From 995a6931f1471565b293bf1799c7ff91fd310ee3 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Sun, 18 Jun 2023 17:08:45 -0400
Subject: [PATCH] config-gui.sh: permit io386 platform locking to be
 dynamically disabled at runtime ash_functions: make sure /tmp/config is
 sourced before going to recovery shell TODO: revisit
 https://source.puri.sm/firmware/pureboot/-/blob/Release-27/initrd/bin/config-gui.sh#L33
 to have proper config store later on

---
 initrd/bin/config-gui.sh | 25 +++++++++++++++++++++----
 initrd/etc/ash_functions |  1 +
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh
index 071248ba1..4f6ea91c7 100755
--- a/initrd/bin/config-gui.sh
+++ b/initrd/bin/config-gui.sh
@@ -10,6 +10,20 @@ TRACE "Under /bin/config-gui.sh"
 param=$1
 
 while true; do
+  dynamic_config_options=(
+    'b' ' Change the /boot device'
+    's' ' Save the current configuration to the running BIOS' \
+    'r' ' Clear GPG key(s) and reset all user settings' \
+  )
+  if [ "$CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE" = "y" ];then
+    dynamic_config_options+=(
+      't' ' Deactivate Platform Locking to permit OS write access to firmware'
+    )
+  fi
+  dynamic_config_options+=(
+  'x' ' Return to Main Menu'
+  )
+  
   if [ ! -z "$param" ]; then
     # use first char from parameter
     menu_choice=${param::1}
@@ -18,16 +32,19 @@ while true; do
     unset menu_choice
     whiptail $BG_COLOR_MAIN_MENU --title "Config Management Menu" \
     --menu "This menu lets you change settings for the current BIOS session.\n\nAll changes will revert after a reboot,\n\nunless you also save them to the running BIOS." 0 80 10 \
-    'b' ' Change the /boot device' \
-    's' ' Save the current configuration to the running BIOS' \
-    'r' ' Clear GPG key(s) and reset all user settings' \
-    'x' ' Return to Main Menu' \
+    "${dynamic_config_options[@]}" \
     2>/tmp/whiptail || recovery "GUI menu failed"
 
     menu_choice=$(cat /tmp/whiptail)
   fi
 
   case "$menu_choice" in
+    "t" )
+      unset CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE
+      replace_config /etc/config.user "CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE" "n"
+      combine_configs
+      . /tmp/config
+    ;;
     "x" )
       exit 0
     ;;
diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions
index ffe88ec3a..a26823fdc 100644
--- a/initrd/etc/ash_functions
+++ b/initrd/etc/ash_functions
@@ -57,6 +57,7 @@ recovery() {
 
 	# ensure /tmp/config exists for recovery scripts that depend on it
 	touch /tmp/config
+	. /tmp/config
 
 	if [ "$CONFIG_TPM" = "y" ]; then
 		tpmr extend -ix 4 -ic recovery