exit 1 fi } -replace_config() { - CONFIG_OPTION=$1 - NEW_SETTING=$2 - - awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /etc/config > /tmp/config - awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /etc/config >> /tmp/config - grep -v "^export ${CONFIG_OPTION}=" /etc/config | grep -v "^${CONFIG_OPTION}=" >> /tmp/config - mv /tmp/config /etc/config -} while true; do unset menu_choice @@ -76,7 +67,7 @@ while true; do exit 0 ;; "b" ) - CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'` + CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /tmp/config | cut -f2 -d '=' | tr -d '"'` find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION." if [ "$FILE" == "" ]; then @@ -85,7 +76,8 @@ while true; do SELECTED_FILE=$FILE fi - replace_config "CONFIG_BOOT_DEV" "$SELECTED_FILE" + replace_config /etc/config.user "CONFIG_BOOT_DEV" "$SELECTED_FILE" + combine_configs whiptail --title 'Config change successful' \ --msgbox "The /boot device was successfully changed to $SELECTED_FILE" 16 60 @@ -94,7 +86,7 @@ while true; do whiptail --title 'Insert a USB thumb drive' \ --msgbox "Insert a USB thumb drive so we can detect the device" 16 60 mount-usb - CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'` + CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /tmp/config | cut -f2 -d '=' | tr -d '"'` find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the default USB boot device.\n\nCurrently set to $CURRENT_OPTION." if [ "$FILE" == "" ]; then @@ -103,7 +95,8 @@ while true; do SELECTED_FILE=$FILE fi - replace_config "CONFIG_USB_BOOT_DEV" "$SELECTED_FILE" + replace_config /etc/config.user "CONFIG_USB_BOOT_DEV" "$SELECTED_FILE" + combine_configs whiptail --title 'Config change successful' \ --msgbox "The USB boot device was successfully changed to $SELECTED_FILE" 16 60 @@ -116,10 +109,10 @@ while true; do exit 1 fi - if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config") then - cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config" + if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then + cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user" fi - cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config" -f /etc/config + cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user if (whiptail --title 'Update ROM?' \ --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index 191d977b0..277a4faeb 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -2,7 +2,7 @@ # set -e -o pipefail . /etc/functions -. /etc/config +. /tmp/config mount_usb(){ # Mount the USB boot device diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 4b70ac8ad..e89c9a98c 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -4,7 +4,7 @@ # set -e -o pipefail . /etc/functions -. /etc/config +. /tmp/config case "$CONFIG_BOARD" in librem* ) diff --git a/initrd/bin/generic-init b/initrd/bin/generic-init index c0808e48e..b63b0a05c 100755 --- a/initrd/bin/generic-init +++ b/initrd/bin/generic-init @@ -2,7 +2,7 @@ # Boot from a local disk installation . /etc/functions -. /etc/config +. /tmp/config mount_boot() { diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 20f12280b..32dfc920d 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -4,7 +4,7 @@ CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu' . /etc/functions -. /etc/config +. /tmp/config mount_boot() { diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot index 7d7d83674..49e48aeef 100755 --- a/initrd/bin/kexec-boot +++ b/initrd/bin/kexec-boot @@ -1,7 +1,7 @@ #!/bin/sh # Launches kexec from saved configuration entries set -e -o pipefail -. /etc/config +. /tmp/config . /etc/functions dryrun="n" diff --git a/initrd/bin/kexec-iso-init b/initrd/bin/kexec-iso-init index 755ebba60..ebe48fe0c 100755 --- a/initrd/bin/kexec-iso-init +++ b/initrd/bin/kexec-iso-init @@ -2,7 +2,7 @@ # Boot from signed ISO set -e -o pipefail . /etc/functions -. /etc/config +. /tmp/config MOUNTED_ISO_PATH="$1" ISO_PATH="$2" diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index 0bbaa1002..85ac3f27e 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -1,7 +1,7 @@ #!