forked from public/airgap
compressed image, cleanup for upstreaming, automatic iso boot
This commit is contained in:
parent
75b594f47d
commit
9b62315c36
2
Makefile
2
Makefile
|
@ -63,7 +63,7 @@ build-fw:
|
||||||
mkdir -p $(RELEASE_DIR)
|
mkdir -p $(RELEASE_DIR)
|
||||||
for device in $(DEVICES); do \
|
for device in $(DEVICES); do \
|
||||||
cp \
|
cp \
|
||||||
build/heads/build/$${device}/PureBoot*.rom \
|
build/heads/build/$${device}/pureboot*.rom \
|
||||||
$(RELEASE_DIR)/$${device}.rom ; \
|
$(RELEASE_DIR)/$${device}.rom ; \
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
|
CONFIG_LOCALVERSION="AirgapOS"
|
||||||
# CONFIG_LOCALVERSION_AUTO is not set
|
# CONFIG_LOCALVERSION_AUTO is not set
|
||||||
CONFIG_BUILD_SALT="4.19.0-5-amd64"
|
CONFIG_BUILD_SALT="5.7.19-amd64"
|
||||||
CONFIG_SYSVIPC=y
|
CONFIG_SYSVIPC=y
|
||||||
CONFIG_POSIX_MQUEUE=y
|
CONFIG_POSIX_MQUEUE=y
|
||||||
CONFIG_USELIB=y
|
CONFIG_USELIB=y
|
||||||
|
@ -31,6 +32,11 @@ CONFIG_USER_NS=y
|
||||||
CONFIG_CHECKPOINT_RESTORE=y
|
CONFIG_CHECKPOINT_RESTORE=y
|
||||||
CONFIG_SCHED_AUTOGROUP=y
|
CONFIG_SCHED_AUTOGROUP=y
|
||||||
CONFIG_BLK_DEV_INITRD=y
|
CONFIG_BLK_DEV_INITRD=y
|
||||||
|
# CONFIG_RD_BZIP2 is not set
|
||||||
|
# CONFIG_RD_LZMA is not set
|
||||||
|
# CONFIG_RD_XZ is not set
|
||||||
|
# CONFIG_RD_LZO is not set
|
||||||
|
# CONFIG_RD_LZ4 is not set
|
||||||
CONFIG_EXPERT=y
|
CONFIG_EXPERT=y
|
||||||
CONFIG_KALLSYMS_ALL=y
|
CONFIG_KALLSYMS_ALL=y
|
||||||
CONFIG_BPF_SYSCALL=y
|
CONFIG_BPF_SYSCALL=y
|
||||||
|
@ -38,7 +44,6 @@ CONFIG_USERFAULTFD=y
|
||||||
# CONFIG_COMPAT_BRK is not set
|
# CONFIG_COMPAT_BRK is not set
|
||||||
CONFIG_SLAB_FREELIST_RANDOM=y
|
CONFIG_SLAB_FREELIST_RANDOM=y
|
||||||
CONFIG_SLAB_FREELIST_HARDENED=y
|
CONFIG_SLAB_FREELIST_HARDENED=y
|
||||||
CONFIG_PROFILING=y
|
|
||||||
CONFIG_SMP=y
|
CONFIG_SMP=y
|
||||||
CONFIG_X86_X2APIC=y
|
CONFIG_X86_X2APIC=y
|
||||||
# CONFIG_X86_EXTENDED_PLATFORM is not set
|
# CONFIG_X86_EXTENDED_PLATFORM is not set
|
||||||
|
@ -117,7 +122,6 @@ CONFIG_EFI_BOOTLOADER_CONTROL=m
|
||||||
CONFIG_EFI_CAPSULE_LOADER=m
|
CONFIG_EFI_CAPSULE_LOADER=m
|
||||||
CONFIG_APPLE_PROPERTIES=y
|
CONFIG_APPLE_PROPERTIES=y
|
||||||
# CONFIG_VIRTUALIZATION is not set
|
# CONFIG_VIRTUALIZATION is not set
|
||||||
CONFIG_OPROFILE=m
|
|
||||||
CONFIG_KPROBES=y
|
CONFIG_KPROBES=y
