Merge branch 'dev'

.github/workflows/build-image.yaml

@@ -9,7 +9,7 @@ jobs:
 
     strategy: 
       matrix:
-        board: [dedede, octopus, coral, grunt, nissa, zork, corsola, jacuzzi]
+        board: [dedede, octopus, coral, grunt, nissa, zork, corsola, jacuzzi, hatch]
 
     runs-on: ubuntu-latest
     steps:

README.md

@@ -56,19 +56,21 @@ Note that rootfs partitions have to be named `shimboot_rootfs:<partname>` for th
 Driver support depends on the device you are using shimboot on. The `patch_rootfs.sh` script attempts to copy all the firmware and drivers from the shim and recovery image into the rootfs, so expect most things to work on other boards. ARM Chromebooks are not supported at the moment.
 
 ### Device Compatibility Table:
-| Board Name                                       | X11               | Wifi | Speakers | Backlight | Touchscreen | 3D Accel | Bluetooth | Webcam   |
-|------------------------------------------------  |-------------------|------|----------|-----------|-------------|----------|-----------|----------|
-| [`dedede`](https://chrome100.dev/board/dedede)   | yes               | yes  | no       | yes       | yes         | yes      | yes       | yes      |
-| [`octopus`](https://chrome100.dev/board/octopus) | yes               | yes  | yes      | yes       | yes         | yes      | yes       | yes      |
-| [`nissa`](https://chrome100.dev/board/nissa)     | yes               | yes  | no       | yes       | yes         | yes      | yes       | yes      |
-| [`reks`](https://chrome100.dev/board/reks)       | no<sup>[1]</sup> | yes  | untested | untested  | untested    | no       | untested  | untested |
-| [`kefka`](https://chrome100.dev/board/kefka)     | no<sup>[1]</sup> | yes  | yes      | yes       | untested    | no       | untested  | untested |
-| [`zork`](https://chrome100.dev/board/zork)       | yes               | yes  | no       | untested  | yes         | yes      | yes       | yes      |
-| [`grunt`](https://chrome100.dev/board/grunt)     | yes               | yes  | no       | yes       | yes         | yes      | yes       | yes      |
-| [`jacuzzi`](https://chrome100.dev/board/jacuzzi) | yes               | yes  | no       | yes       | untested    | no       | no        | yes      |
-| [`corsola`](https://chrome100.dev/board/corsola) | yes               | yes  | untested | untested  | untested    | untested | untested  | untested |
-
-<sup>1. The kernel is too old.</sup>
+| Board Name                                       | X11               | Wifi              | Speakers | Backlight | Touchscreen | 3D Accel | Bluetooth | Webcam   |
+|------------------------------------------------  |-------------------|-------------------|----------|-----------|-------------|----------|-----------|----------|
+| [`dedede`](https://chrome100.dev/board/dedede)   | yes               | yes               | no       | yes       | yes         | yes      | yes       | yes      |
+| [`octopus`](https://chrome100.dev/board/octopus) | yes               | yes               | yes      | yes       | yes         | yes      | yes       | yes      |
+| [`nissa`](https://chrome100.dev/board/nissa)     | yes               | yes               | no       | yes       | yes         | yes      | yes       | yes      |
+| [`reks`](https://chrome100.dev/board/reks)       | no<sup>[1]</sup>  | yes               | untested | untested  | untested    | no       | untested  | untested |
+| [`kefka`](https://chrome100.dev/board/kefka)     | no<sup>[1]</sup>  | yes               | yes      | yes       | untested    | no       | untested  | untested |
+| [`zork`](https://chrome100.dev/board/zork)       | yes               | yes               | no       | untested  | yes         | yes      | yes       | yes      |
+| [`grunt`](https://chrome100.dev/board/grunt)     | yes               | yes               | no       | yes       | yes         | yes      | yes       | yes      |
+| [`jacuzzi`](https://chrome100.dev/board/jacuzzi) | yes               | yes               | no       | yes       | untested    | no       | no        | yes      |
+| [`corsola`](https://chrome100.dev/board/corsola) | yes               | yes               | untested | untested  | untested    | untested | untested  | untested |
+| [`hatch`](https://chrome100.dev/board/hatch)     | yes               | yes<sup>[2]</sup> | no       | yes       | yes         | yes      | yes       | yes      |
+
+<sup>1. The kernel is too old.</sup><br>
+<sup>2. 5ghz wifi networks do not work, but 2.4ghz networks do.</sup>
 
 This table is incomplete. If you want to contribute a device compatibility report please create a new issue on the Github repository.
 
