forked from public/airgap
1
0
Fork 0

compressed image, cleanup for upstreaming, automatic iso boot

This commit is contained in:
Lance Vick 2020-11-09 16:19:36 -08:00
parent 75b594f47d
commit 9b62315c36
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
8 changed files with 106 additions and 99 deletions

View File

@ -63,7 +63,7 @@ build-fw:
mkdir -p $(RELEASE_DIR)
for device in $(DEVICES); do \
cp \
build/heads/build/$${device}/PureBoot*.rom \
build/heads/build/$${device}/pureboot*.rom \
$(RELEASE_DIR)/$${device}.rom ; \
done

View File

@ -1,5 +1,6 @@
CONFIG_LOCALVERSION="AirgapOS"
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_BUILD_SALT="4.19.0-5-amd64"
CONFIG_BUILD_SALT="5.7.19-amd64"
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
CONFIG_USELIB=y
@ -31,6 +32,11 @@ CONFIG_USER_NS=y
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_SCHED_AUTOGROUP=y
CONFIG_BLK_DEV_INITRD=y
# CONFIG_RD_BZIP2 is not set
# CONFIG_RD_LZMA is not set
# CONFIG_RD_XZ is not set
# CONFIG_RD_LZO is not set
# CONFIG_RD_LZ4 is not set
CONFIG_EXPERT=y
CONFIG_KALLSYMS_ALL=y
CONFIG_BPF_SYSCALL=y
@ -38,7 +44,6 @@ CONFIG_USERFAULTFD=y
# CONFIG_COMPAT_BRK is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_PROFILING=y
CONFIG_SMP=y
CONFIG_X86_X2APIC=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
@ -117,7 +122,6 @@ CONFIG_EFI_BOOTLOADER_CONTROL=m
CONFIG_EFI_CAPSULE_LOADER=m
CONFIG_APPLE_PROPERTIES=y
# CONFIG_VIRTUALIZATION is not set
CONFIG_OPROFILE=m
CONFIG_KPROBES=y
CONFIG_JUMP_LABEL=y
CONFIG_COMPAT_32BIT_TIME=y
@ -1540,6 +1544,7 @@ CONFIG_CRC64=m
CONFIG_CRC7=m
CONFIG_LIBCRC32C=y
CONFIG_CRC8=m
CONFIG_XZ_DEC=y
# CONFIG_XZ_DEC_POWERPC is not set
# CONFIG_XZ_DEC_IA64 is not set
# CONFIG_XZ_DEC_ARM is not set

View File

@ -3353,8 +3353,8 @@ BR2_PACKAGE_XVISOR_ARCH_SUPPORTS=y
# BR2_TARGET_ROOTFS_BTRFS is not set
# BR2_TARGET_ROOTFS_CLOOP is not set
BR2_TARGET_ROOTFS_CPIO=y
BR2_TARGET_ROOTFS_CPIO_NONE=y
# BR2_TARGET_ROOTFS_CPIO_GZIP is not set
# BR2_TARGET_ROOTFS_CPIO_NONE is not set
BR2_TARGET_ROOTFS_CPIO_GZIP=y
# BR2_TARGET_ROOTFS_CPIO_BZIP2 is not set
# BR2_TARGET_ROOTFS_CPIO_LZ4 is not set
# BR2_TARGET_ROOTFS_CPIO_LZMA is not set

View File

@ -1,2 +1,2 @@
BUILDROOT_REF=2766f346195dec29b53bc09f6038193998ea3693
HEADS_REF=e30e3bf3e540b541aa68155233ad1106c8b8631e
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f

View File

@ -1,39 +0,0 @@
# Configuration for a librem13v4
CONFIG_LINUX_CONFIG=config/linux-librem13v2.config
CONFIG_COREBOOT_CONFIG=config/coreboot-librem13v4.config
export CONFIG_COREBOOT=y
CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
#CONFIG_SLANG=y
#CONFIG_NEWT=y
CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y
CONFIG_LIBREMKEY=y
CONFIG_LINUX_USB=y
export CONFIG_TPM=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
export CONFIG_BOOT_KERNEL_REMOVE=""
export CONFIG_BOOT_USB=y
export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_BOOT_GUI_MENU_NAME="Librem 13 v4 | AirgapOS Firmware Menu"
export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
export CONFIG_FLASHROM_OPTIONS="-p internal"
export CONFIG_AUTO_BOOT_TIMEOUT=5