|
||||||
CONFIG_JUMP_LABEL=y
|
CONFIG_JUMP_LABEL=y
|
||||||
CONFIG_COMPAT_32BIT_TIME=y
|
CONFIG_COMPAT_32BIT_TIME=y
|
||||||
|
@ -1540,6 +1544,7 @@ CONFIG_CRC64=m
|
||||||
CONFIG_CRC7=m
|
CONFIG_CRC7=m
|
||||||
CONFIG_LIBCRC32C=y
|
CONFIG_LIBCRC32C=y
|
||||||
CONFIG_CRC8=m
|
CONFIG_CRC8=m
|
||||||
|
CONFIG_XZ_DEC=y
|
||||||
# CONFIG_XZ_DEC_POWERPC is not set
|
# CONFIG_XZ_DEC_POWERPC is not set
|
||||||
# CONFIG_XZ_DEC_IA64 is not set
|
# CONFIG_XZ_DEC_IA64 is not set
|
||||||
# CONFIG_XZ_DEC_ARM is not set
|
# CONFIG_XZ_DEC_ARM is not set
|
||||||
|
|
|
@ -3353,8 +3353,8 @@ BR2_PACKAGE_XVISOR_ARCH_SUPPORTS=y
|
||||||
# BR2_TARGET_ROOTFS_BTRFS is not set
|
# BR2_TARGET_ROOTFS_BTRFS is not set
|
||||||
# BR2_TARGET_ROOTFS_CLOOP is not set
|
# BR2_TARGET_ROOTFS_CLOOP is not set
|
||||||
BR2_TARGET_ROOTFS_CPIO=y
|
BR2_TARGET_ROOTFS_CPIO=y
|
||||||
BR2_TARGET_ROOTFS_CPIO_NONE=y
|
# BR2_TARGET_ROOTFS_CPIO_NONE is not set
|
||||||
# BR2_TARGET_ROOTFS_CPIO_GZIP is not set
|
BR2_TARGET_ROOTFS_CPIO_GZIP=y
|
||||||
# BR2_TARGET_ROOTFS_CPIO_BZIP2 is not set
|
# BR2_TARGET_ROOTFS_CPIO_BZIP2 is not set
|
||||||
# BR2_TARGET_ROOTFS_CPIO_LZ4 is not set
|
# BR2_TARGET_ROOTFS_CPIO_LZ4 is not set
|
||||||
# BR2_TARGET_ROOTFS_CPIO_LZMA is not set
|
# BR2_TARGET_ROOTFS_CPIO_LZMA is not set
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
BUILDROOT_REF=2766f346195dec29b53bc09f6038193998ea3693
|
BUILDROOT_REF=2766f346195dec29b53bc09f6038193998ea3693
|
||||||
HEADS_REF=e30e3bf3e540b541aa68155233ad1106c8b8631e
|
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
# Configuration for a librem13v4
|
|
||||||
CONFIG_LINUX_CONFIG=config/linux-librem13v2.config
|
|
||||||
CONFIG_COREBOOT_CONFIG=config/coreboot-librem13v4.config
|
|
||||||
|
|
||||||
export CONFIG_COREBOOT=y
|
|
||||||
CONFIG_CRYPTSETUP=y
|
|
||||||
CONFIG_FLASHROM=y
|
|
||||||
CONFIG_FLASHTOOLS=y
|
|
||||||
CONFIG_GPG2=y
|
|
||||||
CONFIG_KEXEC=y
|
|
||||||
CONFIG_UTIL_LINUX=y
|
|
||||||
CONFIG_LVM2=y
|
|
||||||
CONFIG_MBEDTLS=y
|
|
||||||
CONFIG_PCIUTILS=y
|
|
||||||
CONFIG_POPT=y
|
|
||||||
CONFIG_QRENCODE=y
|
|
||||||
CONFIG_TPMTOTP=y
|
|
||||||
|
|
||||||
#CONFIG_SLANG=y
|
|
||||||
#CONFIG_NEWT=y
|
|
||||||
CONFIG_CAIRO=y
|
|
||||||
CONFIG_FBWHIPTAIL=y
|
|
||||||
CONFIG_LIBREMKEY=y
|
|
||||||
|
|
||||||
CONFIG_LINUX_USB=y
|
|
||||||
|
|