@@ -214,6 +216,9 @@ Steam should be installed using the `sudo apt install steam` command, however it
 
 To get Steam running, install and run it normally. It will fail and show a message saying that "Steam now requires user namespaces to be enabled." Run `fix_bwrap` in your terminal, relaunch Steam, and it should be working again. 
 
+#### I broke something and the system does not boot anymore.
+If the rootfs fails to boot normally, you may use the rescue mode in the bootloader to enter a shell so you can debug and fix things. You can enter this mode by typing in `rescue <selection>` in the bootloader prompt, replacing `<selection>` with the number that is displayed for your rootfs. For example, `rescue 3` will enter rescue mode for the third boot option (usually Debian).
+
 ## Copyright:
 Shimboot is licensed under the [GNU GPL v3](https://www.gnu.org/licenses/gpl-3.0.txt). Unless otherwise indicated, all code has been written by me, [ading2210](https://github.com/ading2210).
 

bootloader/bin/bootstrap.sh

@@ -12,7 +12,7 @@
 #set -x
 set +x
 
-SHIMBOOT_VERSION="v1.2.0"
+rescue_mode=""
 
 invoke_terminal() {
   local tty="$1"
@@ -95,11 +95,13 @@ move_mounts() {
 }
 
 print_license() {
+  local shimboot_version="$(cat /opt/.shimboot_version)"
   if [ -f "/opt/.shimboot_version_dev" ]; then
-    suffix="-dev"
+    local git_hash="$(cat /opt/.shimboot_version_dev)"
+    local suffix="-dev-$git_hash"
   fi
   cat << EOF 
-Shimboot ${SHIMBOOT_VERSION}${suffix}
+Shimboot ${shimboot_version}${suffix}
 
 ading2210/shimboot: Boot desktop Linux from a Chrome OS RMA shim.
 Copyright (C) 2023 ading2210
@@ -164,6 +166,14 @@ get_selection() {
     return 1
   fi
 
+  local selection_cmd="$(echo "$selection" | cut -d' ' -f1)"
+  if [ "$selection_cmd" = "rescue" ]; then
+    selection="$(echo "$selection" | cut -d' ' -f2-)"
+    rescue_mode="1"
+  else
+    rescue_mode=""
+  fi
+
   for rootfs_partition in $rootfs_partitions; do
     local part_path=$(echo $rootfs_partition | cut -d ":" -f 1)
     local part_name=$(echo $rootfs_partition | cut -d ":" -f 2)
@@ -176,7 +186,7 @@ get_selection() {
         print_donor_selector "$rootfs_partitions"
         get_donor_selection "$rootfs_partitions" "$part_path"
       else
-        boot_target $part_path
+        boot_target "$part_path"
       fi
       return 1
     fi
@@ -253,7 +263,7 @@ get_donor_selection() {
       echo "selected $part_path as the donor partition"
       yes_no_prompt "would you like to spoof verified mode? this is useful if you're planning on using chrome os while enrolled. (y/n): " use_crossystem
       yes_no_prompt "would you like to spoof an invalid hwid? this will forcibly prevent the device from being enrolled. (y/n): " invalid_hwid
-      boot_chromeos $target $part_path $use_crossystem $invalid_hwid
+      boot_chromeos "$target" "$part_path" "$use_crossystem" "$invalid_hwid"
     fi
 
