Merge remote-tracking branch 'upstream/master' into hotp-neutral

2025-02-07 03:29:09 +00:00 · 2020-06-24 18:22:13 +02:00 · 2020-06-24 18:22:13 +02:00 · c2a2134eb2
commit c2a2134eb2
parent 73c9d6efc8 05c854753c
6 changed files with 49 additions and 5 deletions
--- a/boards/librem13v2/librem13v2.config
+++ b/boards/librem13v2/librem13v2.config
@ -25,6 +25,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
--- a/boards/librem13v4/librem13v4.config
+++ b/boards/librem13v4/librem13v4.config
@ -25,6 +25,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
--- a/boards/librem15v3/librem15v3.config
+++ b/boards/librem15v3/librem15v3.config
@ -27,6 +27,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
--- a/boards/librem15v4/librem15v4.config
+++ b/boards/librem15v4/librem15v4.config
@ -27,6 +27,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
--- a/initrd/bin/kexec-save-default
+++ b/initrd/bin/kexec-save-default
@ -45,7 +45,7 @@ fi
 KEY_DEVICES="$paramsdir/kexec_key_devices.txt"
 KEY_LVM="$paramsdir/kexec_key_lvm.txt"
 save_key="n"
-if [ "$CONFIG_TPM" = "y" ]; then
+if [[ "$CONFIG_TPM" = "y" && "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ]]; then
 	if [ ! -r "$KEY_DEVICES" ]; then
 		read \
 			-n 1 \
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -20,6 +20,10 @@ ADMIN_PIN_DEF=12345678
 TPM_PASS_DEF=12345678
 CUSTOM_PASS=""
 GPG_USER_NAME="OEM Key"
 GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
 GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
 GPG_USER_COMMENT="OEM-generated key"
 ## External files sourced
 . /etc/functions
@ -54,7 +58,6 @@ whiptail_error_die()
 gpg_key_reset()
 {
    GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
    # Factory reset GPG card
    {
        echo admin
@ -76,9 +79,9 @@ gpg_key_reset()
        echo ${USER_PIN_DEF}
        echo 0
        echo y
-        echo "OEM Key"
+        echo ${GPG_USER_NAME} 
-        echo "oem-${GPG_KEY_NAME}@example.com"
+        echo ${GPG_USER_MAIL}
-        echo "OEM-generated key"
+        echo ${GPG_USER_COMMENT}
    } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
        > /tmp/gpg_card_edit_output 2>/dev/null 
    if [ $? -ne 0 ]; then
@ -86,6 +89,7 @@ gpg_key_reset()
        whiptail_error_die "GPG Key automatic keygen failed!\n\n$ERROR"
    fi
 }
 gpg_key_change_pin()
 {
    # 1 = user PIN, 3 = admin PIN
@ -261,6 +265,42 @@ It must be at least 8 characters in length.\n"
  TPM_PASS_DEF=$CUSTOM_PASS
 fi
 # Prompt to change default GnuPG key information
 echo -e -n "Would you like to set custom user information for the GnuPG key? [y/N]: "
 read -n 1 prompt_output
 echo
 if [ "$prompt_output" == "y" \
  -o "$prompt_output" == "Y" ] \
 ; then
 	echo -e "\n\n"
 	echo -e "We will generate a GnuPG (PGP) keypair identifiable with the following text form:"
 	echo -e "Real Name (Comment) email@address.org"
 	echo -e "\nEnter your Real Name (At least 5 characters long):"
 	read -r GPG_USER_NAME
 	while [[ ${#GPG_USER_NAME} -lt 5 ]]; do
 	{
 		echo -e "\nEnter your Real Name (At least 5 characters long):"
 		read -r GPG_USER_NAME
 	};done
 	echo -e "\nEnter your email@adress.org:"
 	read -r GPG_USER_MAIL
 	while ! $(expr "$GPG_USER_MAIL" : '.*@' >/dev/null); do
 	{
 		echo -e "\nEnter your email@address.org:"
 		read -r GPG_USER_MAIL
 	};done
 	echo -e "\nEnter Comment (Optional, to distinguish this key from others with same previous attributes. Must be smaller then 60 characters):"
 	read -r GPG_USER_MAIL
 	while [[ ${#gpgcard_comment} -gt 60 ]]; do
 	{
 		echo -e "\nEnter Comment (Optional, to distinguish this key from others with same previous attributes. Must be smaller then 60 characters):"
 		read -r GPG_USER_MAIL
 	};done
 fi
 ## sanity check the USB, GPG key, and boot device before proceeding further
 # mount USB, then remount rw