config-gui.sh: permit io386 platform locking to be dynamically disabl…

…ed at runtime ash_functions: make sure /tmp/config is sourced before going to recovery shell TODO: revisit https://source.puri.sm/firmware/pureboot/-/blob/Release-27/initrd/bin/config-gui.sh#L33 to have proper config store later on
linuxboot · Jun 20, 2023 · 995a693 · 995a693
1 parent 39bb6ea
commit 995a693
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh
@@ -10,6 +10,20 @@ TRACE "Under /bin/config-gui.sh"
 param=$1
 
 while true; do
+  dynamic_config_options=(
+    'b' ' Change the /boot device'
+    's' ' Save the current configuration to the running BIOS' \
+    'r' ' Clear GPG key(s) and reset all user settings' \
+  )
+  if [ "$CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE" = "y" ];then
+    dynamic_config_options+=(
+      't' ' Deactivate Platform Locking to permit OS write access to firmware'
+    )
+  fi
+  dynamic_config_options+=(
+  'x' ' Return to Main Menu'
+  )
+
   if [ ! -z "$param" ]; then
     # use first char from parameter
     menu_choice=${param::1}
@@ -18,16 +32,19 @@ while true; do
     unset menu_choice
     whiptail $BG_COLOR_MAIN_MENU --title "Config Management Menu" \
     --menu "This menu lets you change settings for the current BIOS session.\n\nAll changes will revert after a reboot,\n\nunless you also save them to the running BIOS." 0 80 10 \
-    'b' ' Change the /boot device' \
-    's' ' Save the current configuration to the running BIOS' \
-    'r' ' Clear GPG key(s) and reset all user settings' \
-    'x' ' Return to Main Menu' \
+    "${dynamic_config_options[@]}" \
     2>/tmp/whiptail || recovery "GUI menu failed"
 
     menu_choice=$(cat /tmp/whiptail)
   fi
 
   case "$menu_choice" in
+    "t" )
+      unset CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE
+      replace_config /etc/config.user "CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE" "n"
+      combine_configs
+      . /tmp/config
+    ;;
     "x" )
       exit 0
     ;;

diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions
@@ -57,6 +57,7 @@ recovery() {
 
 	# ensure /tmp/config exists for recovery scripts that depend on it
 	touch /tmp/config
+	. /tmp/config
 
 	if [ "$CONFIG_TPM" = "y" ]; then
 		tpmr extend -ix 4 -ic recovery