     i=$((i+1))
@@ -264,6 +274,21 @@ get_donor_selection() {
   return 1
 }
 
+exec_init() {
+  if [ "$rescue_mode" = "1" ]; then
+    echo "entering a rescue shell instead of starting init"
+    echo "once you are done fixing whatever is broken, run 'exec /sbin/init' to continue booting the system normally"
+
+    if [ -f "/bin/bash" ]; then
+      exec /bin/bash < "$TTY1" >> "$TTY1" 2>&1
+    else
+      exec /bin/sh < "$TTY1" >> "$TTY1" 2>&1
+    fi
+  else
+    exec /sbin/init < "$TTY1" >> "$TTY1" 2>&1
+  fi
+}
+
 boot_target() {
   local target="$1"
 
@@ -281,15 +306,15 @@ boot_target() {
   echo "switching root"
   mkdir -p /newroot/bootloader
   pivot_root /newroot /newroot/bootloader
-  exec /sbin/init < "$TTY1" >> "$TTY1" 2>&1
+  exec_init
 }
 
 boot_chromeos() {
   local target="$1"
   local donor="$2"
   local use_crossystem="$3"
   local invalid_hwid="$4"
-
+  
   echo "mounting target"
   mkdir /newroot
   mount -o ro $target /newroot
@@ -325,10 +350,14 @@ boot_chromeos() {
   echo "patching chrome os rootfs"
   cat /newroot/etc/ui_use_flags.txt | sed "/reven_branding/d" | sed "/os_install_service/d" > /newroot/tmp/ui_use_flags.txt
   mount -o bind /newroot/tmp/ui_use_flags.txt /newroot/etc/ui_use_flags.txt
+
   cp /opt/mount-encrypted /newroot/tmp/mount-encrypted
   cp /newroot/usr/sbin/mount-encrypted /newroot/tmp/mount-encrypted.real
   mount -o bind /newroot/tmp/mount-encrypted /newroot/usr/sbin/mount-encrypted
 
+  cat /newroot/etc/init/boot-splash.conf | sed '/^script$/a \  pkill frecon-lite || true' > /newroot/tmp/boot-splash.conf
+  mount -o bind /newroot/tmp/boot-splash.conf /newroot/etc/init/boot-splash.conf
+
   if [ "$use_crossystem" = "y" ]; then
     echo "patching crossystem"
     cp /opt/crossystem /newroot/tmp/crossystem
@@ -349,8 +378,7 @@ boot_chromeos() {
 
   echo "starting init"
   /sbin/modprobe zram
-  pkill frecon-lite
-  exec /sbin/init < "$TTY1" >> "$TTY1" 2>&1
+  exec_init
 }
 
 main() {

bootloader/opt/.shimboot_version

@@ -0,0 +1 @@
+v1.2.1

build_complete.sh

@@ -37,7 +37,7 @@ distro="${args['distro']-debian}"
 arm_boards="
   corsola hana jacuzzi kukui strongbad nyan-big kevin bob
   veyron-speedy veyron-jerry veyron-minnie scarlet elm
-  kukui peach-pi peach-pit stumpy daisy-spring
+  kukui peach-pi peach-pit stumpy daisy-spring trogdor
 "
 #a list of shims that have a patch for the sh1mmer vulnerability
 bad_boards="reef sand snappy pyro"

build_rootfs.sh

@@ -104,7 +104,7 @@ else
 fi
 
 print_info "copying rootfs setup scripts"
-cp -ar rootfs/* "$rootfs_dir"
+cp -arv rootfs/* "$rootfs_dir"
 cp /etc/resolv.conf "$rootfs_dir/etc/resolv.conf"
 
 print_info "creating bind mounts for chroot"

image_utils.sh

@@ -104,6 +104,7 @@ populate_partitions() {
 
   #figure out if we are on a stable release
   local git_tag="$(git tag -l --contains HEAD)"
+  local git_hash="$(git rev-parse --short HEAD)"
 
