Make export to USB drive an option

2025-02-20 17:22:53 +00:00 · 2020-07-07 10:32:22 +02:00 · 2020-07-07 10:32:22 +02:00 · 43971dc029
commit 43971dc029
parent 19cd15cf96
1 changed files with 46 additions and 11 deletions
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -24,6 +24,7 @@ GPG_USER_NAME="OEM Key"
 GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
 GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
 GPG_USER_COMMENT="OEM-generated key"
+
 ## External files sourced

 . /etc/functions
@ -311,16 +312,41 @@ if [ "$prompt_output" == "y" \
 	};done
 fi

-## sanity check the GPG key, and boot device before proceeding further
+## sanity check the USB, GPG key, and boot device before proceeding further

-# ensure GPG key connected
-echo -e "\nChecking for GPG Key...\n"
-enable_usb
+# Prompt to insert USB drive if desired
+echo -e -n "Would you like to export your public key to an USB drive? [y/N]: "
+read -n 1 prompt_output
+echo
+if [ "$prompt_output" == "y" \
+  -o "$prompt_output" == "Y" ] \
+; then
+    GPG_EXPORT=1
+    # mount USB, then remount rw
+    echo -e "\nPlease insert an USB drive and hit enter.\n"
+    read
+    echo -e "\nChecking for USB media...\n"
+    # ensure /media not mounted
+    umount /media 2>/dev/null
+    # mount-usb will detect and prompt if no USB inserted
+    if ! mount-usb rw 2>/tmp/error; then
+        ERROR=$(tail -n 1 /tmp/error)
+        whiptail_error_die "Unable to mount USB on /media:\n\n${ERROR}"
+    fi
+else
+    GPG_EXPORT=0
+    # needed for USB Security dongle below and is ensured via mount-usb in case of GPG_EXPORT=1
+    enable_usb
+fi
+
+# ensure USB Security Dongle connected
+echo -e "\nChecking for USB Security Dongle...\n"
+# USB kernel modules already loaded via mount-usb
 if ! gpg --card-status >/dev/null 2>&1 ; then
-    whiptail_error "Can't access GPG Key; remove and reinsert, then press Enter to retry."
+    whiptail_error "Can't access USB Security Dongle; \nPlease remove and reinsert, then press Enter."
    if ! gpg --card-status >/dev/null 2>/tmp/error ; then
        ERROR=$(tail -n 1 /tmp/error)
-        whiptail_error_die "Unable to detect GPG Key:\n\n${ERROR}"
+        whiptail_error_die "Unable to detect USB Security Dongle:\n\n${ERROR}"
    fi
 fi

@ -371,11 +397,20 @@ if [ "$CUSTOM_PASS" != "" ]; then
  ADMIN_PIN_DEF=$CUSTOM_PASS
 fi

-# export pubkey to file
-echo -e "\nExporting generated key...\n"
-if ! gpg --export --armor $GPG_GEN_KEY > "${PUBKEY}" 2>/tmp/error ; then
-    ERROR=$(tail -n 1 /tmp/error)
-    whiptail_error_die "GPG Key gpg export to file failed!\n\n$ERROR"
+## export generated key to USB
+if [ $GPG_EXPORT -ne 0 ]; then
+    echo -e "\nExporting generated key to USB...\n"
+    # export pubkey to file
+    if ! gpg --export --armor $GPG_GEN_KEY > "${PUBKEY}" 2>/tmp/error ; then
+        ERROR=$(tail -n 1 /tmp/error)
+        whiptail_error_die "GPG Key gpg export to file failed!\n\n$ERROR"
+    fi
+    # copy to USB
+    if ! cp "${PUBKEY}" "/media/${GPG_GEN_KEY}.asc" 2>/tmp/error ; then
+        ERROR=$(tail -n 1 /tmp/error)
+        whiptail_error_die "Key export error: unable to copy ${GPG_GEN_KEY}.asc to /media:\n\n$ERROR"
+    fi
+    umount /media 2>/dev/null
 fi

 ## flash generated key to ROM