qubes 4.0rc4 and init refactoring #327
Conversation
if "CONFIG_TPM=y" is not present in the config file, functionalities needing TPM could be disabled, while leaving other functionalities intact. This will make Heads a more general-usage bootloader payload atop coreboot.
Guarded linuxboot specific init entries Removed Makefile entries into separate file (conflicts with srcing /etc/config) Added CONFIG_BOOT_LOCAL/_REMOTE to control interface setup Fixed CONFIG_TPM usage
flammit
changed the title
|
Split out the KGPE-D16 support to another branch |
|
The qubes part of this PR is no longer relevant after fixing #227, right? I'm hesitant on the split of
|
|
Yup the qubes isn't needed now and the export way to get |
|
Just the |
| mount /sys/firmware/efi/efivars | ||
|
|
||
| # Setup the pty psudeo filesystem | ||
| mkdir /dev/pts |
There was a problem hiding this comment.
What's wrong with always mounting /dev/pts?
There was a problem hiding this comment.
Mmm... CONFIG_UNIX98_PTYS=y isn't always built in the kernel so mounting devpts can fail but I guess that's not awful (added CONFIG_LINUX_PTY in board config in PR #331).
| tpm extend -ix 4 -ic recovery | ||
| exec /bin/ash | ||
| # Now it is safe to print a banner | ||
| if [ ! -z "$CONFIG_LINUXBOOT" ]; then |
There was a problem hiding this comment.
In my recent export CONFIG_* commit I didn't export the linuxboot config. Do you think it is important to be able to distinguish them?
Also, [ ! -z "$CONFIG_LINUXBOOT" ] will go down this path if CONFIG_LINUXBOOT=n. It is better to test against y.
| # just in case... | ||
| tpm extend -ix 4 -ic recovery | ||
| exec /bin/ash | ||
| # Setup remote attestation interface |
There was a problem hiding this comment.
The network setup should move to a separate setup file, rather than living here in /init.
There was a problem hiding this comment.
Fine by me - I just wanted minimal equal functionality changes to what you had done for linuxboot.
No description provided.