Merge pull request #2161 from abalfoort/showbootmsg
partitioning: Show/hide "Boot partition not encrypted" warning
This commit is contained in:
commit
44da0b24e5
@ -412,6 +412,7 @@ Config::setConfigurationMap( const QVariantMap& configurationMap )
|
|||||||
m_allowZfsEncryption = CalamaresUtils::getBool( configurationMap, "allowZfsEncryption", true );
|
m_allowZfsEncryption = CalamaresUtils::getBool( configurationMap, "allowZfsEncryption", true );
|
||||||
|
|
||||||
m_allowManualPartitioning = CalamaresUtils::getBool( configurationMap, "allowManualPartitioning", true );
|
m_allowManualPartitioning = CalamaresUtils::getBool( configurationMap, "allowManualPartitioning", true );
|
||||||
|
m_showNotEncryptedBootMessage = CalamaresUtils::getBool( configurationMap, "showNotEncryptedBootMessage", true );
|
||||||
m_requiredPartitionTableType = CalamaresUtils::getStringList( configurationMap, "requiredPartitionTableType" );
|
m_requiredPartitionTableType = CalamaresUtils::getStringList( configurationMap, "requiredPartitionTableType" );
|
||||||
|
|
||||||
Calamares::GlobalStorage* gs = Calamares::JobQueue::instance()->globalStorage();
|
Calamares::GlobalStorage* gs = Calamares::JobQueue::instance()->globalStorage();
|
||||||
|
@ -36,6 +36,8 @@ class Config : public QObject
|
|||||||
|
|
||||||
Q_PROPERTY( bool allowManualPartitioning READ allowManualPartitioning CONSTANT FINAL )
|
Q_PROPERTY( bool allowManualPartitioning READ allowManualPartitioning CONSTANT FINAL )
|
||||||
|
|
||||||
|
Q_PROPERTY( bool showNotEncryptedBootMessage READ showNotEncryptedBootMessage CONSTANT FINAL )
|
||||||
|
|
||||||
public:
|
public:
|
||||||
Config( QObject* parent );
|
Config( QObject* parent );
|
||||||
~Config() override = default;
|
~Config() override = default;
|
||||||
@ -146,6 +148,9 @@ public:
|
|||||||
/// @brief Is manual partitioning allowed (not explicitly disabled in the config file)?
|
/// @brief Is manual partitioning allowed (not explicitly disabled in the config file)?
|
||||||
bool allowManualPartitioning() const { return m_allowManualPartitioning; }
|
bool allowManualPartitioning() const { return m_allowManualPartitioning; }
|
||||||
|
|
||||||
|
/// @brief Show "Boot partition not encrypted" warning (not explicitly disabled in the config file)?
|
||||||
|
bool showNotEncryptedBootMessage() const { return m_showNotEncryptedBootMessage; }
|
||||||
|
|
||||||
/** @brief Will @p tableType be ok?
|
/** @brief Will @p tableType be ok?
|
||||||
*
|
*
|
||||||
* If no required types are specified, it's ok, otherwise the
|
* If no required types are specified, it's ok, otherwise the
|
||||||
@ -194,6 +199,7 @@ private:
|
|||||||
QStringList m_requiredPartitionTableType;
|
QStringList m_requiredPartitionTableType;
|
||||||
bool m_allowZfsEncryption = true;
|
bool m_allowZfsEncryption = true;
|
||||||
bool m_allowManualPartitioning = true;
|
bool m_allowManualPartitioning = true;
|
||||||
|
bool m_showNotEncryptedBootMessage = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
/** @brief Given a set of swap choices, return a sensible value from it.
|
/** @brief Given a set of swap choices, return a sensible value from it.
|
||||||
|
@ -491,6 +491,28 @@ shouldWarnForGPTOnBIOS( const PartitionCoreModule* core )
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool
|
||||||
|
shouldWarnForNotEncryptedBoot( const Config* config, const PartitionCoreModule* core)
|
||||||
|
{
|
||||||
|
if ( config->showNotEncryptedBootMessage() )
|
||||||
|
{
|
||||||
|
Partition* root_p = core->findPartitionByMountPoint( "/" );
|
||||||
|
Partition* boot_p = core->findPartitionByMountPoint( "/boot" );
|
||||||
|
|
||||||
|
if ( root_p and boot_p )
|
||||||
|
{
|
||||||
|
if ( ( root_p->fileSystem().type() == FileSystem::Luks
|
||||||
|
&& boot_p->fileSystem().type() != FileSystem::Luks )
|
||||||
|
|| ( root_p->fileSystem().type() == FileSystem::Luks2
|
||||||
|
&& boot_p->fileSystem().type() != FileSystem::Luks2 ) )
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
PartitionViewStep::onLeave()
|
PartitionViewStep::onLeave()
|
||||||
{
|
{
|
||||||
@ -605,43 +627,30 @@ PartitionViewStep::onLeave()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Partition* root_p = m_core->findPartitionByMountPoint( "/" );
|
if ( shouldWarnForNotEncryptedBoot( m_config, m_core ) )
|
||||||
Partition* boot_p = m_core->findPartitionByMountPoint( "/boot" );
|
|
||||||
|
|
||||||
if ( root_p and boot_p )
|
|
||||||
{
|
{
|
||||||
QString message;
|
QString message = tr( "Boot partition not encrypted" );
|
||||||
QString description;
|
QString description = tr( "A separate boot partition was set up together with "
|
||||||
|
"an encrypted root partition, but the boot partition "
|
||||||
|
"is not encrypted."