||||||
export CONFIG_TPM=y
|
|
||||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
|
||||||
export CONFIG_BOOT_REQ_HASH=n
|
|
||||||
export CONFIG_BOOT_REQ_ROLLBACK=n
|
|
||||||
export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
|
|
||||||
export CONFIG_BOOT_KERNEL_REMOVE=""
|
|
||||||
export CONFIG_BOOT_USB=y
|
|
||||||
export CONFIG_BOOT_DEV="/dev/sda1"
|
|
||||||
export CONFIG_BOOT_GUI_MENU_NAME="Librem 13 v4 | AirgapOS Firmware Menu"
|
|
||||||
export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
|
|
||||||
export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
|
|
||||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
|
||||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
|
|
@ -1,40 +0,0 @@
|
||||||
# Configuration for a librem15v4
|
|
||||||
|
|
||||||
# The L15v4 Linux config is the same as the L13v2 linux config
|
|
||||||
CONFIG_LINUX_CONFIG=config/linux-librem13v2.config
|
|
||||||
CONFIG_COREBOOT_CONFIG=config/coreboot-librem15v4.config
|
|
||||||
|
|
||||||
export CONFIG_COREBOOT=y
|
|
||||||
CONFIG_CRYPTSETUP=y
|
|
||||||
CONFIG_FLASHROM=y
|
|
||||||
CONFIG_FLASHTOOLS=y
|
|
||||||
CONFIG_GPG2=y
|
|
||||||
CONFIG_KEXEC=y
|
|
||||||
CONFIG_UTIL_LINUX=y
|
|
||||||
CONFIG_LVM2=y
|
|
||||||
CONFIG_MBEDTLS=y
|
|
||||||
CONFIG_PCIUTILS=y
|
|
||||||
CONFIG_POPT=y
|
|
||||||
CONFIG_QRENCODE=y
|
|
||||||
CONFIG_TPMTOTP=y
|
|
||||||
|
|
||||||
#CONFIG_SLANG=y
|
|
||||||
#CONFIG_NEWT=y
|
|
||||||
CONFIG_CAIRO=y
|
|
||||||
CONFIG_FBWHIPTAIL=y
|
|
||||||
CONFIG_LIBREMKEY=y
|
|
||||||
|
|
||||||
CONFIG_LINUX_USB=y
|
|
||||||
|
|
||||||
export CONFIG_TPM=y
|
|
||||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
|
||||||
export CONFIG_BOOT_REQ_HASH=n
|
|
||||||
export CONFIG_BOOT_REQ_ROLLBACK=n
|
|
||||||
export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
|
|
||||||
export CONFIG_BOOT_KERNEL_REMOVE=""
|
|
||||||
export CONFIG_BOOT_DEV="/dev/sda1"
|
|
||||||
export CONFIG_BOOT_GUI_MENU_NAME="Librem 15 v4 | AirgapOS Firmware Menu"
|
|
||||||
export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
|
|
||||||
export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
|
|
||||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
|
||||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
|
|
@ -1,21 +1,79 @@
|
||||||
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
