Secure boot is used against several security threats when malware tries to
infect the firmware of the system. Users may inadvertently disable or
software may intentionally disable the secure boot. Consequently, the
system is running on an insecure platform with incorrect configuration. If
Plymouth could offer a warning to the user, the user could reboot and
reconfigure their system or asks for help immediately.
This work can be used to check the secure boot configuration and put a red
warning image on the screen if the secure boot is disabled. Also, this
check can be utterly disabled through the kernel parameter for testing.
If the parameter "secure_boot.warn_if_disabled=false" appears in the
kernel parameter, the secure boot check will be disabled.
Signed-off-by: Kate Hsuan <hpa@redhat.com>
This checks the secure boot status. If the secure boot are enabled,
return true. Otherwise, return false.
The system secure boot settings is at
/sys/firmware/efi/efivars/SecureBoot* and the fifth byte should be
0x1 which means the system secure boot is enabled.
Signed-off-by: Kate Hsuan <hpa@redhat.com>
It was needed long ago for a function we no longer even have.
Now it's causing compile errors on Fedora 37 because it's conflicting
with sys/mount.h.
This commit drops it.
Many of the source files in tree have "vim:" lines to tell vim a
hint about our coding style.
Unfortunately, they were written when plymouth used the GNU coding
style, and it, of course, doesn't anymore.
This commit just drops them since the default vim indentation options
match pretty well with the plymouth coding style now, anyway.
I was going to fix the preexisting style issues piecewise as they're
changed, but it's actually making reviewing patchsets noisy.
This commit just bites the bullet and does a full run through
uncrustify.
commit 5d1b49c601 adds support for
filtering input to plymouthd and the script plugin.
The script plugin additions, unfortunately, fail to properly handle
scripts that don't add a validation function.
This commit fixes that by assuming no validation function means
no filtering.
Closes: https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/175
ply_command_parser_get_options inexplicably adds a duplicate
command to the list of available subcommands every time it's
called. This must be some sort of cut and paste bug, it shouldn't
be modifying the list.
That leads to double frees when freeing the command parser.
This commit fixes that.
Related: https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/175
commit ed7b1690f0 added an explicit
command parser free call on exit to make memory analysis tools
give better results.
That commit freed the command parser a little too early, though,
before the event loop gets freed and the event loop exit handlers
are run.
The command parser uses an exit handler to clear a weak reference
on the event loop, so freeing the command parser before the event
loop can lead to crash.
This commit moves the free call a little lower.
Related: https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/175
The formatting in the codebase isn't perfect, but there's no
reason to make it worse.
This commit adds a CI check to make sure new code is styled
right.
The moment it's possible to sneak in functions like:
static void
foo (int param1, int param2)
{
}
when the style requires parameters on separate lines.
This updates the uncrustify config to account for that.
Recently a shell error snuck into CI and I didn't notice it because
it was in the tail end of a short-circuited conditional.
This commit adds a little shell validation to CI to avoid that
sort of thing in the future.
This adds also '\e' to be parsed as escape character in script strings.
Together these allow possibility to create scripts that allow only
numeric PINs, and prevent switching to text mode.
Right now plymouth-set-default-theme only supports rebuilding the initrd if a theme
is passed explicitly.
This commit improves the script to also work for --reset and even in a
standalone mode where no theme is passed at all.
Closes https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/174
Add String.Length function which returns the length of a string.
It will make it possible to get the number of bullets from the
display prompt callback inside scripts.
Add display_prompt function which will be called for both passwords
and questions. This will make it possible to get a plaintext password
string.
SetDisplayPromptFunction will make it possible to set this callback
from a theme script.
Closes#150
Before the device-timeout elapses verify_add_or_change () blocks new
simpledrm and fbdev getting added through udev add events because we
really only want native drm devices.
Then when the timeout triggers the list of udev devices existing at
that point int time is rescanned and any drm (including simpledrm) and
fbdev devices are added (filtering out duplicates).
But what if a simpledrm or fbdev device for some reason only shows
up after the timeout? Before this change those would then be ignored
for ever.
Add a manager->device_timeout_elapsed check and make verify_add_or_change ()
accept any drm + fbdev devices after the timeout. Note this addresses
a mostly theoretically issue since in practice a simpledrm or fbdev device
showing up later is very unlikely.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Move the local_console_is_text check outside of the
"if (subsytem == SUBSYSTEM_DRM)" block.
This check is equally relevant for SUBSYSTEM_FRAME_BUFFER.
Note by itself this is a no-op since verify_add_or_change() *always*
returns false for SUBSYSTEM_FRAME_BUFFER devices.
This is a preparation patch for making verify_add_or_change() not
return false when manager->device_timeout_elapsed is set.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Simple-framebuffer devices driven by simpledrm lack information
like panel-rotation info and physical size, causing the splash
to briefly render on its side / without HiDPI scaling, switching
to the correct rendering when the native driver loads.
To avoid this treat simpledrm devices as fbdev devices and only
use them after the timeout.
Also adds 2 exceptions to this:
1. If nomodeset is passed on the kernel commandline then no native
drivers will load, so in this case it is best to immediately use
SimpleDRM devices when they are detected.
2. On some devics the firmware leave the panel black at boot. In this
case it is desirable to show the splash to the user ASAP so that there
is some visual feedback that the device is booting. Add a support for a
"plymouth.use-simpledrm" kernel cmdline option to show the splash
immediately on SimpleDRM devices rather then waiting for the native
driver to load.
Closes#167
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
ply_string_has_prefix was dropped in commit c7965ea19a ("ply-utils:
Drop unused ply_string_has_prefix helper"). We have a need for this
helper again, so reintroduce it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The ply-device-manager.c already assumes that the return value of
udev_device_get_subsystem () is never NULL in many places, including
in the condition of the "else if" just below the check which is
being removed.
Remove the one lonely check for it being NULL for consistency.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