|
||||||
|
"<br/><br/>"
|
||||||
|
"There are security concerns with this kind of "
|
||||||
|
"setup, because important system files are kept "
|
||||||
|
"on an unencrypted partition.<br/>"
|
||||||
|
"You may continue if you wish, but filesystem "
|
||||||
|
"unlocking will happen later during system startup."
|
||||||
|
"<br/>To encrypt the boot partition, go back and "
|
||||||
|
"recreate it, selecting <strong>Encrypt</strong> "
|
||||||
|
"in the partition creation window." );
|
||||||
|
|
||||||
// If the root partition is encrypted, and there's a separate boot
|
QMessageBox mb(
|
||||||
// partition which is not encrypted
|
QMessageBox::Warning, message, description, QMessageBox::Ok, m_manualPartitionPage );
|
||||||
if ( ( root_p->fileSystem().type() == FileSystem::Luks && boot_p->fileSystem().type() != FileSystem::Luks )
|
Calamares::fixButtonLabels( &mb );
|
||||||
|| ( root_p->fileSystem().type() == FileSystem::Luks2
|
mb.exec();
|
||||||
&& boot_p->fileSystem().type() != FileSystem::Luks2 ) )
|
|
||||||
{
|
|
||||||
message = tr( "Boot partition not encrypted" );
|
|
||||||
description = tr( "A separate boot partition was set up together with "
|
|
||||||
"an encrypted root partition, but the boot partition "
|
|
||||||
"is not encrypted."
|
|
||||||
"<br/><br/>"
|
|
||||||
"There are security concerns with this kind of "
|
|
||||||
"setup, because important system files are kept "
|
|
||||||
"on an unencrypted partition.<br/>"
|
|
||||||
"You may continue if you wish, but filesystem "
|
|
||||||
"unlocking will happen later during system startup."
|
|
||||||
"<br/>To encrypt the boot partition, go back and "
|
|
||||||
"recreate it, selecting <strong>Encrypt</strong> "
|
|
||||||
"in the partition creation window." );
|
|
||||||
|
|
||||||
QMessageBox mb( QMessageBox::Warning, message, description, QMessageBox::Ok, m_manualPartitionPage );
|
|
||||||
Calamares::fixButtonLabels( &mb );
|
|
||||||
mb.exec();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
PartitionViewStep::setConfigurationMap( const QVariantMap& configurationMap )
|
PartitionViewStep::setConfigurationMap( const QVariantMap& configurationMap )
|
||||||
{
|
{
|
||||||
|
@ -104,6 +104,15 @@ alwaysShowPartitionLabels: true
|
|||||||
# If nothing is specified, manual partitioning is enabled.
|
# If nothing is specified, manual partitioning is enabled.
|
||||||
#allowManualPartitioning: true
|
#allowManualPartitioning: true
|
||||||
|
|
||||||
|
# Show not encrypted boot partition warning.
|
||||||
|
#
|
||||||
|
# When set to false, this option does not show the
|
||||||
|
# "Boot partition not encrypted" warning when encrypting the
|
||||||
|
# root partition but not /boot partition.
|
||||||
|
#
|
||||||
|
# If nothing is specified, the warning is shown.
|
||||||
|
#showNotEncryptedBootMessage: true
|
||||||
|
|
||||||
# Initial selection on the Choice page
|
# Initial selection on the Choice page
|
||||||
#
|
#
|
||||||
# There are four radio buttons (in principle: erase, replace, alongside, manual),
|
# There are four radio buttons (in principle: erase, replace, alongside, manual),
|
||||||
|
@ -27,6 +27,7 @@ properties:
|
|||||||
enableLuksAutomatedPartitioning: { type: boolean, default: false }
|
enableLuksAutomatedPartitioning: { type: boolean, default: false }
|
||||||
|
|
||||||
allowManualPartitioning: { type: boolean, default: true }
|
allowManualPartitioning: { type: boolean, default: true }
|
||||||
|
showNotEncryptedBootMessage: { type: boolean, default: true }
|
||||||
partitionLayout: { type: array } # TODO: specify items
|
partitionLayout: { type: array } # TODO: specify items
|
||||||
initialPartitioningChoice: { type: string, enum: [ none, erase, replace, alongside, manual ] }
|
initialPartitioningChoice: { type: string, enum: [ none, erase, replace, alongside, manual ] }
|
||||||
initialSwapChoice: { type: string, enum: [ none, small, suspend, reuse, file ] }
|
initialSwapChoice: { type: string, enum: [ none, small, suspend, reuse, file ] }
|
||||||
|
Loading…
Reference in New Issue
Block a user