ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-13 06:05:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

seal-hotpkey: change warning when default GPG Admin PIN/Secrets app PIN is detected

Browse Source 
Additional 0.5h for applying changes linked to code review under https://github.com/linuxboot/heads/pull/1875
Linked to Nitrokey unacknowledged RfP https://github.com/linuxboot/heads/issues/1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-12-21 13:51:44 -05:00
parent 696ecf54cd
commit 94dd788249
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
initrd/bin/seal-hotpkey
View File

@ -167,10 +167,7 @@ if [ "$admin_pin_status" -ne 0 ]; then
fi fi
else else
# remind user to change admin password # remind user to change admin password
warn "Weak OEM default PINs are under use to enforce remote attestation/encryption/signature operations" warn "Default $prompt_message PIN detected. Please change this as soon as possible with Options > OEM Factory Reset / Re-Ownership"
warn "$CONFIG_BRAND_NAME security is compromised until the ownership of this device is re-established by changing secrets by non-default values"
warn "You must change current default secrets through 'Options -> OEM Factory Reset/Re-Ownership' menu and not accept the default options"
warn "You will be asked to answer a questionnaire to re-own your device and USB security dongles with new secrets"
fi fi
# HOTP key no longer needed # HOTP key no longer needed