|
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
|
||||||
index 38953ca..1740da6 100755
|
index 1369ed1..f576a8e 100755
|
||||||
--- a/initrd/bin/gui-init
|
--- a/initrd/bin/gui-init
|
||||||
+++ b/initrd/bin/gui-init
|
+++ b/initrd/bin/gui-init
|
||||||
@@ -13,6 +13,11 @@ mount_boot()
|
@@ -13,21 +13,26 @@ first_pass=true
|
||||||
|
|
||||||
|
mount_boot()
|
||||||
|
{
|
||||||
|
-
|
||||||
|
+
|
||||||
# Mount local disk if it is not already mounted
|
# Mount local disk if it is not already mounted
|
||||||
while ! grep -q /boot /proc/mounts ; do
|
while ! grep -q /boot /proc/mounts ; do
|
||||||
+
|
|
||||||
+ if [ "$CONFIG_BOOT_USB" = "y" ]; then
|
|
||||||
+ enable_usb
|
|
||||||
+ fi
|
|
||||||
+
|
+
|
||||||
# try to mount if CONFIG_BOOT_DEV exists
|
# try to mount if CONFIG_BOOT_DEV exists
|
||||||
if [ -e "$CONFIG_BOOT_DEV" ]; then
|
if [ -e "$CONFIG_BOOT_DEV" ]; then
|
||||||
mount -o ro $CONFIG_BOOT_DEV /boot
|
- mount -o ro $CONFIG_BOOT_DEV /boot
|
||||||
|
+ mount -o ro $CONFIG_BOOT_DEV /boot
|
||||||
|
[[ $? -eq 0 ]] && continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
|
||||||
|
+ # try to mount usb to /media and /boot if it exists
|
||||||
|
+ mount-usb \
|
||||||
|
+ && mount -o bind,ro /media /boot \
|
||||||
|
+ && continue
|
||||||
|
+
|
||||||
|
+ # no boot device available, so give user options
|
||||||
|
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
|
||||||
|
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
|
||||||
|
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
|
||||||
|
How would you like to proceed?" 30 90 4 \
|
||||||
|
'b' ' Select a new boot device' \
|
||||||
|
- 'u' ' Boot from USB' \
|
||||||
|
'm' ' Continue to the main menu' \
|
||||||
|
'x' ' Exit to recovery shell' \
|
||||||
|
2>/tmp/whiptail || recovery "GUI menu failed"
|
||||||
|
@@ -41,9 +46,6 @@ mount_boot()
|
||||||
|
. /tmp/config
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
- u )
|
||||||
|
- exec /bin/usb-init
|
||||||
|
- ;;
|
||||||
|
m )
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
@@ -55,6 +57,11 @@ mount_boot()
|
||||||
|
}
|
||||||
|
verify_global_hashes()
|
||||||
|
{
|
||||||
|
+
|
||||||
|
+ # If default boot device is not mounted, then there are no hashes to verify
|
||||||
|
+ # User is likely usb booting.
