From 94dd788249c65b5b4667e4cddecaa4f53e46e9ca Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sat, 21 Dec 2024 13:51:44 -0500 Subject: [PATCH] seal-hotpkey: change warning when default GPG Admin PIN/Secrets app PIN is detected Additional 0.5h for applying changes linked to code review under https://github.com/linuxboot/heads/pull/1875 Linked to Nitrokey unacknowledged RfP https://github.com/linuxboot/heads/issues/1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.) Signed-off-by: Thierry Laurion --- initrd/bin/seal-hotpkey | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/initrd/bin/seal-hotpkey b/initrd/bin/seal-hotpkey index 3eb71e54..6ef5319d 100755 --- a/initrd/bin/seal-hotpkey +++ b/initrd/bin/seal-hotpkey @@ -167,10 +167,7 @@ if [ "$admin_pin_status" -ne 0 ]; then fi else # remind user to change admin password - warn "Weak OEM default PINs are under use to enforce remote attestation/encryption/signature operations" - warn "$CONFIG_BRAND_NAME security is compromised until the ownership of this device is re-established by changing secrets by non-default values" - warn "You must change current default secrets through 'Options -> OEM Factory Reset/Re-Ownership' menu and not accept the default options" - warn "You will be asked to answer a questionnaire to re-own your device and USB security dongles with new secrets" + warn "Default $prompt_message PIN detected. Please change this as soon as possible with Options > OEM Factory Reset / Re-Ownership" fi # HOTP key no longer needed