root-hashes-gui.sh: generalize to work on debian/ubuntu/pureos/qubesos (luks+lvm; qubesos untested: I use btrfs)

TODO: tpm prompt for password is silenced still, and UX not so good to guide user to reseal/reset tpm/primary handle...

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

Author: tlaurion

initrd/bin/root-hashes-gui.sh

@@ -13,6 +13,7 @@ ROOT_MOUNT="/root"
 export CONFIG_ROOT_DIRLIST_PRETTY=$(echo $CONFIG_ROOT_DIRLIST | sed -e 's/^/\//;s/ / \//g')
 
 update_root_checksums() {
+  TRACE_FUNC
   if ! detect_root_device; then
     whiptail_error --title 'ERROR: No Valid Root Disk Found' \
       --msgbox "No Valid Root Disk Found" 0 80
@@ -31,6 +32,7 @@ update_root_checksums() {
     mount -o rw,remount /boot
   fi
 
+  DEBUG "calculating hashes for $CONFIG_ROOT_DIRLIST_PRETTY on $ROOT_MOUNT"
   echo "+++ Calculating hashes for all files in $CONFIG_ROOT_DIRLIST_PRETTY "
   # Intentional wordsplit
   # shellcheck disable=SC2086
@@ -47,6 +49,8 @@ update_root_checksums() {
   unmount_root_device
 }
 check_root_checksums() {
+  TRACE_FUNC
+  DEBUG "verifying existing hash file for $CONFIG_ROOT_DIRLIST_PRETTY"
   if ! detect_root_device; then
     whiptail_error --title 'ERROR: No Valid Root Disk Found' \
       --msgbox "No Valid Root Disk Found" 0 80
@@ -74,6 +78,7 @@ check_root_checksums() {
         update_root_checksums
         return 0
       else
+        DEBUG "user chose not to create root hash file, returning"
         exit 1
       fi
   fi
@@ -124,6 +129,7 @@ check_root_checksums() {
 
         return 0
       else
+        DEBUG "user chose not to update signatures after new-files warning"
         return 1
       fi
     fi
@@ -154,6 +160,7 @@ check_root_checksums() {
       update_root_checksums
       return 0
     else
+      DEBUG "user chose not to update signatures after hash-check-failure"
       return 1
     fi
   fi
@@ -164,21 +171,43 @@ check_root_checksums() {
 open_block_device_lvm() {
   TRACE_FUNC
   local VG="$1"
+  local LV MAPPER_VG MAPPER_LV name lvpath
 
   if ! lvm vgchange -ay "$VG"; then
     DEBUG "Can't open LVM VG: $VG"
     return 1
   fi
 
-  # Use the LV 'root'.  This is the default name used by Qubes.  There's no
-  # way to configure this at the moment.
-  if ! [ -e "/dev/mapper/$VG-root" ]; then
-    DEBUG "LVM volume group does not have 'root' logical volume"
+  # Prefer an LV named 'root' (used by Qubes), but fall back to any LV
+  # in the VG.  This ensures Ubuntu-style names (e.g. ubuntu-vg/ubuntu-root)
+  # also work.
+  LV="/dev/$VG/root"
+  if ! [ -e "$LV" ]; then
+    MAPPER_VG="${VG//-/--}"
+    LV="/dev/mapper/${MAPPER_VG}-root"
+  fi
+  if ! [ -e "$LV" ]; then
+    DEBUG "LVM VG $VG has no 'root' LV, enumerating all LVs"
+    # list LV names and try each one
+    for name in $(lvm lvs --noheadings -o lv_name --separator ' ' "$VG" 2>/dev/null); do
+      lvpath="/dev/$VG/$name"
+      if ! [ -e "$lvpath" ]; then
+        MAPPER_LV="${name//-/--}"
+        lvpath="/dev/mapper/${VG//-/--}-${MAPPER_LV}"
+      fi
+      if [ -e "$lvpath" ]; then
+        DEBUG "trying LV $lvpath"
+        LV="$lvpath"
+        break
+      fi
+    done
+  fi
+  if ! [ -e "$LV" ]; then
+    DEBUG "no usable LV found in VG $VG"
     return 1
   fi
-
-  # Use the root LV now
-  open_block_device_layers "/dev/mapper/$VG-root"
+  # Use selected LV
+  open_block_device_layers "$LV"
 }
 
