Squash: remove DEBUG that were TODO for removal

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2023-10-30 11:43:44 -04:00
parent 8a8634f6a3
commit c3a5359a85
No known key found for this signature in database
GPG Key ID: E7B4A71658E36A93
3 changed files with 3 additions and 23 deletions

View File

@ -211,8 +211,6 @@ generate_inmemory_p256_master_and_subkeys() {
whiptail_error_die "Failed to add ECC nistp256 signing key to master key\n\n${ERROR_MSG}" whiptail_error_die "Failed to add ECC nistp256 signing key to master key\n\n${ERROR_MSG}"
fi fi
DEBUG "TODO REMOVE THIS: output of signing subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)"
echo "Generating GPG nistp256 encryption subkey..." echo "Generating GPG nistp256 encryption subkey..."
{ {
echo addkey echo addkey
@ -228,8 +226,6 @@ generate_inmemory_p256_master_and_subkeys() {
whiptail_error_die "Failed to add ECC nistp256 encryption key to master key\n\n${ERROR_MSG}" whiptail_error_die "Failed to add ECC nistp256 encryption key to master key\n\n${ERROR_MSG}"
fi fi
DEBUG "TODO REMOVE THIS: output of encryption subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)"
echo "Generating GPG nistp256 authentication subkey..." echo "Generating GPG nistp256 authentication subkey..."
{ {
echo addkey # add key in --edit-key mode echo addkey # add key in --edit-key mode
@ -247,7 +243,6 @@ generate_inmemory_p256_master_and_subkeys() {
whiptail_error_die "Failed to add ECC nistp256 authentication key to master key\n\n${ERROR_MSG}" whiptail_error_die "Failed to add ECC nistp256 authentication key to master key\n\n${ERROR_MSG}"
fi fi
DEBUG "TODO REMOVE THIS: output of authentication subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)"
} }
#Function to move current gpg keyring subkeys to card (keytocard) #Function to move current gpg keyring subkeys to card (keytocard)
@ -266,8 +261,6 @@ keytocard_subkeys_to_smartcard() {
gpg_key_factory_reset gpg_key_factory_reset
DEBUG "TODO REMOVE THIS: ADMIN_PIN_DEF=${ADMIN_PIN_DEF} ADMIN_PIN=${ADMIN_PIN}"
echo "Moving subkeys to smartcard..." echo "Moving subkeys to smartcard..."
{ {
echo "key 1" #Toggle on Signature key in --edit-key mode on local keyring echo "key 1" #Toggle on Signature key in --edit-key mode on local keyring
@ -296,9 +289,6 @@ keytocard_subkeys_to_smartcard() {
ERROR=$(cat /tmp/gpg_card_edit_output) ERROR=$(cat /tmp/gpg_card_edit_output)
whiptail_error_die "GPG Key moving subkeys to smartcard failed!\n\n$ERROR" whiptail_error_die "GPG Key moving subkeys to smartcard failed!\n\n$ERROR"
fi fi
#TODO: Clarify in code that since reset gpg is done, passwd is default and then cange_pass is done
DEBUG "TODO REMOVE THIS. Ouput of /tmp/gpg_card_edit_output: $(cat /tmp/gpg_card_edit_output)"
TRACE "oem-factory-reset:keytocard_subkeys_to_smartcard done" TRACE "oem-factory-reset:keytocard_subkeys_to_smartcard done"
} }
@ -1101,16 +1091,13 @@ if [ "$GPG_GEN_KEY_IN_MEMORY" == "1" ]; then
if [ "$GPG_ALGO" == "RSA" ]; then if [ "$GPG_ALGO" == "RSA" ]; then
# Generate GPG master key # Generate GPG master key
generate_inmemory_RSA_master_and_subkeys generate_inmemory_RSA_master_and_subkeys
#TODO seperate wiping and thumb drive functions with proper validation
wipe_thumb_drive_and_copy_gpg_key_material wipe_thumb_drive_and_copy_gpg_key_material
#TODO seperate setting config #TODO seperate setting config. Recovery shell under qemu without reboot doesn't prompt for PIN
set_user_config "CONFIG_HAVE_GPG_KEY_BACKUP" "y" set_user_config "CONFIG_HAVE_GPG_KEY_BACKUP" "y"
keytocard_subkeys_to_smartcard keytocard_subkeys_to_smartcard
elif [ "$GPG_ALGO" == "p256" ]; then elif [ "$GPG_ALGO" == "p256" ]; then
generate_inmemory_p256_master_and_subkeys generate_inmemory_p256_master_and_subkeys
#TODO seperate wiping and thumb drive functions with proper validation
wipe_thumb_drive_and_copy_gpg_key_material wipe_thumb_drive_and_copy_gpg_key_material
#TODO seperate setting config
keytocard_subkeys_to_smartcard keytocard_subkeys_to_smartcard
else else
die "Unsupported GPG_ALGO: $GPG_ALGO" die "Unsupported GPG_ALGO: $GPG_ALGO"
@ -1172,13 +1159,11 @@ fi
# Do not attempt to flash the key to ROM if we are running in QEMU based on CONFIG_BOARD_NAME matching glob pattern containing qemu-* # Do not attempt to flash the key to ROM if we are running in QEMU based on CONFIG_BOARD_NAME matching glob pattern containing qemu-*
# We check for qemu-* instead of ^qemu- because CONFIG_BOARD_NAME could be renamed to UNTESTED-qemu-* in a probable future # We check for qemu-* instead of ^qemu- because CONFIG_BOARD_NAME could be renamed to UNTESTED-qemu-* in a probable future
if [[ "$CONFIG_BOARD_NAME" == qemu-* ]]; then if [[ "$CONFIG_BOARD_NAME" == qemu-* ]]; then
warn "Skipping flash of GPG key to ROM because we are running in QEMU" warn "Skipping flash of GPG key to ROM because we are running in QEMU without internal flashing support."
warn "Please review documentation md file under board directory on your building machine, and review board config options in .config file to enable configuration options you want to test in QEMU until internal flashing support is integrated."
else else
#We are not running in QEMU, so flash the key to ROM #We are not running in QEMU, so flash the key to ROM
## flash generated key to ROM ## flash generated key to ROM
# TODO: would be nice if we warned users that qemu boards will fail here and tell them what to do
echo -e "\nReading current firmware...\n(this will take a minute or two)\n" echo -e "\nReading current firmware...\n(this will take a minute or two)\n"
/bin/flash.sh -r /tmp/oem-setup.rom >/dev/null 2>/tmp/error /bin/flash.sh -r /tmp/oem-setup.rom >/dev/null 2>/tmp/error
if [ ! -s /tmp/oem-setup.rom ]; then if [ ! -s /tmp/oem-setup.rom ]; then

