From 7fd017313e843059b727a0af27761746327e799c Mon Sep 17 00:00:00 2001 From: Adriana Kobylak Date: Thu, 12 Mar 2020 11:12:59 -0500 Subject: obmc-init.sh: Use u-boot env instead of password for emergency console The password prompt doesn't work anymore. Since it relied on the default password, remove the password prompt and just drop into a shell if a new enable-initrd-debug-sh u-boot environment value is set. The security implications are the same since the default password is public and there is a need to have access to u-boot to set the environment value. If the environment value is not set, kernel panic the system. Closes openbmc/openbmc#3649 Tested: Verified kernel panic if environment value was not set, and if it was set the emergency console dropped into a shell and basic linux commands worked: Mounting read-write /dev/mtdblock5 filesystem failed. Please fix and run mount /dev/mtdblock5 run/initramfs/rw -t jffs2 -o rw or perform a factory reset with the clean-rwfs-filesystem option. Try to manually fix. After fixing run exit to continue this script, or reboot -f to retry, or touch /takeover and exit to become PID 1 allowing editing of this script. /bin/sh: can't access tty; job control turned off / # (From meta-phosphor rev: 368550b2d259ac8d08c993b0d695f38aec8992fa) Change-Id: I0431690b3b4facadbe224fc822d6bd06f35b51f5 Signed-off-by: Adriana Kobylak Signed-off-by: Andrew Geissler --- .../initrdscripts/files/obmc-init.sh | 26 ++++++++++++++++------ 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/meta-phosphor/recipes-phosphor/initrdscripts/files/obmc-init.sh b/meta-phosphor/recipes-phosphor/initrdscripts/files/obmc-init.sh index 62be89f03..e61ede911 100644 --- a/meta-phosphor/recipes-phosphor/initrdscripts/files/obmc-init.sh +++ b/meta-phosphor/recipes-phosphor/initrdscripts/files/obmc-init.sh @@ -128,18 +128,25 @@ try_wget() { debug_takeover() { echo "$@" - test -n "$@" && echo Enter password to try to manually fix. + + if ! grep -w enable-initrd-debug-sh "$optfile" + then + echo "Fatal error, triggering kernel panic!" + exit 1 + fi + + test -n "$@" && echo Try to manually fix. cat << HERE After fixing run exit to continue this script, or reboot -f to retry, or touch /takeover and exit to become PID 1 allowing editing of this script. HERE - while ! sulogin && ! test -f /takeover + while ! /bin/sh && ! test -f /takeover do - echo getty failed, retrying + echo /bin/sh failed, retrying done - # Touch /takeover in the above getty to become pid 1 + # Touch /takeover in the above shell to become pid 1 if test -e /takeover then cat << HERE @@ -208,7 +215,12 @@ echo rofs = $rofs $rofst rwfs = $rwfs $rwfst if grep -w debug-init-sh $optfile then - debug_takeover "Debug initial shell requested by command line." + if grep -w enable-initrd-debug-sh "$optfile" + then + debug_takeover "Debug initial shell requested by command line." + else + echo "Need to also add enable-initrd-debug-sh for debug shell." + fi fi if test "x$consider_download_files" = xy && @@ -394,7 +406,7 @@ then Mounting read-write $rwdev filesystem failed. Please fix and run mount $rwdev $rwdir -t $rwfst -o $rwopts -to to continue, or do change nothing to run from RAM for this boot. +or perform a factory reset with the clean-rwfs-filesystem option. HERE debug_takeover "$msg" fi @@ -411,7 +423,7 @@ do Unable to confirm /sbin/init is an executable non-empty file in merged file system mounted at /root. -Change Root test failed! Invoking emergency shell. +Change Root test failed! HERE debug_takeover "$msg" done -- cgit v1.2.3