From db6ca355bc6fbd5e259e3ac5efe844a43d993bad Mon Sep 17 00:00:00 2001
From: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Date: Mon, 26 Nov 2018 11:47:43 +1100
Subject: petitboot: Enable user separation

Turn on support for unprivileged user accounts in the Petitboot
environment, including setting up a basic non-root user and group.
The implementation also requires using the agetty package rather than
the busybox getty utility, calling the initial pb-console helper on
login rather than directly, and moving some shell init logic from
Petitboot and into a .shrc script.

If no root password is configured in NVRAM or at runtime then this has
no effect aside from some nicer shell behaviour. Once a password is
configured then most actions in Petitboot will require this password and
the shell runs as a normal user.

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 openpower/configs/barreleye_defconfig                  |  3 +++
 openpower/configs/busybox.fragment                     |  1 +
 openpower/configs/firenze_defconfig                    |  3 +++
 openpower/configs/firestone_defconfig                  |  3 +++
 openpower/configs/garrison_defconfig                   |  3 +++
 openpower/configs/habanero_defconfig                   |  3 +++
 openpower/configs/openpower_mambo_defconfig            |  3 +++
 openpower/configs/p9dsu_defconfig                      |  3 +++
 openpower/configs/palmetto_defconfig                   |  3 +++
 openpower/configs/pseries_defconfig                    |  3 +++
 openpower/configs/romulus_defconfig                    |  3 +++
 openpower/configs/users-table                          |  1 +
 openpower/configs/vesnin_defconfig                     |  3 +++
 openpower/configs/witherspoon_defconfig                |  3 +++
 openpower/configs/witherspoon_dev_defconfig            |  3 +++
 openpower/configs/zaius_defconfig                      |  3 +++
 openpower/configs/zz_defconfig                         |  3 +++
 openpower/overlay/etc/sudoers                          |  4 ++++
 openpower/package/petitboot/S15pb-discover             |  7 ++++++-
 openpower/package/petitboot/petitboot-console-ui.rules |  6 +++---
 openpower/package/petitboot/petitboot.mk               |  7 ++++++-
 openpower/package/petitboot/shell_config               | 15 +++++++++++++++
 openpower/package/petitboot/shell_profile              |  2 ++
 23 files changed, 83 insertions(+), 5 deletions(-)
 create mode 100644 openpower/configs/users-table
 create mode 100644 openpower/overlay/etc/sudoers
 create mode 100644 openpower/package/petitboot/shell_config
 create mode 100755 openpower/package/petitboot/shell_profile