   #mount and write empty file to stateful
   local stateful_mount=/tmp/shim_stateful
@@ -116,9 +117,9 @@ populate_partitions() {
   #mount and write to bootloader rootfs
   local bootloader_mount="/tmp/shim_bootloader"
   safe_mount "${image_loop}p3" "$bootloader_mount"
-  cp -r $bootloader_dir/* "$bootloader_mount"
+  cp -arv $bootloader_dir/* "$bootloader_mount"
   if [ ! "$git_tag" ]; then #mark it as a dev version if needed
-    touch "$bootloader_mount/opt/.shimboot_version_dev"
+    printf "$git_hash" > "$bootloader_mount/opt/.shimboot_version_dev"
   fi
   umount "$bootloader_mount"
 

rootfs/etc/modules-load.d/wifi.conf

@@ -1,2 +1,3 @@
 iwlmvm
-ccm
+ccm
+8021q

rootfs/opt/setup_rootfs.sh

@@ -69,7 +69,7 @@ Pin-Priority: 1000
 fi
 
 #install the patched systemd
-apt-get upgrade -y
+apt-get upgrade -y --allow-downgrades
 installed_systemd="$(dpkg-query -W -f='${binary:Package}\n' | grep "systemd")"
 apt-get clean
 apt-get install -y --reinstall --allow-downgrades $installed_systemd
@@ -111,6 +111,9 @@ END
 #install desktop and other custom packages
 apt-get install -y $packages
 
+#disable selinux to prevent a harmless error from showing up during the boot
+echo "SELINUX=disabled" | tee -a /etc/selinux/config
+
 if [ ! $username ]; then
   read -p "Enter the username for the user account: " username
 fi
@@ -139,4 +142,7 @@ echo "Enter a user password:"
 set_password "$username" "$user_passwd"
 
 #clean apt caches
-apt-get clean
+apt-get clean
+
+#enable bash greeter
+echo "/usr/local/bin/shimboot_greeter" >> "/home/$username/.bashrc" 

rootfs/usr/local/bin/expand_rootfs

@@ -15,8 +15,10 @@ part_name="$(echo "$part_dev" | rev | cut -d'/' -f1 | rev)"
 part_num="$(cat /proc/partitions | grep "$part_name" | awk '{print $2}')"
 
 echo "Automatically detected root filesystem:"
-echo "Disk: $disk_dev"
-echo "Partition: $part_dev"
+fdisk -l "$disk_dev" 2>/dev/null | grep "${disk_dev}:" -A 1
+echo
+echo "Automatically detected root partition:"
+fdisk -l "$disk_dev" 2>/dev/null | grep "${part_dev}"
 echo
 read -p "Press enter to continue, or ctr+c to cancel. "
 

rootfs/usr/local/bin/shimboot_greeter

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+#get shimboot version
+if [ -f "/bootloader/opt/.shimboot_version" ]; then
+  shimboot_version="$(cat /bootloader/opt/.shimboot_version)"
+  if [ -f "/bootloader/opt/.shimboot_version_dev" ]; then
+    shimboot_version+="-dev-$(cat /bootloader/opt/.shimboot_version_dev)"
+  fi
+fi
+
+#get storage stats
+percent_full="$(df -BM / | tail -n1 | awk '{print $5}' | tr -d '%')"
+total_size="$(df -BM / | tail -n1 | awk '{print $2}' | tr -d 'M')"
+
+#print the greeter
+if [ "$shimboot_version" ]; then
+  echo "Welcome to the Shimboot Linux shell. (${shimboot_version})"
+else
+  echo "Welcome to the Shimboot Linux shell."
+fi
+echo "For documentation and to report bugs, please visit the project's Github page:"
+echo " - https://github.com/ading2210/shimboot"
+
+#a rootfs under 7GB should mean that it is not yet expanded
+if [ "$percent_full" -gt 80 ] && [ "$total_size" -lt 7000 ]; then
+  echo
+  echo "Warning: Your storage is nearly full and you have not yet expanded the root filesystem. Run 'sudo expand_rootfs' to fix this."
+fi
+
+echo