 # Open a LUKS device, then continue looking for more layers.
@@ -269,12 +298,21 @@ open_root_device_no_clean_up() {
 close_block_device_lvm() {
   TRACE_FUNC
   local VG="$1"
+  local name lvpath MAPPER_VG MAPPER_LV
 
-  # We always use the LV 'root' currently
-  local LV="/dev/mapper/$VG-root"
-  if [ -e "$LV" ]; then
-    close_block_device_layers "$LV"
-  fi
+  MAPPER_VG="${VG//-/--}"
+
+  # Close any layers found in all LVs in this VG, not just 'root'.
+  for name in $(lvm lvs --noheadings -o lv_name --separator ' ' "$VG" 2>/dev/null); do
+    lvpath="/dev/$VG/$name"
+    if ! [ -e "$lvpath" ]; then
+      MAPPER_LV="${name//-/--}"
+      lvpath="/dev/mapper/${MAPPER_VG}-${MAPPER_LV}"
+    fi
+    if [ -e "$lvpath" ]; then
+      close_block_device_layers "$lvpath"
+    fi
+  done
 
   # The LVM VG might be open even if no 'root' LV exists, still try to close it.
   lvm vgchange -an "$VG" || \
@@ -368,6 +406,7 @@ detect_root_device()
 
   # generate list of possible boot devices
   fdisk -l 2>/dev/null | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist
+  DEBUG "detect_root_device: initial disklist=$(cat /tmp/disklist | tr '\n' ' ')"
 
   # filter out extraneous options
   > /tmp_root_device_list

initrd/etc/functions

@@ -1279,12 +1279,12 @@ find_lvm_vg_name() {
 	DEVICE="$1"
 
 	mkdir -p /tmp/root-hashes-gui
-	if ! lvm pvs "$DEVICE" >/tmp/root-hashes-gui/lvm_vg 2>/dev/null; then
+	if ! lvm pvs --noheadings -o vg_name "$DEVICE" >/tmp/root-hashes-gui/lvm_vg 2>/dev/null; then
 		# It's not an LVM PV
 		return 1
 	fi
 
-	VG="$(tail -n +2 /tmp/root-hashes-gui/lvm_vg | awk '{print $2}')"
+	VG="$(awk 'NF {print $1; exit}' /tmp/root-hashes-gui/lvm_vg)"
 	if [ -z "$VG" ]; then
 		DEBUG "Could not find LVM2 VG from lvm pvs output:"
 		DEBUG "$(cat /tmp/root-hashes-gui/lvm_vg)"
@@ -1298,34 +1298,37 @@ find_lvm_vg_name() {
 # GPT-partitioned disk.
 is_gpt_bios_grub() {
 	TRACE_FUNC
-	DEBUG "is_gpt_bios_grub: PART_DEV=$1"
-
-	local PART_DEV="$1" DEVICE NUMBER
-
-	# Figure out the partitioned device containing this device (if there is
-	# one) from /sys/class/block.
-	local DEVICE_MATCHES=("/sys/class/block/"*"/$(basename "$PART_DEV")")
-	DEBUG "is_gpt_bios_grub: DEVICE_MATCHES=${DEVICE_MATCHES[*]}"
+	# $1 is the device path being tested (e.g. /dev/vda1)
+	local PART_DEV="$1"
+	DEBUG "PART_DEV=$PART_DEV"
+
+	# identify the base device and partition number with a regex
+	local partname device number
+	partname=$(basename "$PART_DEV")
+
+	# Split trailing digits from the base device name.
+	number="${partname##*[!0-9]}"
+	if [ -z "$number" ]; then
+		DEBUG "cannot parse partition name '$partname'"
+		return 0    # not a recognised partition
+	fi
 
-	DEVICE="$(echo "${DEVICE_MATCHES[0]}" | cut -d/ -f5)"
-	if [ "${#DEVICE_MATCHES[@]}" -ne 1 ] || [ "$DEVICE" = "*" ]; then
-		DEBUG "is_gpt_bios_grub: ambiguous DEVICE, returning false"
-		return 0
+	device="${partname%"$number"}"
+	# nvme/mmc names include an extra 'p' separator before the partition
+	# number (e.g. nvme0n1p2, mmcblk0p1). Remove only that separator.
+	if [[ "$device" == *p && "${device%p}" == *[0-9] ]]; then
+		device="${device%p}"
 	fi
 