diff --git a/openpower/configs/barreleye_defconfig b/openpower/configs/barreleye_defconfig
index ff3c12d8..d4209658 100644
--- a/openpower/configs/barreleye_defconfig
+++ b/openpower/configs/barreleye_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/busybox.fragment b/openpower/configs/busybox.fragment
index 2c9b1769..db084af4 100644
--- a/openpower/configs/busybox.fragment
+++ b/openpower/configs/busybox.fragment
@@ -8,3 +8,4 @@ CONFIG_UDHCPC6=y
 CONFIG_FEATURE_UDHCPC6_RFC3646=y
 CONFIG_FEATURE_UDHCPC6_RFC4704=y
 CONFIG_FEATURE_UDHCPC6_RFC4833=y
+CONFIG_USE_BB_CRYPT_SHA=y
diff --git a/openpower/configs/firenze_defconfig b/openpower/configs/firenze_defconfig
index 3689e4db..bd32b24a 100644
--- a/openpower/configs/firenze_defconfig
+++ b/openpower/configs/firenze_defconfig
@@ -9,6 +9,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -34,6 +35,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/firestone_defconfig b/openpower/configs/firestone_defconfig
index 3b43d0ba..a790a6d3 100644
--- a/openpower/configs/firestone_defconfig
+++ b/openpower/configs/firestone_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/garrison_defconfig b/openpower/configs/garrison_defconfig
index cb2d2b6e..b7cdf861 100644
--- a/openpower/configs/garrison_defconfig
+++ b/openpower/configs/garrison_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/habanero_defconfig b/openpower/configs/habanero_defconfig
index dab9e122..356703ca 100644
--- a/openpower/configs/habanero_defconfig
+++ b/openpower/configs/habanero_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/openpower_mambo_defconfig b/openpower/configs/openpower_mambo_defconfig
index 3a9309c3..c618849f 100644
--- a/openpower/configs/openpower_mambo_defconfig
+++ b/openpower/configs/openpower_mambo_defconfig
@@ -7,6 +7,7 @@ BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
 BR2_ROOTFS_DEVICE_TABLE="../openpower/device_table.txt"
 BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_GENERATE_LOCALE="en_US.UTF-8"
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -32,6 +33,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/p9dsu_defconfig b/openpower/configs/p9dsu_defconfig
index 26f360cd..853f2d26 100644
--- a/openpower/configs/p9dsu_defconfig
+++ b/openpower/configs/p9dsu_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -37,6 +38,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/palmetto_defconfig b/openpower/configs/palmetto_defconfig
index 33149bf5..f4a06a0c 100644
--- a/openpower/configs/palmetto_defconfig
+++ b/openpower/configs/palmetto_defconfig
@@ -9,6 +9,7 @@ BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
 BR2_ROOTFS_DEVICE_TABLE="../openpower/device_table.txt"
 BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_GENERATE_LOCALE="en_US.UTF-8"
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -34,6 +35,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/pseries_defconfig b/openpower/configs/pseries_defconfig
index 97523753..e18d14af 100644
--- a/openpower/configs/pseries_defconfig
+++ b/openpower/configs/pseries_defconfig
@@ -10,6 +10,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/romulus_defconfig b/openpower/configs/romulus_defconfig
index 87e9e6c5..4fc2a454 100644
--- a/openpower/configs/romulus_defconfig
+++ b/openpower/configs/romulus_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/users-table b/openpower/configs/users-table
new file mode 100644
index 00000000..9c3be67c
--- /dev/null
+++ b/openpower/configs/users-table
@@ -0,0 +1 @@
+petituser 1111 petitgroup 2222 - /home/petituser /bin/sh wheel
diff --git a/openpower/configs/vesnin_defconfig b/openpower/configs/vesnin_defconfig
index 95775889..744bbf68 100644
--- a/openpower/configs/vesnin_defconfig
+++ b/openpower/configs/vesnin_defconfig
@@ -10,6 +10,7 @@ BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
 BR2_ROOTFS_DEVICE_TABLE="../openpower/device_table.txt"
 BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_GENERATE_LOCALE="en_US.UTF-8"
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -33,6 +34,8 @@ BR2_PACKAGE_DROPBEAR=y
 BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/witherspoon_defconfig b/openpower/configs/witherspoon_defconfig
index 41cafaa0..3a2aba36 100644
--- a/openpower/configs/witherspoon_defconfig
+++ b/openpower/configs/witherspoon_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/witherspoon_dev_defconfig b/openpower/configs/witherspoon_dev_defconfig
index d94569b9..5861f89f 100644
--- a/openpower/configs/witherspoon_dev_defconfig
+++ b/openpower/configs/witherspoon_dev_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/zaius_defconfig b/openpower/configs/zaius_defconfig
index a9b95189..31b9bc85 100644
--- a/openpower/configs/zaius_defconfig
+++ b/openpower/configs/zaius_defconfig
@@ -11,6 +11,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -36,6 +37,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_TARGET_ROOTFS_INITRAMFS=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/configs/zz_defconfig b/openpower/configs/zz_defconfig
index acadd2db..b6717d3c 100644
--- a/openpower/configs/zz_defconfig
+++ b/openpower/configs/zz_defconfig
@@ -9,6 +9,7 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
 BR2_ENABLE_LOCALE_WHITELIST="C de en es fr it ja ko pt_BR ru zh_CN zh_TW"
 BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 it_IT.UTF-8 ja_JP.UTF-8 ko_KR.UTF-8 pt_BR.UTF-8 ru_RU.UTF-8 zh_CN.UTF-8 zh_TW.UTF-8"
 BR2_SYSTEM_ENABLE_NLS=y
+BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_OP_BUILD_PATH)/configs/users-table"
 BR2_ROOTFS_OVERLAY="../openpower/overlay"
 BR2_ROOTFS_POST_BUILD_SCRIPT="../openpower/scripts/fixup-target-var ../openpower/scripts/firmware-whitelist"
 BR2_LINUX_KERNEL=y
@@ -34,6 +35,8 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LRZSZ=y
 BR2_PACKAGE_NETCAT=y
 BR2_PACKAGE_RSYNC=y
+BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_UTIL_LINUX_AGETTY=y
 BR2_TARGET_ROOTFS_CPIO=y
 BR2_TARGET_ROOTFS_CPIO_XZ=y
 BR2_OPENPOWER_PLATFORM=y
diff --git a/openpower/overlay/etc/sudoers b/openpower/overlay/etc/sudoers
new file mode 100644
index 00000000..fcaf196a
--- /dev/null
+++ b/openpower/overlay/etc/sudoers
@@ -0,0 +1,4 @@
+root ALL=(ALL) ALL
+%wheel ALL=(ALL) ALL
+Defaults targetpw
+Defaults timestamp_timeout=1
diff --git a/openpower/package/petitboot/S15pb-discover b/openpower/package/petitboot/S15pb-discover
index 8f9638c6..9d9ec57d 100755
--- a/openpower/package/petitboot/S15pb-discover
+++ b/openpower/package/petitboot/S15pb-discover
@@ -15,7 +15,12 @@ fi
 case "$1" in
     start)
         ulimit -c unlimited
-        mkdir -p $(dirname $LOGFILE)
+        mkdir -p -m 0775 $(dirname $LOGFILE)
+        mkdir -p -m 0775 /var/petitboot
+        # Set permissions for normal users
+        chown -R root:petitgroup $(dirname $LOGFILE)
+        chown -R root:petitgroup /var/petitboot
+
         export $(cat /etc/locale)
         pb-discover -l $LOGFILE $verbose &
         echo $! > $PIDFILE
diff --git a/openpower/package/petitboot/petitboot-console-ui.rules b/openpower/package/petitboot/petitboot-console-ui.rules
index 8e117e52..d99df368 100644
--- a/openpower/package/petitboot/petitboot-console-ui.rules
+++ b/openpower/package/petitboot/petitboot-console-ui.rules
@@ -1,5 +1,5 @@
 
