[PATCH 1/1] GRUB_SESAME support. (Take 2)

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/1] GRUB_SESAME support. (Take 2)

From:	Stephen R. van den Berg
Subject:	[PATCH 1/1] GRUB_SESAME support. (Take 2)
Date:	Mon, 4 May 2020 19:29:25 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

If set, it will keep the menu from appearing until the sesame-phrase
has been typed.  The intended usage is so that you can have two devices
both running grub/Linux, each device with a single serial port.
Connect both serial ports against each other, and the two devices will
not accidentally trigger grub to do anything, unless the sesame-phrase
will have been entered.
---
 debian/changelog         |  6 ++++++
 docs/grub.texi           |  7 +++++++
 grub-core/normal/menu.c  | 35 +++++++++++++++++++++++++++++++----
 util/grub-mkconfig.in    |  1 +
 util/grub.d/00_header.in |  5 +++++
 5 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 0d25df0fe..f8fee9919 100644
diff --git a/docs/grub.texi b/docs/grub.texi
index f1216d19d..d9283c5b1 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -1315,6 +1315,13 @@ If the timeout expires before either of these happens, 
it will boot the
 default entry.  In the @samp{countdown} case, it will show a one-line
 indication of the remaining time.
 
+@item GRUB_SESAME
+Assigning a phrase to this option will only have effect if
+@samp{GRUB_TIMEOUT_STYLE} is set to either @samp{countdown} or @samp{hidden}.
+If set, it will keep the menu from appearing until the sesame-phrase
+has been typed.  Entering the phrase needs to have been completed before
+@samp{GRUB_TIMEOUT} expires.
+
 @item GRUB_DEFAULT_BUTTON
 @itemx GRUB_TIMEOUT_BUTTON
 @itemx GRUB_TIMEOUT_STYLE_BUTTON
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
index 906a480a2..17087e1e2 100644
--- a/grub-core/normal/menu.c
+++ b/grub-core/normal/menu.c
@@ -580,6 +580,9 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
   int default_entry, current_entry;
   int timeout;
   enum timeout_style timeout_style;
+  const char *sesameword;
+  char *sesamebuf = 0;
+  unsigned sesamelen;
 
   default_entry = get_entry_number (menu, "default");
 
@@ -597,6 +600,17 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
     grub_env_unset ("timeout_style");
 
   timeout_style = get_timeout_style ();
+  sesameword = grub_env_get ("sesame");
+
+  if (sesameword) {
+    if (!*sesameword)
+      sesameword = 0;
+    else
+      {
+        sesamelen = grub_strlen (sesameword);
+        sesamebuf = grub_zalloc (sesamelen-- + 1);
+      }
+  }
 
   if (timeout_style == TIMEOUT_STYLE_COUNTDOWN
       || timeout_style == TIMEOUT_STYLE_HIDDEN)
@@ -652,7 +666,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
              mods |= term->getkeystatus (term);
          }
 
-         if (mods >= 0 &&
+         if (mods >= 0 && !sesameword &&
              (mods & (GRUB_TERM_STATUS_LSHIFT
                       | GRUB_TERM_STATUS_RSHIFT)) != 0)
            {
@@ -663,9 +677,19 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
          key = grub_getkey_noblock ();
          if (key != GRUB_TERM_NO_KEY)
            {
-             entry = get_entry_index_by_hotkey (menu, key);
-             if (entry >= 0)
-               break;
+             if (sesameword)
+               {
+                 grub_memmove (sesamebuf, sesamebuf+1, sesamelen);
+                 sesamebuf[sesamelen] = key;
+                 key = grub_strcmp (sesamebuf, sesameword)
+                     ? GRUB_TERM_NO_KEY : GRUB_TERM_ESC;
+               }
+             else
+               {
+                 entry = get_entry_index_by_hotkey (menu, key);
+                 if (entry >= 0)
+                   break;
+               }
            }
          if (key == GRUB_TERM_ESC)
            {
@@ -685,8 +709,11 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
            break;
        }
 
+      if (sesamebuf)
+        grub_free (sesamebuf);
       grub_env_unset ("timeout");
       grub_env_unset ("timeout_style");
+      grub_env_unset ("sesame");
       if (entry >= 0)
        {
          *auto_boot = 0;
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index ad716384b..7e29680c4 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -211,6 +211,7 @@ export GRUB_DEFAULT \
   GRUB_HIDDEN_TIMEOUT_QUIET \
   GRUB_TIMEOUT \
   GRUB_TIMEOUT_STYLE \
+  GRUB_SESAME \
   GRUB_DEFAULT_BUTTON \
   GRUB_HIDDEN_TIMEOUT_BUTTON \
   GRUB_TIMEOUT_BUTTON \
diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in
index 674a76140..d8ec4bb77 100644
--- a/util/grub.d/00_header.in
+++ b/util/grub.d/00_header.in
@@ -328,6 +328,11 @@ fi
 
 make_timeout ()
 {
+    if [ "x${GRUB_SESAME}" != "x" ] ; then
+    cat << EOF
+set sesame="${GRUB_SESAME}"
+EOF
+    fi
     cat << EOF
 if [ "\${recordfail}" = 1 ] ; then
   set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30}
-- 
2.20.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 1/1] GRUB_SESAME support. (Take 2), Stephen R. van den Berg <=

Prev by Date: Call to grub_file_read fails in grub_multiboot_load_elf64
Next by Date: [GRUB PATCH RFC 03/18] i386/msr: Extract and improve MSR support detection code
Previous by thread: Call to grub_file_read fails in grub_multiboot_load_elf64
Next by thread: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher
Index(es):
- Date
- Thread