/bin/sh # Save these options to be the persistent default set -e -o pipefail -. /etc/config +. /tmp/config . /etc/functions while getopts "b:d:p:i:" arg; do diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index da5a187e2..f574b5587 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -11,7 +11,7 @@ TPM_SEALED="/tmp/secret/secret.sealed" RECOVERY_KEY="/tmp/secret/recovery.key" . /etc/functions -. /etc/config +. /tmp/config paramsdir=$1 if [ -z "$paramsdir" ]; then diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 4a1f2a73c..ab8002fef 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -1,7 +1,7 @@ #!/bin/sh # Generic configurable boot script via kexec set -e -o pipefail -. /etc/config +. /tmp/config . /etc/functions add="" diff --git a/initrd/bin/kexec-sign-config b/initrd/bin/kexec-sign-config index 1ff9f46c9..23cdf28d9 100755 --- a/initrd/bin/kexec-sign-config +++ b/initrd/bin/kexec-sign-config @@ -1,7 +1,7 @@ #!/bin/sh # Sign a valid directory of kexec params set -e -o pipefail -. /etc/config +. /tmp/config . /etc/functions rollback="n" diff --git a/initrd/bin/usb-init b/initrd/bin/usb-init index 5ddfdff12..4a52b262d 100755 --- a/initrd/bin/usb-init +++ b/initrd/bin/usb-init @@ -2,7 +2,7 @@ # Boot a USB installation . /etc/functions -. /etc/config +. /tmp/config if [ "$CONFIG_TPM" = "y" ]; then # Extend PCR4 as soon as possible diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan index 57f6879b0..6d3eda27d 100755 --- a/initrd/bin/usb-scan +++ b/initrd/bin/usb-scan @@ -2,7 +2,7 @@ # Scan for USB installation options set -e -o pipefail . /etc/functions -. /etc/config +. /tmp/config # Unmount any previous boot device if grep -q /boot /proc/mounts ; then diff --git a/initrd/bin/x230-flash.init b/initrd/bin/x230-flash.init index a4d22c0fc..e02dcf5d8 100755 --- a/initrd/bin/x230-flash.init +++ b/initrd/bin/x230-flash.init @@ -3,7 +3,7 @@ # invoke a recovery shell and prompt the user for how to proceed . /etc/functions -. /etc/config +. /tmp/config insmod /lib/modules/ehci-hcd.ko insmod /lib/modules/ehci-pci.ko diff --git a/initrd/etc/functions b/initrd/etc/functions index 4488476a4..e556c9607 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -217,3 +217,20 @@ preserve_rom() { fi done } +replace_config() { + CONFIG_FILE=$1 + CONFIG_OPTION=$2 + NEW_SETTING=$3 + +# first pull out the existing option from the global config and place in a tmp file + awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config > ${CONFIG_FILE}.tmp + awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >> ${CONFIG_FILE}.tmp + +# then copy any remaining settings from the existing config file, minus the option you changed + grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >> ${CONFIG_FILE}.tmp + + mv ${CONFIG_FILE}.tmp ${CONFIG_FILE} +} +combine_configs() { + sort /etc/config* | uniq > /tmp/config +} diff --git a/initrd/init b/initrd/init index d489f6ae5..4410c6fbc 100755 --- a/initrd/init +++ b/initrd/init @@ -40,7 +40,8 @@ hwclock -l -s # Read the system configuration parameters . /etc/functions -. /etc/config +combine_configs +. /tmp/config # Add our boot devices into the /etc/fstab, if they are defined # in the configuration file. From dd3f650b81c93f8848c081af1a04d0773b5e9ea7 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 15:41:20 -0800 Subject: [PATCH 06/13] Just load usb-storage module, not mount, bugfix in replace_config We need to handle the case where the specific config file doesn't exist, or else grep fails, so we touch the file ahead of time. Mounting the usb storage caused problems when you re-enter the menu a second time, so we will just load the storage module. --- initrd/bin/config-gui.sh | 10 +++++++++- initrd/etc/functions | 15 ++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 55b3831c4..5d58e7930 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -85,7 +85,15 @@ while true; do "u" ) whiptail --title 'Insert a USB thumb drive' \ --msgbox "Insert a USB thumb drive so we can detect the device" 16 60 - mount-usb + + enable_usb + + if ! lsmod | grep -q usb_storage; then + insmod /lib/modules/usb-storage.ko \ + || die "usb_storage: module load failed" + sleep 5 + fi + CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /tmp/config | cut -f2 -d '=' | tr -d '"'` find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the default USB boot device.