 # spawn a petitboot UI on common user-visible interface devices
-SUBSYSTEM=="tty", KERNEL=="hvc*", RUN+="/usr/libexec/petitboot/pb-console --getty --detach -- -n -i 0 $name linux"
-SUBSYSTEM=="tty", KERNEL=="tty0", RUN+="/usr/libexec/petitboot/pb-console --getty --detach -- -n -i 0 $name linux"
-SUBSYSTEM=="tty", KERNEL=="ttyS*", RUN+="/usr/libexec/petitboot/pb-console --getty --detach -- -n -i 0 $name linux"
+SUBSYSTEM=="tty", KERNEL=="hvc*", RUN+="/usr/libexec/petitboot/pb-console --getty=/sbin/agetty --detach -- -a petituser -n -i $name linux"
+SUBSYSTEM=="tty", KERNEL=="tty0", RUN+="/usr/libexec/petitboot/pb-console --getty=/sbin/agetty --detach -- -a petituser -n -i $name linux"
+SUBSYSTEM=="tty", KERNEL=="ttyS*", RUN+="/usr/libexec/petitboot/pb-console --getty=/sbin/agetty --detach -- -a petituser -n -i $name linux"
diff --git a/openpower/package/petitboot/petitboot.mk b/openpower/package/petitboot/petitboot.mk
index 7e5de913..ac0a2985 100644
--- a/openpower/package/petitboot/petitboot.mk
+++ b/openpower/package/petitboot/petitboot.mk
@@ -13,6 +13,7 @@ PETITBOOT_LICENSE_FILES = COPYING
 
 PETITBOOT_CONF_OPTS += --with-ncurses --without-twin-x11 --without-twin-fbdev \
 	      --localstatedir=/var \
+	      --enable-crypt \
 	      HOST_PROG_KEXEC=/usr/sbin/kexec \
 	      HOST_PROG_SHUTDOWN=/usr/libexec/petitboot/bb-kexec-reboot \
 	      $(if $(BR2_PACKAGE_BUSYBOX),--with-tftp=busybox --enable-busybox)
@@ -61,7 +62,11 @@ define PETITBOOT_POST_INSTALL
 	ln -sf /usr/sbin/pb-udhcpc \
 		$(TARGET_DIR)/usr/share/udhcpc/default.script.d/
 
-	mkdir -p $(TARGET_DIR)/var/log/petitboot
+	mkdir -p $(TARGET_DIR)/home/petituser
+	$(INSTALL) -D -m 0755 $(BR2_EXTERNAL_OP_BUILD_PATH)/package/petitboot/shell_profile \
+		$(TARGET_DIR)/home/petituser/.profile
+	$(INSTALL) -D -m 0755 $(BR2_EXTERNAL_OP_BUILD_PATH)/package/petitboot/shell_config \
+		$(TARGET_DIR)/home/petituser/.shrc
 
 	$(MAKE) -C $(@D)/po DESTDIR=$(TARGET_DIR) install
 endef
diff --git a/openpower/package/petitboot/shell_config b/openpower/package/petitboot/shell_config
new file mode 100644
index 00000000..ef2c55af
--- /dev/null
+++ b/openpower/package/petitboot/shell_config
@@ -0,0 +1,15 @@
+#!bin/sh
+
+reset
+
+echo "Exiting petitboot. Type 'exit' to return."
+echo "You may run 'pb-sos' to gather diagnostic data"
+
+if [[ "$(id -u)" != "0" ]]; then
+	echo "" | sudo -S /bin/true 2&>1 >> /dev/null
+	if [[ $? = 0 ]]; then
+		echo "No password set, elevating shell"
+		sudo -i
+		exit
+	fi
+fi
diff --git a/openpower/package/petitboot/shell_profile b/openpower/package/petitboot/shell_profile
new file mode 100755
index 00000000..40062b42
--- /dev/null
+++ b/openpower/package/petitboot/shell_profile
@@ -0,0 +1,2 @@
+export ENV="/home/petituser/.shrc"
+/usr/libexec/petitboot/pb-console
-- 
cgit v1.2.1