ui/ncurses: Add prompt for LUKS device password Implement device_add() in cui_client_ops and use this interface to recognise when the server notifies the client of an encrypted device. A "device header" will be created for this device and added to the menu with no associated boot options. The nc-auth prompt is extended to ask for a disk password when the device header for an encrypted device is selected. Assuming the password is correct pb-discover will remove the original device and notify the client about the newly opened device, which will be reflected in the menu. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Keep track of the default boot option Keep track of the default boot option, and prefix its display name with a '(*)' to point it out to the user. This avoids having to authenticate with pb-discover even if only booting the default option. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Add nc-auth and authenticate when required. When the user tries to perform actions that require authentication a new subscreen 'nc-auth' is launched which accepts a password and will send an authentication request before performing the action. This also adds a button in nc-config which launches an nc-auth screen allowing the user to set or change the system password. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Simplify starting shell Instead of calling sh twice to echo the 'exiting' message just call sh by itself and leave any welcome message to the shell's interactive config. Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear() will blank out the screen anyway. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Reset console options on boot The ncurses UI sets a few console options at startup that are needed for ncurses to work properly. These aren't reset however and can lead to quirks like the cursor being invisible after kexecing to the next kernel. The UI process doesn't have time to reset these when it is killed by kexec, so instead add a 'boot_active' field to status updates. This is set by boot.c's update handler so the UI can assume it is about to boot if it receives a status update with this field, and resets the console options. If the boot is cancelled for any reason the status update will reflect that and the console options are restored. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: in lockdown ensure system reboot in ncurses menu exit In a lockdown situation in the ncurses menu there is a switch to replace the 'Exit to shell' option with 'Reboot', so the intent seems to be to not allow the user the option to exit to shell in a lockdown situation. However the associated foreced reboot logic is in the process atexit so is only triggered when completely exiting the menu system. The default menu item logic to exit to shell is still in place though so the menu exit never occurs and shell access is still available. Add a switch to a different menu exit callback to force a menu abort using the same mechanism as a signal in lockdown situations so the shell can never be entered. This also affects the 'x' or esc shortcut keys. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/log: Switch to pb_log_fn The only functional change should be an additional '/n' to a few log messagees that seemed to be missing it. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Implement F10-F12 for autoboot device control Add a few mappings to specify temporary autoboot settings: F10: Only autoboot from disk F11: Only autoboot from USB devices F12: Only autoboot from network These use the new code to prevent cancelling autoboot. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/security: hard_lockdown flag to stop runtime disable of signed boot Currently if signed-boot is enabled in configure the presence of the LOCKDOWN_FILE is used as a runtime determination to perform the actual verification. In some environments this may be acceptable or even the intended operation but in other environments could be a security hole since the removal of the file will then cause boot task verification. Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN preprocessor definition to force the system to always do a signed boot verification for each boot task, which in the case of a missing file the boot will fail. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ncurses: Fix bad strncmp ui/ncurses/nc-cui.c:967:58: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison] if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 && ~~~~~~~~~~~~~~~~~~~~~^~ ui/ncurses/nc-cui.c:967:6: note: did you mean to compare the result of 'strncmp' instead? if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 && ^ There appears to be two bonus conditions inside the length field. I chose to drop the pointless strncmp(foo, bar, strlen(bar)), as this is equivalent to strcmp(foo, bar). Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Cyril Bur <cyrilbur@gmail.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> [Fixed up commit message typo]
ui/ncurses: Fix boot editor segfault on update The boot option editor screen segfaults on a system info update since it loses track of which fields actually exist. The boot editor screen's setup and drawing logic is a bit different from other screens, so to fix this bug and preserve the maintainer's sanity, bring the screen setup and redraw into line with other screens. This includes a full teardown of the widgets on update, so save the content of any textboxes on update so the user's changes are not lost. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>