lib: Add AUTH_MSG_DECRYPT Extend the auth_message struct to support the AUTH_MSG_DECRYPT operation, allowing the existing authentications methods to be used for passing a disk password from the UI to pb-discover. In addition add DEVICE_TYPE_LUKS to identify encrypted disk devices. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/process: Add option to pipe to process stdin If pipe_stdin exists, create a second pipe to write to the child process's STDIN. This allows Petitboot to pipe information to a process, for example piping a LUKS password to cryptsetup. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/url: Include port in pb_url_to_string() And include a pxe-parser test which uses a port in the path prefix to exercise this. This could cause PXE discovery failures if parameters such as pathprefix included a port in the URL. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Add option to clear IPMI boot mailbox If there is an IPMI boot mailbox configuration present display a message in the System Configuration screen and provide the option to clear the mailbox. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/platform-powerpc: read bootdev config from IPMI boot mailbox The IPMI Get System Boot Options commands includes parameter 7, the "boot initiator mailbox". This can be used to hold arbitrary data to influence the boot order. Use this to provide an alternate bootdev configuration to Petitboot that will override the one saved to NVRAM. This provides more fine grained override options than the existing device-type based overrides. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Keep track of the default boot option Keep track of the default boot option, and prefix its display name with a '(*)' to point it out to the user. This avoids having to authenticate with pb-discover even if only booting the default option. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/platform-powerpc: Read and write password hash from NVRAM If petitboot,password exists set it as the root password. This will be the password used to authenticate clients. This is the *hash* of a password as it would appear in /etc/shadow, not the password itself. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/pb-protocol: Add PB_PROTOCOL_ACTION_AUTHENTICATE Add a new "authenticate" action. Depending on the 'op' field this is either a) an authentication request, b) a response indicating the result, or c) a request to change the password. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/crypt: Add helpers for operating on /etc/shadow Provides helper functions for reading, writing, and checking against /etc/shadow. The main use case if for authenticating clients against the "system" password, which is set as the root password. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Nicely format IPMI response buffers A few places where we print out the response buffer from an IPMI command weren't updated when log timestamps were added, resulting in very hard to read output. Add a little helper to format buffers and use it to print these with only one timestamp. Example: [04:59:01] ipmi_get_bmc_versions: BMC version resp [0][16]: 0x00 0x20 0x01 0x02 0x13 0x02 0xbf 0x00 0x00 0x00 0xbb 0xaa 0x58 0x98 0x01 0x00 Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Reset console options on boot The ncurses UI sets a few console options at startup that are needed for ncurses to work properly. These aren't reset however and can lead to quirks like the cursor being invisible after kexecing to the next kernel. The UI process doesn't have time to reset these when it is killed by kexec, so instead add a 'boot_active' field to status updates. This is set by boot.c's update handler so the UI can assume it is about to boot if it receives a status update with this field, and resets the console options. If the boot is cancelled for any reason the status update will reflect that and the console options are restored. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/flash: Check if the partition is signed In more recent firmware images built by op-build the VERSION partition is signed, and includes a 'secure header'. Check for this and skip it if found so we parse the version strings properly. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/efi: Move magic to implementation efi_check_mount now does a magic number check by default, so move the magic number related code from efivar.h to efivar.c. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/efi: Add new struct efi_mount To make it easier to manage EFI variables add a new struct efi_mount that holds the path to the EFI file system mount and the EFI variable name GUID. Update the lib/efi routines to use struct efi_mount. Add a new routine efi_check_mount based on the checks done in platform-arm64. This change to using struct efi_mount removes the static variable efivarfs_path making the lib/efi routines stateless. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/efi: Add check for ioctl_iflags support The efi tests may use a filesystem which does not support ioctl_iflags. Add a check and skip the ioctl_iflags operations if not supported. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/talloc: Fix TALLOC_ABORT The current TALLOC_ABORT macro had a number of problems. Failures were not going to the pb log, but only to stderr. If the object passed in was not a talloc object the printing of an object name would be printing random data. The use of a macro obscured the code. To clean this up, remove all reference to TALLOC_ABORT and put the logging and abort calls directly into talloc_chunk_from_ptr. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>