ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-20 17:22:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

oem-factory-reset: kill scdaemon after aes regenerate on nk storage

Browse Source 
The call to `hotp_verification regenerate` seems to leave the
communication in a bad state, thus the following `gpg` calls fail. With
this workaround `scdaemon` will resart with the next `gpg` call.

Signed-off-by: Markus Meissner <coder@safemailbox.de>
This commit is contained in:
Markus Meissner 2023-11-08 12:10:47 +01:00
parent 1f39d16c25
commit 397a46203b
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
initrd/bin/oem-factory-reset
View File

@ -497,6 +497,7 @@ gpg_key_factory_reset() {
# If Nitrokey Storage is inserted, reset AES keys as well
if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ]; then
/bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
killall -9 scdaemon
fi
# Toggle forced sig (good security practice, forcing PIN request for each signature request)
if gpg --card-status | grep "Signature PIN" | grep -q "not forced"; then