From 9b62315c3672b68f6ffd2325e476134d980f418d Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Mon, 9 Nov 2020 16:19:36 -0800 Subject: [PATCH] compressed image, cleanup for upstreaming, automatic iso boot --- Makefile | 2 +- config/buildroot/board/x86_64/linux.config | 11 +- .../buildroot/configs/airgap_x86_64_defconfig | 4 +- config/config.env | 2 +- .../heads/boards/librem13v4/librem13v4.config | 39 ------- .../heads/boards/librem15v4/librem15v4.config | 40 ------- config/heads/patches/usb-boot.patch | 104 ++++++++++++++++-- scripts/fetch | 3 +- 8 files changed, 106 insertions(+), 99 deletions(-) delete mode 100644 config/heads/boards/librem13v4/librem13v4.config delete mode 100644 config/heads/boards/librem15v4/librem15v4.config diff --git a/Makefile b/Makefile index 7ebba95..d3725ac 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ build-fw: mkdir -p $(RELEASE_DIR) for device in $(DEVICES); do \ cp \ - build/heads/build/$${device}/PureBoot*.rom \ + build/heads/build/$${device}/pureboot*.rom \ $(RELEASE_DIR)/$${device}.rom ; \ done diff --git a/config/buildroot/board/x86_64/linux.config b/config/buildroot/board/x86_64/linux.config index 7c7633d..311ff68 100644 --- a/config/buildroot/board/x86_64/linux.config +++ b/config/buildroot/board/x86_64/linux.config @@ -1,5 +1,6 @@ +CONFIG_LOCALVERSION="AirgapOS" # CONFIG_LOCALVERSION_AUTO is not set -CONFIG_BUILD_SALT="4.19.0-5-amd64" +CONFIG_BUILD_SALT="5.7.19-amd64" CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y CONFIG_USELIB=y @@ -31,6 +32,11 @@ CONFIG_USER_NS=y CONFIG_CHECKPOINT_RESTORE=y CONFIG_SCHED_AUTOGROUP=y CONFIG_BLK_DEV_INITRD=y +# CONFIG_RD_BZIP2 is not set +# CONFIG_RD_LZMA is not set +# CONFIG_RD_XZ is not set +# CONFIG_RD_LZO is not set +# CONFIG_RD_LZ4 is not set CONFIG_EXPERT=y CONFIG_KALLSYMS_ALL=y CONFIG_BPF_SYSCALL=y @@ -38,7 +44,6 @@ CONFIG_USERFAULTFD=y # CONFIG_COMPAT_BRK is not set CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_FREELIST_HARDENED=y -CONFIG_PROFILING=y CONFIG_SMP=y CONFIG_X86_X2APIC=y # CONFIG_X86_EXTENDED_PLATFORM is not set @@ -117,7 +122,6 @@ CONFIG_EFI_BOOTLOADER_CONTROL=m CONFIG_EFI_CAPSULE_LOADER=m CONFIG_APPLE_PROPERTIES=y # CONFIG_VIRTUALIZATION is not set -CONFIG_OPROFILE=m CONFIG_KPROBES=y CONFIG_JUMP_LABEL=y CONFIG_COMPAT_32BIT_TIME=y @@ -1540,6 +1544,7 @@ CONFIG_CRC64=m CONFIG_CRC7=m CONFIG_LIBCRC32C=y CONFIG_CRC8=m +CONFIG_XZ_DEC=y # CONFIG_XZ_DEC_POWERPC is not set # CONFIG_XZ_DEC_IA64 is not set # CONFIG_XZ_DEC_ARM is not set diff --git a/config/buildroot/configs/airgap_x86_64_defconfig b/config/buildroot/configs/airgap_x86_64_defconfig index 6c17fca..c90bc0c 100644 --- a/config/buildroot/configs/airgap_x86_64_defconfig +++ b/config/buildroot/configs/airgap_x86_64_defconfig @@ -3353,8 +3353,8 @@ BR2_PACKAGE_XVISOR_ARCH_SUPPORTS=y # BR2_TARGET_ROOTFS_BTRFS is not set # BR2_TARGET_ROOTFS_CLOOP is not set BR2_TARGET_ROOTFS_CPIO=y -BR2_TARGET_ROOTFS_CPIO_NONE=y -# BR2_TARGET_ROOTFS_CPIO_GZIP is not set +# BR2_TARGET_ROOTFS_CPIO_NONE is not set +BR2_TARGET_ROOTFS_CPIO_GZIP=y # BR2_TARGET_ROOTFS_CPIO_BZIP2 is not set # BR2_TARGET_ROOTFS_CPIO_LZ4 is not set # BR2_TARGET_ROOTFS_CPIO_LZMA is not set diff --git a/config/config.env b/config/config.env index 6f6fa40..ae1c7db 100644 --- a/config/config.env +++ b/config/config.env @@ -1,2 +1,2 @@ BUILDROOT_REF=2766f346195dec29b53bc09f6038193998ea3693 -HEADS_REF=e30e3bf3e540b541aa68155233ad1106c8b8631e +HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f diff --git a/config/heads/boards/librem13v4/librem13v4.config b/config/heads/boards/librem13v4/librem13v4.config deleted file mode 100644 index 2d28efc..0000000 --- a/config/heads/boards/librem13v4/librem13v4.config +++ /dev/null @@ -1,39 +0,0 @@ -# Configuration for a librem13v4 -CONFIG_LINUX_CONFIG=config/linux-librem13v2.config -CONFIG_COREBOOT_CONFIG=config/coreboot-librem13v4.config - -export CONFIG_COREBOOT=y -CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y -CONFIG_FLASHTOOLS=y -CONFIG_GPG2=y -CONFIG_KEXEC=y -CONFIG_UTIL_LINUX=y -CONFIG_LVM2=y -CONFIG_MBEDTLS=y -CONFIG_PCIUTILS=y -CONFIG_POPT=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y - -#CONFIG_SLANG=y -#CONFIG_NEWT=y -CONFIG_CAIRO=y -CONFIG_FBWHIPTAIL=y -CONFIG_LIBREMKEY=y - -CONFIG_LINUX_USB=y - -export CONFIG_TPM=y -export CONFIG_BOOTSCRIPT=/bin/gui-init -export CONFIG_BOOT_REQ_HASH=n -export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" -export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_USB=y -export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_BOOT_GUI_MENU_NAME="Librem 13 v4 | AirgapOS Firmware Menu" -export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" -export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" -export CONFIG_FLASHROM_OPTIONS="-p internal" -export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/config/heads/boards/librem15v4/librem15v4.config b/config/heads/boards/librem15v4/librem15v4.config deleted file mode 100644 index c57dd7d..0000000 --- a/config/heads/boards/librem15v4/librem15v4.config +++ /dev/null @@ -1,40 +0,0 @@ -# Configuration for a librem15v4 - -# The L15v4 Linux config is the same as the L13v2 linux config -CONFIG_LINUX_CONFIG=config/linux-librem13v2.config -CONFIG_COREBOOT_CONFIG=config/coreboot-librem15v4.config - -export CONFIG_COREBOOT=y -CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y -CONFIG_FLASHTOOLS=y -CONFIG_GPG2=y -CONFIG_KEXEC=y -CONFIG_UTIL_LINUX=y -CONFIG_LVM2=y -CONFIG_MBEDTLS=y -CONFIG_PCIUTILS=y -CONFIG_POPT=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y - -#CONFIG_SLANG=y -#CONFIG_NEWT=y -CONFIG_CAIRO=y -CONFIG_FBWHIPTAIL=y -CONFIG_LIBREMKEY=y - -CONFIG_LINUX_USB=y - -export CONFIG_TPM=y -export CONFIG_BOOTSCRIPT=/bin/gui-init -export CONFIG_BOOT_REQ_HASH=n -export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" -export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_BOOT_GUI_MENU_NAME="Librem 15 v4 | AirgapOS Firmware Menu" -export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" -export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" -export CONFIG_FLASHROM_OPTIONS="-p internal" -export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/config/heads/patches/usb-boot.patch b/config/heads/patches/usb-boot.patch index 968665b..35cb21b 100644 --- a/config/heads/patches/usb-boot.patch +++ b/config/heads/patches/usb-boot.patch @@ -1,21 +1,79 @@ diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init -index 38953ca..1740da6 100755 +index 1369ed1..f576a8e 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init -@@ -13,6 +13,11 @@ mount_boot() - +@@ -13,21 +13,26 @@ first_pass=true + + mount_boot() + { +- ++ # Mount local disk if it is not already mounted while ! grep -q /boot /proc/mounts ; do -+ -+ if [ "$CONFIG_BOOT_USB" = "y" ]; then -+ enable_usb -+ fi + # try to mount if CONFIG_BOOT_DEV exists if [ -e "$CONFIG_BOOT_DEV" ]; then - mount -o ro $CONFIG_BOOT_DEV /boot +- mount -o ro $CONFIG_BOOT_DEV /boot ++ mount -o ro $CONFIG_BOOT_DEV /boot + [[ $? -eq 0 ]] && continue + fi + +- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options ++ # try to mount usb to /media and /boot if it exists ++ mount-usb \ ++ && mount -o bind,ro /media /boot \ ++ && continue ++ ++ # no boot device available, so give user options + whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \ +- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV. ++ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB. + How would you like to proceed?" 