-	# Extract the partition number
-	if ! [[ $(basename "$PART_DEV") =~ ([0-9]+)$ ]]; then
-		DEBUG "is_gpt_bios_grub: cannot parse partition number"
-		return 0 # Can't figure out the partition number
+	if [ -z "$device" ]; then
+		DEBUG "cannot parse partition device from '$partname'"
+		return 0
 	fi
 
-	NUMBER="${BASH_REMATCH[1]}"
-	DEBUG "is_gpt_bios_grub: DEVICE=$DEVICE NUMBER=$NUMBER"
+	DEBUG "DEVICE=$device NUMBER=$number"
 
-	# Now we know the device and partition number, get the type.  This is
-	# specific to GPT disks, MBR disks are shown differently by fdisk.
-	TRACE "$PART_DEV is partition $NUMBER of $DEVICE"
-	if [ "$(fdisk -l "/dev/$DEVICE" 2>/dev/null | awk '$1 == '"$NUMBER"' {print $5}')" == grub ]; then
+	# GPT disks list type in column 5; fall through to 1 otherwise
+	if [ "$(fdisk -l "/dev/$device" 2>/dev/null | awk '$1 == '"$number"' {print $5}')" == grub ]; then
 		return 0
 	fi
 	return 1
@@ -1354,9 +1357,17 @@ mount_possible_boot_device() {
 
 	# Skip bios-grub partitions on GPT disks, LUKS partitions, and LVM PVs,
 	# we can't mount these as /boot.
-	if is_gpt_bios_grub "$BOOT_DEV" || cryptsetup isLuks "$BOOT_DEV" ||
-		find_lvm_vg_name "$BOOT_DEV" >/dev/null; then
-		TRACE "$BOOT_DEV is not a mountable partition for /boot"
+	# Skip partitions we definitely can't mount for /boot.  Log each reason.
+	if is_gpt_bios_grub "$BOOT_DEV"; then
+		DEBUG "$BOOT_DEV is GPT BIOS/GRUB partition, skipping"
+		return 1
+	fi
+	if cryptsetup isLuks "$BOOT_DEV"; then
+		DEBUG "$BOOT_DEV is a LUKS volume, skipping"
+		return 1
+	fi
+	if find_lvm_vg_name "$BOOT_DEV" >/dev/null; then
+		DEBUG "$BOOT_DEV is an LVM PV, skipping"
 		return 1
 	fi
 
@@ -1388,6 +1399,15 @@ mount_possible_boot_device() {
 detect_boot_device() {
 	TRACE_FUNC
 	local devname
+	DEBUG "CONFIG_BOOT_DEV=$CONFIG_BOOT_DEV"
+	# If /boot is already mounted and appears to be a valid boot tree, just
+	# use its device.  This avoids remount churn and makes the later lookup
+	# fast.
+	mounted_boot_dev="$(awk '$2=="/boot" {print $1; exit}' /proc/mounts)"
+	if [ -n "$mounted_boot_dev" ] && ls -d /boot/grub* >/dev/null 2>&1; then
+		CONFIG_BOOT_DEV="$mounted_boot_dev"
+		return 0
+	fi
 	# unmount /boot to be safe
 	cd / && umount /boot 2>/dev/null
 
@@ -1425,6 +1445,7 @@ detect_boot_device() {
 
 	# no valid boot device found
 	echo "Unable to locate /boot files on any mounted disk"
+	DEBUG "detect_boot_device: failed to find a bootable device"
 	return 1
 }
 

initrd/etc/gui_functions

@@ -183,8 +183,7 @@ show_system_info() {
 	EC_VER: ${EC_VER}"
 
 	local disk_info="$(disk_info_sysfs)"
-	TRACE_FUNC
-	DEBUG "show_system_info: disk_info=\n${disk_info}"
+	DEBUG "disk_info=\n${disk_info}"
 
 	local msgbox="${BOARD_NAME}