ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 21:17:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Squash: revert testing changes for RSA and unify once more USB Security dongle's usage

Browse Source 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2023-10-30 13:19:27 -04:00
parent 867fb8d023
commit 38fc097976
No known key found for this signature in database
GPG Key ID: E7B4A71658E36A93
1 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
initrd/bin/oem-factory-reset
View File

@ -38,8 +38,7 @@ CUSTOM_PASS_AFFECTED_COMPONENTS=""
# Default GPG Algorithm is RSA # Default GPG Algorithm is RSA
GPG_ALGO="RSA" GPG_ALGO="RSA"
# Default RSA key length # Default RSA key length
RSA_KEY_LENGTH=2048 RSA_KEY_LENGTH=3076
#TODO: put back to 3076
GPG_USER_NAME="OEM Key" GPG_USER_NAME="OEM Key"
GPG_KEY_NAME=$(date +%Y%m%d%H%M%S) GPG_KEY_NAME=$(date +%Y%m%d%H%M%S)
@ -437,7 +436,7 @@ gpg_key_factory_reset() {
enable_usb enable_usb
# Factory reset GPG card # Factory reset GPG card
echo "GPG factory reset of USB Security Dongle's smartcard..." echo "GPG factory reset of USB Security Dongle' smartcard..."
{ {
echo admin # admin menu echo admin # admin menu
echo factory-reset # factory reset smartcard echo factory-reset # factory reset smartcard
@ -521,7 +520,7 @@ generate_OEM_gpg_keys() {
TRACE "Under oem-factory-reset:generate_OEM_gpg_keys" TRACE "Under oem-factory-reset:generate_OEM_gpg_keys"
#This function simply generates subkeys in smartcard following smarcard config from gpg_key_factory_reset #This function simply generates subkeys in smartcard following smarcard config from gpg_key_factory_reset
echo "Generating GPG keys in USB Security Dongle's smartcard..." echo "Generating GPG keys in USB Security Dongle' smartcard..."
{ {
echo admin # admin menu echo admin # admin menu
echo generate # generate keys echo generate # generate keys
@ -779,11 +778,10 @@ usb_security_token_capabilities_check() {
DEBUG "Setting GPG_ALGO to (board-)configured: $CONFIG_GPG_ALGO" DEBUG "Setting GPG_ALGO to (board-)configured: $CONFIG_GPG_ALGO"
fi fi
# ... overwrite with usb-token capability # ... overwrite with usb-token capability
#if lsusb | grep -q "20a0:42b2"; then if lsusb | grep -q "20a0:42b2"; then
# GPG_ALGO="p256" GPG_ALGO="p256"
# DEBUG "Nitrokey 3 detected: Setting GPG_ALGO to: $GPG_ALGO" DEBUG "Nitrokey 3 detected: Setting GPG_ALGO to: $GPG_ALGO"
#TODO put back detection prior of PR review, as well as RSA=3076 fi
#fi
} }
## main script start ## main script start
@ -883,8 +881,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then
CUSTOM_PASS_AFFECTED_COMPONENTS+="TPM Owner Password\n" CUSTOM_PASS_AFFECTED_COMPONENTS+="TPM Owner Password\n"
fi fi
if [ "$GPG_GEN_KEY_IN_MEMORY" = "1" ]; then if [ "$GPG_GEN_KEY_IN_MEMORY" = "1" ]; then
CUSTOM_PASS_AFFECTED_COMPONENTS+="GPG Key Material backup Thumb drive encrypted partition\n" CUSTOM_PASS_AFFECTED_COMPONENTS+="GPG Key material backup passphrase\n"
CUSTOM_PASS_AFFECTED_COMPONENTS+="GPG Key material backup subkeys\n"
fi fi
CUSTOM_PASS_AFFECTED_COMPONENTS+="GPG Admin PIN\n" CUSTOM_PASS_AFFECTED_COMPONENTS+="GPG Admin PIN\n"
CUSTOM_PASS_AFFECTED_COMPONENTS+="GPG User PIN\n" CUSTOM_PASS_AFFECTED_COMPONENTS+="GPG User PIN\n"
@ -1108,7 +1105,7 @@ if [ "$GPG_GEN_KEY_IN_MEMORY" == "1" ]; then
fi fi
else else
#Generate GPG key and subkeys on smartcard only #Generate GPG key and subkeys on smartcard only
echo -e "\nResetting GPG Key...\n(this will take around 3 minutes...)\n" echo -e "\nResetting USB Security Dongle's GPG smartcard...\n(this will take around 3 minutes...)\n"
gpg_key_factory_reset gpg_key_factory_reset
generate_OEM_gpg_keys generate_OEM_gpg_keys
fi fi