View File

@ -393,7 +393,6 @@ tpm2_seal() {
tpm_password="$7" # Owner password - will prompt if needed and not empty tpm_password="$7" # Owner password - will prompt if needed and not empty
# TPM Owner Password is always needed for TPM2. # TPM Owner Password is always needed for TPM2.
DEBUG "TODO REMOVE THIS. tpm2_seal: pass=$pass tpm_password=$tpm_password"
mkdir -p "$SECRET_DIR" mkdir -p "$SECRET_DIR"
bname="`basename $file`" bname="`basename $file`"
@ -555,8 +554,6 @@ tpm2_unseal() {
UNSEAL_PASS_SUFFIX="+$(tpm2_password_hex "$pass")" UNSEAL_PASS_SUFFIX="+$(tpm2_password_hex "$pass")"
fi fi
DEBUG "TODO REMOVE THIS. tpm2_unseal: pass=$pass UNSEAL_PASS_SUFFIX=$UNSEAL_PASS_SUFFIX"
tpm2 unseal -Q -c "$handle" -p "session:$POLICY_SESSION$UNSEAL_PASS_SUFFIX" \ tpm2 unseal -Q -c "$handle" -p "session:$POLICY_SESSION$UNSEAL_PASS_SUFFIX" \
-S "/tmp/$ENC_SESSION_FILE" > "$file" -S "/tmp/$ENC_SESSION_FILE" > "$file"
} }

View File

@ -197,12 +197,10 @@ prompt_tpm_owner_password() {
#Caller might already have cached the password in tpm_password. If not, prompt for it and cache it externally #Caller might already have cached the password in tpm_password. If not, prompt for it and cache it externally
if [ -n "$tpm_owner_password" ]; then if [ -n "$tpm_owner_password" ]; then
DEBUG "tpm_owner_password variable already set by caller. Reusing" DEBUG "tpm_owner_password variable already set by caller. Reusing"
DEBUG "TODO REMOVE THIS! tpm_owner_password is $tpm_owner_password here."
return 0 return 0
elif [ -s /tmp/secret/tpm_owner_password ]; then elif [ -s /tmp/secret/tpm_owner_password ]; then
DEBUG "/tmp/secret/tpm_owner_password already cached in file. Reusing" DEBUG "/tmp/secret/tpm_owner_password already cached in file. Reusing"
tpm_owner_password=$(cat /tmp/secret/tpm_owner_password) tpm_owner_password=$(cat /tmp/secret/tpm_owner_password)
DEBUG "TODO REMOVE THIS! tpm_owner_password is $tpm_owner_password here."
return 0 return 0
fi fi