Merge pull request #1291 from tlaurion/warn_user_when_totp-hotp_seal_requires_tpm_reset

gui-init: warn the user when sealing measurements through TOTP/HOTP reset
2025-04-07 19:34:26 +00:00 · 2023-01-19 18:44:10 -05:00 · 2023-01-19 18:44:10 -05:00 · 075284374b
commit 075284374b
parent f2ba6679ca e00280e663
1 changed files with 12 additions and 9 deletions
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@ -149,17 +149,20 @@ prompt_update_checksums()
 generate_totp_htop()
 {
  echo "Scan the QR code to add the new TOTP secret"
-  /bin/seal-totp "$BOARD_NAME"
-  if [ -x /bin/hotp_verification ]; then
-    echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
-    read
-    /bin/seal-hotpkey
+  if /bin/seal-totp "$BOARD_NAME"; then
+    if [ -x /bin/hotp_verification ]; then
+      echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
+      read
+      /bin/seal-hotpkey
+    else
+      echo "Once you have scanned the QR code, hit Enter to continue"
+      read
+    fi
+    # clear screen
+    printf "\033c"
  else
-    echo "Once you have scanned the QR code, hit Enter to continue"
-    read
+    warn "Sealing of measurements inside of TPM failed. You might want to take ownership of TPM by resetting it."
  fi
-  # clear screen
-  printf "\033c"
 }

 update_totp()