30 90 4 \ + 'b' ' Select a new boot device' \ +- 'u' ' Boot from USB' \ + 'm' ' Continue to the main menu' \ + 'x' ' Exit to recovery shell' \ + 2>/tmp/whiptail || recovery "GUI menu failed" +@@ -41,9 +46,6 @@ mount_boot() + . /tmp/config + fi + ;; +- u ) +- exec /bin/usb-init +- ;; + m ) + break + ;; +@@ -55,6 +57,11 @@ mount_boot() + } + verify_global_hashes() + { ++ ++ # If default boot device is not mounted, then there are no hashes to verify ++ # User is likely usb booting. ++ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0 ++ + # Check the hashes of all the files, ignoring signatures for now + check_config /boot force + TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt" +@@ -458,6 +465,7 @@ while true; do + if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then + # Try to boot the default + mount_boot ++ + verify_global_hashes + if [ $? -ne 0 ]; then + continue +@@ -467,6 +475,7 @@ while true; do + kexec-select-boot -b /boot -c "grub.cfg" -g \ + || recovery "Failed default boot" + else ++ usb-init + if (whiptail --title 'No Default Boot Option Configured' \ + --yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then + kexec-select-boot -m -b /boot -c "grub.cfg" -g diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb -index 501171a..2196bbd 100755 +index a79dd66..8a8734c 100755 --- a/initrd/bin/mount-usb +++ b/initrd/bin/mount-usb @@ -4,19 +4,6 @@ @@ -39,7 +97,7 @@ index 501171a..2196bbd 100755 mkdir /media fi diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan -index d9f26b0..330d672 100755 +index d9f26b0..b64f150 100755 --- a/initrd/bin/usb-scan +++ b/initrd/bin/usb-scan @@ -5,12 +5,6 @@ set -e -o pipefail @@ -55,8 +113,30 @@ index d9f26b0..330d672 100755 # Mount the USB boot device mount_usb || die "Unable to mount /media" +@@ -29,12 +23,16 @@ get_menu_option() { + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < /tmp/iso_menu.txt + +- whiptail --clear --title "Select your ISO boot option" \ +- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \ +- -- $MENU_OPTIONS \ +- 2>/tmp/whiptail || die "Aborting boot attempt" ++ if [ "$n" -eq "1" ]; then ++ option_index=1 ++ else ++ whiptail --clear --title "Select your ISO boot option" \ ++ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \ ++ -- $MENU_OPTIONS \ ++ 2>/tmp/whiptail || die "Aborting boot attempt" + +- option_index=$(cat /tmp/whiptail) ++ option_index=$(cat /tmp/whiptail) ++ fi + else + echo "+++ Select your ISO boot option:" + n=0 diff --git a/initrd/etc/functions b/initrd/etc/functions -index dc0fbed..00afcdb 100755 +index dc0fbed..a083e17 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -122,6 +122,18 @@ enable_usb() @@ -69,7 +149,7 @@ index dc0fbed..00afcdb 100755 + echo "Scanning for USB storage devices..." + insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \ + || die "usb_storage: module load failed" -+ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do ++ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do + [[ $timeout -ge 4 ]] && break + sleep 1 + timeout=$(($timeout+1)) diff --git a/scripts/fetch b/scripts/fetch index 9f58e2b..3afde9a 100755 --- a/scripts/fetch +++ b/scripts/fetch @@ -58,7 +58,8 @@ mkdir -p "$build_dir" patch -p1 --no-backup-if-mismatch < "${patch}"; done; fi - rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/" + [ -d "${heads_external}/boards" ] && \ + rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/" [[ "$devices" =~ "librem" ]] \ && (cd "$heads_dir/blobs/librem_kbl" && ./get_blobs.sh) )