View File

@ -1,40 +0,0 @@
# Configuration for a librem15v4
# The L15v4 Linux config is the same as the L13v2 linux config
CONFIG_LINUX_CONFIG=config/linux-librem13v2.config
CONFIG_COREBOOT_CONFIG=config/coreboot-librem15v4.config
export CONFIG_COREBOOT=y
CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
#CONFIG_SLANG=y
#CONFIG_NEWT=y
CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y
CONFIG_LIBREMKEY=y
CONFIG_LINUX_USB=y
export CONFIG_TPM=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
export CONFIG_BOOT_KERNEL_REMOVE=""
export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_BOOT_GUI_MENU_NAME="Librem 15 v4 | AirgapOS Firmware Menu"
export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
export CONFIG_FLASHROM_OPTIONS="-p internal"
export CONFIG_AUTO_BOOT_TIMEOUT=5

View File

@ -1,21 +1,79 @@
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 38953ca..1740da6 100755
index 1369ed1..f576a8e 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -13,6 +13,11 @@ mount_boot()
@@ -13,21 +13,26 @@ first_pass=true
mount_boot()
{
-
+
# Mount local disk if it is not already mounted
while ! grep -q /boot /proc/mounts ; do
+
+ if [ "$CONFIG_BOOT_USB" = "y" ]; then
+ enable_usb
+ fi
+
# try to mount if CONFIG_BOOT_DEV exists
if [ -e "$CONFIG_BOOT_DEV" ]; then
mount -o ro $CONFIG_BOOT_DEV /boot
- mount -o ro $CONFIG_BOOT_DEV /boot
+ mount -o ro $CONFIG_BOOT_DEV /boot
[[ $? -eq 0 ]] && continue
fi
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
+ # try to mount usb to /media and /boot if it exists
+ mount-usb \
+ && mount -o bind,ro /media /boot \
+ && continue
+
+ # no boot device available, so give user options
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
How would you like to proceed?" 30 90 4 \
'b' ' Select a new boot device' \
- 'u' ' Boot from USB' \
'm' ' Continue to the main menu' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
@@ -41,9 +46,6 @@ mount_boot()
. /tmp/config
fi
;;
- u )
- exec /bin/usb-init
- ;;
m )
break
;;
@@ -55,6 +57,11 @@ mount_boot()
}
verify_global_hashes()
{
+
+ # If default boot device is not mounted, then there are no hashes to verify
+ # User is likely usb booting.
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
+
# Check the hashes of all the files, ignoring signatures for now
check_config /boot force
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
@@ -458,6 +465,7 @@ while true; do
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
# Try to boot the default
mount_boot
+
verify_global_hashes
if [ $? -ne 0 ]; then
continue
@@ -467,6 +475,7 @@ while true; do
kexec-select-boot -b /boot -c "grub.cfg" -g \
|| recovery "Failed default boot"
else
+ usb-init
if (whiptail --title 'No Default Boot Option Configured' \
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
kexec-select-boot -m -b /boot -c "grub.cfg" -g
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
index 501171a..2196bbd 100755
index a79dd66..8a8734c 100755
--- a/initrd/bin/mount-usb
+++ b/initrd/bin/mount-usb
@@ -4,19 +4,6 @@
@ -39,7 +97,7 @@ index 501171a..2196bbd 100755
mkdir /media
fi
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
index d9f26b0..330d672 100755
index d9f26b0..b64f150 100755
--- a/initrd/bin/usb-scan
+++ b/initrd/bin/usb-scan
@@ -5,12 +5,6 @@ set -e -o pipefail
@ -55,8 +113,30 @@ index d9f26b0..330d672 100755
# Mount the USB boot device
mount_usb || die "Unable to mount /media"
@@ -29,12 +23,16 @@ get_menu_option() {
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
done < /tmp/iso_menu.txt
- whiptail --clear --title "Select your ISO boot option" \
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
- -- $MENU_OPTIONS \
- 2>/tmp/whiptail || die "Aborting boot attempt"
+ if [ "$n" -eq "1" ]; then
+ option_index=1
+ else
+ whiptail --clear --title "Select your ISO boot option" \
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
+ -- $MENU_OPTIONS \
+ 2>/tmp/whiptail || die "Aborting boot attempt"
- option_index=$(cat /tmp/whiptail)
+ option_index=$(cat /tmp/whiptail)
+ fi
else
echo "+++ Select your ISO boot option:"
n=0
diff --git a/initrd/etc/functions b/initrd/etc/functions
index dc0fbed..00afcdb 100755
index dc0fbed..a083e17 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -122,6 +122,18 @@ enable_usb()

View File

@ -58,7 +58,8 @@ mkdir -p "$build_dir"
patch -p1 --no-backup-if-mismatch < "${patch}";
done;
fi
rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/"
[ -d "${heads_external}/boards" ] && \
rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/"
[[ "$devices" =~ "librem" ]] \
&& (cd "$heads_dir/blobs/librem_kbl" && ./get_blobs.sh)
)