|
||||||
|
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
|
||||||
|
+
|
||||||
|
# Check the hashes of all the files, ignoring signatures for now
|
||||||
|
check_config /boot force
|
||||||
|
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
|
||||||
|
@@ -458,6 +465,7 @@ while true; do
|
||||||
|
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
|
||||||
|
# Try to boot the default
|
||||||
|
mount_boot
|
||||||
|
+
|
||||||
|
verify_global_hashes
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
continue
|
||||||
|
@@ -467,6 +475,7 @@ while true; do
|
||||||
|
kexec-select-boot -b /boot -c "grub.cfg" -g \
|
||||||
|
|| recovery "Failed default boot"
|
||||||
|
else
|
||||||
|
+ usb-init
|
||||||
|
if (whiptail --title 'No Default Boot Option Configured' \
|
||||||
|
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
|
||||||
|
kexec-select-boot -m -b /boot -c "grub.cfg" -g
|
||||||
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
|
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
|
||||||
index 501171a..2196bbd 100755
|
index a79dd66..8a8734c 100755
|
||||||
--- a/initrd/bin/mount-usb
|
--- a/initrd/bin/mount-usb
|
||||||
+++ b/initrd/bin/mount-usb
|
+++ b/initrd/bin/mount-usb
|
||||||
@@ -4,19 +4,6 @@
|
@@ -4,19 +4,6 @@
|
||||||
|
@ -39,7 +97,7 @@ index 501171a..2196bbd 100755
|
||||||
mkdir /media
|
mkdir /media
|
||||||
fi
|
fi
|
||||||
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
|
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
|
||||||
index d9f26b0..330d672 100755
|
index d9f26b0..b64f150 100755
|
||||||
--- a/initrd/bin/usb-scan
|
--- a/initrd/bin/usb-scan
|
||||||
+++ b/initrd/bin/usb-scan
|
+++ b/initrd/bin/usb-scan
|
||||||
@@ -5,12 +5,6 @@ set -e -o pipefail
|
@@ -5,12 +5,6 @@ set -e -o pipefail
|
||||||
|
@ -55,8 +113,30 @@ index d9f26b0..330d672 100755
|
||||||
# Mount the USB boot device
|
# Mount the USB boot device
|
||||||
mount_usb || die "Unable to mount /media"
|
mount_usb || die "Unable to mount /media"
|
||||||
|
|
||||||
|
@@ -29,12 +23,16 @@ get_menu_option() {
|
||||||
|
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
|
||||||
|
done < /tmp/iso_menu.txt
|
||||||
|
|
||||||
|
- whiptail --clear --title "Select your ISO boot option" \
|
||||||
|
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
|
||||||
|
- -- $MENU_OPTIONS \
|
||||||
|
- 2>/tmp/whiptail || die "Aborting boot attempt"
|
||||||
|
+ if [ "$n" -eq "1" ]; then
|
||||||
|
+ option_index=1
|
||||||
|
+ else
|
||||||
|
+ whiptail --clear --title "Select your ISO boot option" \
|
||||||
|
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
|
||||||
|
+ -- $MENU_OPTIONS \
|
||||||
|
+ 2>/tmp/whiptail || die "Aborting boot attempt"
|
||||||
|
|
||||||
|
- option_index=$(cat /tmp/whiptail)
|
||||||
|
+ option_index=$(cat /tmp/whiptail)
|
||||||
|
+ fi
|
||||||
|
else
|
||||||
|
echo "+++ Select your ISO boot option:"
|
||||||
|
n=0
|
||||||
diff --git a/initrd/etc/functions b/initrd/etc/functions
|
diff --git a/initrd/etc/functions b/initrd/etc/functions
|
||||||
index dc0fbed..00afcdb 100755
|
index dc0fbed..a083e17 100755
|
||||||
--- a/initrd/etc/functions
|
--- a/initrd/etc/functions
|
||||||
+++ b/initrd/etc/functions
|
+++ b/initrd/etc/functions
|
||||||
@@ -122,6 +122,18 @@ enable_usb()
|
@@ -122,6 +122,18 @@ enable_usb()
|
||||||
|
|
|
@ -58,6 +58,7 @@ mkdir -p "$build_dir"
|
||||||
patch -p1 --no-backup-if-mismatch < "${patch}";
|
patch -p1 --no-backup-if-mismatch < "${patch}";
|
||||||
done;
|
done;
|
||||||
fi
|
fi
|
||||||
|
[ -d "${heads_external}/boards" ] && \
|
||||||
rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/"
|
rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/"
|
||||||
[[ "$devices" =~ "librem" ]] \
|
[[ "$devices" =~ "librem" ]] \
|
||||||
&& (cd "$heads_dir/blobs/librem_kbl" && ./get_blobs.sh)
|
&& (cd "$heads_dir/blobs/librem_kbl" && ./get_blobs.sh)
|
||||||
|
|
Loading…
Reference in New Issue