petitboot: Enable user separation

Turn on support for unprivileged user accounts in the Petitboot
environment, including setting up a basic non-root user and group.
The implementation also requires using the agetty package rather than
the busybox getty utility, calling the initial pb-console helper on
login rather than directly, and moving some shell init logic from
Petitboot and into a .shrc script.

If no root password is configured in NVRAM or at runtime then this has
no effect aside from some nicer shell behaviour. Once a password is
configured then most actions in Petitboot will require this password and
the shell runs as a normal user.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/openpower/configs/pseries_defconfig b/openpower/configs/pseries_defconfig
index 97523753..e18d14af 100644
--- a/openpower/configs/pseries_defconfig
+++ b/openpower/configs/pseries_defconfig
@@ -10,6 +10,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_OPENPOWER_PLATFORM=y