From c3a5359a85835f870025c89565b45d38295a8a1d Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 30 Oct 2023 11:43:44 -0400 Subject: [PATCH] Squash: remove DEBUG that were TODO for removal Signed-off-by: Thierry Laurion --- initrd/bin/oem-factory-reset | 21 +++------------------ initrd/bin/tpmr | 3 --- initrd/etc/functions | 2 -- 3 files changed, 3 insertions(+), 23 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 176d52a4..251c6a4f 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -211,8 +211,6 @@ generate_inmemory_p256_master_and_subkeys() { whiptail_error_die "Failed to add ECC nistp256 signing key to master key\n\n${ERROR_MSG}" fi - DEBUG "TODO REMOVE THIS: output of signing subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)" - echo "Generating GPG nistp256 encryption subkey..." { echo addkey @@ -228,8 +226,6 @@ generate_inmemory_p256_master_and_subkeys() { whiptail_error_die "Failed to add ECC nistp256 encryption key to master key\n\n${ERROR_MSG}" fi - DEBUG "TODO REMOVE THIS: output of encryption subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)" - echo "Generating GPG nistp256 authentication subkey..." { echo addkey # add key in --edit-key mode @@ -247,8 +243,7 @@ generate_inmemory_p256_master_and_subkeys() { whiptail_error_die "Failed to add ECC nistp256 authentication key to master key\n\n${ERROR_MSG}" fi - DEBUG "TODO REMOVE THIS: output of authentication subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)" -} + } #Function to move current gpg keyring subkeys to card (keytocard) # This is aimed to be used after having generated master key and subkeys in memory and having backuped them to a LUKS container @@ -266,8 +261,6 @@ keytocard_subkeys_to_smartcard() { gpg_key_factory_reset - DEBUG "TODO REMOVE THIS: ADMIN_PIN_DEF=${ADMIN_PIN_DEF} ADMIN_PIN=${ADMIN_PIN}" - echo "Moving subkeys to smartcard..." { echo "key 1" #Toggle on Signature key in --edit-key mode on local keyring @@ -296,9 +289,6 @@ keytocard_subkeys_to_smartcard() { ERROR=$(cat /tmp/gpg_card_edit_output) whiptail_error_die "GPG Key moving subkeys to smartcard failed!\n\n$ERROR" fi - #TODO: Clarify in code that since reset gpg is done, passwd is default and then cange_pass is done - - DEBUG "TODO REMOVE THIS. Ouput of /tmp/gpg_card_edit_output: $(cat /tmp/gpg_card_edit_output)" TRACE "oem-factory-reset:keytocard_subkeys_to_smartcard done" } @@ -1101,16 +1091,13 @@ if [ "$GPG_GEN_KEY_IN_MEMORY" == "1" ]; then if [ "$GPG_ALGO" == "RSA" ]; then # Generate GPG master key generate_inmemory_RSA_master_and_subkeys - #TODO seperate wiping and thumb drive functions with proper validation wipe_thumb_drive_and_copy_gpg_key_material - #TODO seperate setting config + #TODO seperate setting config. Recovery shell under qemu without reboot doesn't prompt for PIN set_user_config "CONFIG_HAVE_GPG_KEY_BACKUP" "y" keytocard_subkeys_to_smartcard elif [ "$GPG_ALGO" == "p256" ]; then generate_inmemory_p256_master_and_subkeys - #TODO seperate wiping and thumb drive functions with proper validation wipe_thumb_drive_and_copy_gpg_key_material - #TODO seperate setting config keytocard_subkeys_to_smartcard else die "Unsupported GPG_ALGO: $GPG_ALGO" @@ -1172,13 +1159,11 @@ fi # Do not attempt to flash the key to ROM if we are running in QEMU based on CONFIG_BOARD_NAME matching glob pattern containing qemu-* # We check for qemu-* instead of ^qemu- because CONFIG_BOARD_NAME could be renamed to UNTESTED-qemu-* in a probable future if [[ "$CONFIG_BOARD_NAME" == qemu-* ]]; then - warn "Skipping flash of GPG key to ROM because we are running in QEMU" - warn "Please review documentation md file under board directory on your building machine, and review board config options in .config file to enable configuration options you want to test in QEMU until internal flashing support is integrated." + warn "Skipping flash of GPG key to ROM because we are running in QEMU without internal flashing support." else #We are not running in QEMU, so flash the key to ROM ## flash generated key to ROM - # TODO: would be nice if we warned users that qemu boards will fail here and tell them what to do echo -e "\nReading current firmware...\n(this will take a minute or two)\n" /bin/flash.sh -r /tmp/oem-setup.rom >/dev/null 2>/tmp/error if [ ! -s /tmp/oem-setup.rom ]; then diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr index e64ec2bf..a93d597c 100755 --- a/initrd/bin/tpmr +++ b/initrd/bin/tpmr @@ -393,7 +393,6 @@ tpm2_seal() { tpm_password="$7" # Owner password - will prompt if needed and not empty # TPM Owner Password is always needed for TPM2. - DEBUG "TODO REMOVE THIS. tpm2_seal: pass=$pass tpm_password=$tpm_password" mkdir -p "$SECRET_DIR" bname="`basename $file`" @@ -555,8 +554,6 @@ tpm2_unseal() { UNSEAL_PASS_SUFFIX="+$(tpm2_password_hex "$pass")" fi - DEBUG "TODO REMOVE THIS. tpm2_unseal: pass=$pass UNSEAL_PASS_SUFFIX=$UNSEAL_PASS_SUFFIX" - tpm2 unseal -Q -c "$handle" -p "session:$POLICY_SESSION$UNSEAL_PASS_SUFFIX" \ -S "/tmp/$ENC_SESSION_FILE" > "$file" } diff --git a/initrd/etc/functions b/initrd/etc/functions index 5bea478d..6e3bd70e 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -197,12 +197,10 @@ prompt_tpm_owner_password() { #Caller might already have cached the password in tpm_password. If not, prompt for it and cache it externally if [ -n "$tpm_owner_password" ]; then DEBUG "tpm_owner_password variable already set by caller. Reusing" - DEBUG "TODO REMOVE THIS! tpm_owner_password is $tpm_owner_password here." return 0 elif [ -s /tmp/secret/tpm_owner_password ]; then DEBUG "/tmp/secret/tpm_owner_password already cached in file. Reusing" tpm_owner_password=$(cat /tmp/secret/tpm_owner_password) - DEBUG "TODO REMOVE THIS! tpm_owner_password is $tpm_owner_password here." return 0 fi