Merge remote-tracking branch 'upstream/master' into hotp-neutral

boards/librem13v2/librem13v2.config

@@ -25,6 +25,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem13v4/librem13v4.config

@@ -25,6 +25,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem15v3/librem15v3.config

@@ -27,6 +27,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem15v4/librem15v4.config

@@ -27,6 +27,7 @@ CONFIG_HOTPKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

initrd/bin/kexec-save-default

@@ -45,7 +45,7 @@ fi
 KEY_DEVICES="$paramsdir/kexec_key_devices.txt"
 KEY_LVM="$paramsdir/kexec_key_lvm.txt"
 save_key="n"
-if [ "$CONFIG_TPM" = "y" ]; then
+if [[ "$CONFIG_TPM" = "y" && "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ]]; then
 	if [ ! -r "$KEY_DEVICES" ]; then
 		read \
 			-n 1 \

initrd/bin/oem-factory-reset

@@ -20,6 +20,10 @@ ADMIN_PIN_DEF=12345678
 TPM_PASS_DEF=12345678
 CUSTOM_PASS=""
 
+GPG_USER_NAME="OEM Key"
+GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
+GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
+GPG_USER_COMMENT="OEM-generated key"
 ## External files sourced
 
 . /etc/functions
@@ -54,7 +58,6 @@ whiptail_error_die()
 
 gpg_key_reset()
 {
-    GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
     # Factory reset GPG card
     {
         echo admin
@@ -76,9 +79,9 @@ gpg_key_reset()
         echo ${USER_PIN_DEF}
         echo 0
         echo y
-        echo "OEM Key"
-        echo "oem-${GPG_KEY_NAME}@example.com"
-        echo "OEM-generated key"
+        echo ${GPG_USER_NAME} 
+        echo ${GPG_USER_MAIL}
+        echo ${GPG_USER_COMMENT}
     } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
         > /tmp/gpg_card_edit_output 2>/dev/null 
     if [ $? -ne 0 ]; then
@@ -86,6 +89,7 @@ gpg_key_reset()
         whiptail_error_die "GPG Key automatic keygen failed!\n\n$ERROR"
     fi
 }
+
 gpg_key_change_pin()
 {
     # 1 = user PIN, 3 = admin PIN
@@ -261,6 +265,42 @@ It must be at least 8 characters in length.\n"
   TPM_PASS_DEF=$CUSTOM_PASS
 fi
 
+# Prompt to change default GnuPG key information
+echo -e -n "Would you like to set custom user information for the GnuPG key? [y/N]: "
+read -n 1 prompt_output
+echo
+if [ "$prompt_output" == "y" \
+  -o "$prompt_output" == "Y" ] \
+; then
+	echo -e "\n\n"
+	echo -e "We will generate a GnuPG (PGP) keypair identifiable with the following text form:"
+	echo -e "Real Name (Comment) email@address.org"
+
+	echo -e "\nEnter your Real Name (At least 5 characters long):"
+	read -r GPG_USER_NAME
+	while [[ ${#GPG_USER_NAME} -lt 5 ]]; do
+	{
+		echo -e "\nEnter your Real Name (At least 5 characters long):"
+		read -r GPG_USER_NAME
+	};done
+
+	echo -e "\nEnter your email@adress.org:"
+	read -r GPG_USER_MAIL
+	while ! $(expr "$GPG_USER_MAIL" : '.*@' >/dev/null); do
+	{
+		echo -e "\nEnter your email@address.org:"
+		read -r GPG_USER_MAIL
+	};done
+
+	echo -e "\nEnter Comment (Optional, to distinguish this key from others with same previous attributes. Must be smaller then 60 characters):"
+	read -r GPG_USER_MAIL
+	while [[ ${#gpgcard_comment} -gt 60 ]]; do
+	{
+		echo -e "\nEnter Comment (Optional, to distinguish this key from others with same previous attributes. Must be smaller then 60 characters):"
+		read -r GPG_USER_MAIL
+	};done
+fi
+
 ## sanity check the USB, GPG key, and boot device before proceeding further
 
 # mount USB, then remount rw