ui/ncurses: Add prompt for LUKS device password Implement device_add() in cui_client_ops and use this interface to recognise when the server notifies the client of an encrypted device. A "device header" will be created for this device and added to the menu with no associated boot options. The nc-auth prompt is extended to ask for a disk password when the device header for an encrypted device is selected. Assuming the password is correct pb-discover will remove the original device and notify the client about the newly opened device, which will be reflected in the menu. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib: Add AUTH_MSG_DECRYPT Extend the auth_message struct to support the AUTH_MSG_DECRYPT operation, allowing the existing authentications methods to be used for passing a disk password from the UI to pb-discover. In addition add DEVICE_TYPE_LUKS to identify encrypted disk devices. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Keep track of the default boot option Keep track of the default boot option, and prefix its display name with a '(*)' to point it out to the user. This avoids having to authenticate with pb-discover even if only booting the default option. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Add nc-auth and authenticate when required. When the user tries to perform actions that require authentication a new subscreen 'nc-auth' is launched which accepts a password and will send an authentication request before performing the action. This also adds a button in nc-config which launches an nc-auth screen allowing the user to set or change the system password. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Simplify starting shell Instead of calling sh twice to echo the 'exiting' message just call sh by itself and leave any welcome message to the shell's interactive config. Also drop the explicit nc_scr_unpost() in cui_run_cmd() since clear() will blank out the screen anyway. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Reset console options on boot The ncurses UI sets a few console options at startup that are needed for ncurses to work properly. These aren't reset however and can lead to quirks like the cursor being invisible after kexecing to the next kernel. The UI process doesn't have time to reset these when it is killed by kexec, so instead add a 'boot_active' field to status updates. This is set by boot.c's update handler so the UI can assume it is about to boot if it receives a status update with this field, and resets the console options. If the boot is cancelled for any reason the status update will reflect that and the console options are restored. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: in lockdown ensure system reboot in ncurses menu exit In a lockdown situation in the ncurses menu there is a switch to replace the 'Exit to shell' option with 'Reboot', so the intent seems to be to not allow the user the option to exit to shell in a lockdown situation. However the associated foreced reboot logic is in the process atexit so is only triggered when completely exiting the menu system. The default menu item logic to exit to shell is still in place though so the menu exit never occurs and shell access is still available. Add a switch to a different menu exit callback to force a menu abort using the same mechanism as a signal in lockdown situations so the shell can never be entered. This also affects the 'x' or esc shortcut keys. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/log: Switch to pb_log_fn The only functional change should be an additional '/n' to a few log messagees that seemed to be missing it. Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Implement F10-F12 for autoboot device control Add a few mappings to specify temporary autoboot settings: F10: Only autoboot from disk F11: Only autoboot from USB devices F12: Only autoboot from network These use the new code to prevent cancelling autoboot. Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/security: hard_lockdown flag to stop runtime disable of signed boot Currently if signed-boot is enabled in configure the presence of the LOCKDOWN_FILE is used as a runtime determination to perform the actual verification. In some environments this may be acceptable or even the intended operation but in other environments could be a security hole since the removal of the file will then cause boot task verification. Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN preprocessor definition to force the system to always do a signed boot verification for each boot task, which in the case of a missing file the boot will fail. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>