\n\nCurrently set to $CURRENT_OPTION." diff --git a/initrd/etc/functions b/initrd/etc/functions index e556c9607..cd8e1395e 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -218,18 +218,19 @@ preserve_rom() { done } replace_config() { - CONFIG_FILE=$1 - CONFIG_OPTION=$2 - NEW_SETTING=$3 + CONFIG_FILE=$1 + CONFIG_OPTION=$2 + NEW_SETTING=$3 + touch $CONFIG_FILE # first pull out the existing option from the global config and place in a tmp file - awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config > ${CONFIG_FILE}.tmp - awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >> ${CONFIG_FILE}.tmp + awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config > ${CONFIG_FILE}.tmp + awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >> ${CONFIG_FILE}.tmp # then copy any remaining settings from the existing config file, minus the option you changed - grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >> ${CONFIG_FILE}.tmp + grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >> ${CONFIG_FILE}.tmp - mv ${CONFIG_FILE}.tmp ${CONFIG_FILE} + mv ${CONFIG_FILE}.tmp ${CONFIG_FILE} } combine_configs() { sort /etc/config* | uniq > /tmp/config From 1e9491f98d33b05be030add26359dfbcb75fa0ed Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 16:10:10 -0800 Subject: [PATCH 07/13] Handle the case where grep operates on an empty file There are cases when grepping for an option in the config file where grep will not find it, which is fine in this case, but without adjusting the exit code in that case it can make an entire script bail out. --- initrd/etc/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/etc/functions b/initrd/etc/functions index cd8e1395e..782e08e80 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -228,7 +228,7 @@ replace_config() { awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >> ${CONFIG_FILE}.tmp # then copy any remaining settings from the existing config file, minus the option you changed - grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >> ${CONFIG_FILE}.tmp + grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >> ${CONFIG_FILE}.tmp || true mv ${CONFIG_FILE}.tmp ${CONFIG_FILE} } From 64484206ed950b51eed77b74dc491733e97f9443 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 16:27:36 -0800 Subject: [PATCH 08/13] Load cbfs before combining configs and building fstab --- initrd/init | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/initrd/init b/initrd/init index 4410c6fbc..4b4eefb25 100755 --- a/initrd/init +++ b/initrd/init @@ -40,6 +40,15 @@ hwclock -l -s # Read the system configuration parameters . /etc/functions +. /etc/config + +if [ "$CONFIG_COREBOOT" = "y" ]; then + /bin/cbfs-init +fi +if [ "$CONFIG_LINUXBOOT" = "y" ]; then + /bin/uefi-init +fi + combine_configs . /tmp/config @@ -52,12 +61,6 @@ if [ ! -z "$CONFIG_USB_BOOT_DEV" ]; then echo >> /etc/fstab "$CONFIG_USB_BOOT_DEV /media auto defaults,ro 0 0" fi -if [ "$CONFIG_COREBOOT" = "y" ]; then - /bin/cbfs-init -fi -if [ "$CONFIG_LINUXBOOT" = "y" ]; then - /bin/uefi-init -fi /bin/key-init # Setup recovery serial shell From 8b8be510a26f6b15bb0f5abfc7150a8ecad5ccdf Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 16:29:09 -0800 Subject: [PATCH 09/13] Do not sort config options, just cat to preserve precedence If we sort | uniq config options, then the lowest in the sort will get precedence, when what we want is for user preferences to override system ones. --- initrd/etc/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/etc/functions b/initrd/etc/functions index 782e08e80..553f4b274 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -233,5 +233,5 @@ replace_config() { mv ${CONFIG_FILE}.tmp ${CONFIG_FILE} } combine_configs() { - sort /etc/config* | uniq > /tmp/config + cat /etc/config* > /tmp/config } From ab0f9dd32e1847d784d1cba265d8303ea90ddb7d Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 16:34:47 -0800 Subject: [PATCH 10/13] Move custom configs below recovery shell For safety it would be better if we source any custom configs after the recovery shell in init. That way we can recover from any config mistakes. --- initrd/init | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/initrd/init b/initrd/init index 4b4eefb25..a44776743 100755 --- a/initrd/init +++ b/initrd/init @@ -49,18 +49,6 @@ if [ "$CONFIG_LINUXBOOT" = "y" ]; then /bin/uefi-init fi -combine_configs -. /tmp/config - -# Add our boot devices into the /etc/fstab, if they are defined -# in the configuration file. -if [ ! -z "$CONFIG_BOOT_DEV" ]; then - echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0" -fi -if [ ! -z "$CONFIG_USB_BOOT_DEV" ]; then - echo >> /etc/fstab "$CONFIG_USB_BOOT_DEV /media auto defaults,ro 0 0" -fi - /bin/key-init # Setup recovery serial shell @@ -91,6 +79,18 @@ if [ "$boot_option" = "r" ]; then exit fi +combine_configs +. /tmp/config + +# Add our boot devices into the /etc/fstab, if they are defined +# in the configuration file. +if [ ! -z "$CONFIG_BOOT_DEV" ]; then + echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0" +fi +if [ ! -z "$CONFIG_USB_BOOT_DEV" ]; then + echo >> /etc/fstab "$CONFIG_USB_BOOT_DEV /media auto defaults,ro 0 0" +fi + if [ ! -x "$CONFIG_BOOTSCRIPT" -a ! -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then recovery 'Boot script missing? Entering recovery shell' else From 43a858e25ce325407b63260d0da9ab5420a532e3 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 16:45:40 -0800 Subject: [PATCH 11/13] Show the last setting for a config option if more than one exist --- initrd/bin/config-gui.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 5d58e7930..2a116bee7 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -67,7 +67,7 @@ while true; do exit 0 ;; "b" ) - CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /tmp/config | cut -f2 -d '=' | tr -d '"'` + CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'` find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION." if [ "$FILE" == "" ]; then @@ -94,7 +94,7 @@ while true; do sleep 5 fi - CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /tmp/config | cut -f2 -d '=' | tr -d '"'` + CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'` find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the default USB boot device.\n\nCurrently set to $CURRENT_OPTION." if [ "$FILE" == "" ]; then From 6ebabc5b94cea6cb94669bdfcbaa6e08ce19dc04 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 6 Dec 2018 16:51:43 -0800 Subject: [PATCH 12/13] Remove any duplicate config options from config.user --- initrd/etc/functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/initrd/etc/functions b/initrd/etc/functions index 553f4b274..1f7896ac2 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -229,8 +229,8 @@ replace_config() { # then copy any remaining settings from the existing config file, minus the option you changed grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >> ${CONFIG_FILE}.tmp || true - - mv ${CONFIG_FILE}.tmp ${CONFIG_FILE} + sort ${CONFIG_FILE}.tmp | uniq > ${CONFIG_FILE} + rm -f ${CONFIG_FILE}.tmp } combine_configs() { cat /etc/config* > /tmp/config From 181c621c843e7c0c3f6ebcf91d127fb77cb60639 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 8 Feb 2019 10:25:12 -0800 Subject: [PATCH 13/13] Touch /tmp/config when entering recovery mode --- initrd/etc/functions | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/initrd/etc/functions b/initrd/etc/functions index 1f7896ac2..8913870ec 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -17,6 +17,10 @@ recovery() { # but recreate the directory so that new tools can use it. rm -rf /tmp/secret mkdir -p /tmp/secret + + # ensure /tmp/config exists for recovery scripts that depend on it + touch /tmp/config + if [ "$CONFIG_TPM" = y ]; then tpm extend -ix 4 -ic recovery fi