ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-21 09:31:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'osresearch:master' into p8z77-m_pro

Browse Source
This commit is contained in:
ThePlexus 2023-03-31 16:33:11 +01:00 committed by GitHub
commit 5496138f2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
initrd/bin/oem-factory-reset
View File

@ -1,10 +1,14 @@
#!/bin/bash
# Automated setup of TPM, GPG keys, and disk
TRACE "Under /bin/oem-factory-reset"
set -o pipefail
## External files sourced
. /etc/functions
. /etc/luks-functions
. /tmp/config
TRACE "Under /bin/oem-factory-reset"
# use TERM to exit on error
trap "exit 1" TERM
@ -39,12 +43,6 @@ GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
GPG_USER_COMMENT="OEM-generated key"
SKIP_BOOT="n"
## External files sourced
. /etc/functions
. /etc/luks-functions
. /tmp/config
## functions
die() {
@ -81,7 +79,7 @@ gpg_key_reset()
echo y
echo yes
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null
> /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "GPG Key factory reset failed!\n\n$ERROR"
@ -97,7 +95,7 @@ gpg_key_reset()
echo forcesig
echo ${ADMIN_PIN_DEF}
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null
> /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "GPG Key forcesig toggle on failed!\n\n$ERROR"
@ -117,7 +115,7 @@ gpg_key_reset()
echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH
echo ${ADMIN_PIN_DEF}
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null
> /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "Setting key attributed to RSA ${RSA_KEY_LENGTH} bits in USB security dongle failed."
@ -135,7 +133,7 @@ gpg_key_reset()
echo ${GPG_USER_MAIL}
echo ${GPG_USER_COMMENT}
} | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null
> /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "GPG Key automatic keygen failed!\n\n$ERROR"
@ -159,7 +157,7 @@ gpg_key_change_pin()
echo q
echo q
} | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null
> /tmp/gpg_card_edit_output 2>&1
if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output | fold -s`
whiptail_error_die "GPG Key PIN change failed!\n\n$ERROR"
@ -187,7 +185,7 @@ generate_checksums()
if [ "$CONFIG_TPM" = "y" ];then
if [ "$CONFIG_IGNORE_ROLLBACK" != "y" ]; then
tpmr counter_create \
-pwdo "$TPM_PASS_DEF" \
-pwdo "$TPM_PASS" \
-pwdc '' \
-la -3135106223 \
| tee /tmp/counter \

5
modules/linux
View File

@ -215,10 +215,12 @@ linux.modifydefconfig:
$(MAKE) \
-C "$(build)/$(linux_base_dir)" \
O="$(build)/$(linux_dir)" \
ARCH="$(LINUX_ARCH)" \
menuconfig && \
$(MAKE) \
-C "$(build)/$(linux_base_dir)" \
O="$(build)/$(linux_dir)" \
ARCH="$(LINUX_ARCH)" \
savedefconfig && \
mv "$(build)/$(linux_dir)/defconfig" "$(pwd)/$(linux_kconfig)"
@ -231,6 +233,7 @@ linux.generateoldconfig:
&& cp "$(pwd)/$(linux_kconfig)" "$(build)/$(linux_dir)/.config" \
&& $(MAKE) -C "$(build)/$(linux_base_dir)" \
O="$(build)/$(linux_dir)" \
ARCH="$(LINUX_ARCH)" \
olddefconfig \
&& echo "" \
&& echo "You can now edit $(build)/$(linux_dir)/.config" \
@ -247,6 +250,7 @@ linux.menuconfig:
$(MAKE) \
-C "$(build)/$(linux_base_dir)" \
O="$(build)/$(linux_dir)" \
ARCH="$(LINUX_ARCH)" \
menuconfig \
# The config file in the repo is stored as a "defconfig" format
@ -255,5 +259,6 @@ linux.saveconfig:
$(MAKE) \
-C "$(build)/$(linux_base_dir)" \
O="$(build)/$(linux_dir)" \
ARCH="$(LINUX_ARCH)" \
savedefconfig
mv "$(build)/$(linux_dir)/defconfig" "$(pwd)/$(linux_kconfig)"