ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1305 from echo-84/yubikey-oem-factory-reset

Browse Source
This commit is contained in:
tlaurion 2023-02-21 12:06:35 -05:00 committed by GitHub
commit 5c7148f18d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
initrd/bin/oem-factory-reset
View File

@ -90,6 +90,19 @@ gpg_key_reset()
if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then
/bin/hotp_verification regenerate ${ADMIN_PIN_DEF} /bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
fi fi
# Toggle forced sig (good security practice, forcing PIN request for each signature request)
if gpg --card-status | grep "Signature PIN" | grep -q "not forced"; then
{
echo admin
echo forcesig
echo ${ADMIN_PIN_DEF}
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null
if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "GPG Key forcesig toggle on failed!\n\n$ERROR"
fi
fi
# Set RSA key length # Set RSA key length
{ {
echo admin echo admin