Squash: remove DEBUG that were TODO for removal

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-19 21:17:55 +00:00 · 2023-10-30 11:43:44 -04:00 · 2023-10-30 11:43:44 -04:00 · c3a5359a85
commit c3a5359a85
parent 8a8634f6a3
3 changed files with 3 additions and 23 deletions
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -211,8 +211,6 @@ generate_inmemory_p256_master_and_subkeys() {
        whiptail_error_die "Failed to add ECC nistp256 signing key to master key\n\n${ERROR_MSG}"
    fi

-    DEBUG "TODO REMOVE THIS: output of signing subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)"
-
    echo "Generating GPG nistp256 encryption subkey..."
    {
        echo addkey
@ -228,8 +226,6 @@ generate_inmemory_p256_master_and_subkeys() {
        whiptail_error_die "Failed to add ECC nistp256 encryption key to master key\n\n${ERROR_MSG}"
    fi

-    DEBUG "TODO REMOVE THIS: output of encryption subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)"
-
    echo "Generating GPG nistp256 authentication subkey..."
    {
        echo addkey       # add key in --edit-key mode
@ -247,7 +243,6 @@ generate_inmemory_p256_master_and_subkeys() {
        whiptail_error_die "Failed to add ECC nistp256 authentication key to master key\n\n${ERROR_MSG}"
    fi

-    DEBUG "TODO REMOVE THIS: output of authentication subkey generation /tmp/gpg_card_edit_output $(cat /tmp/gpg_card_edit_output)"
    }

 #Function to move current gpg keyring subkeys to card (keytocard)
@ -266,8 +261,6 @@ keytocard_subkeys_to_smartcard() {

    gpg_key_factory_reset

-    DEBUG "TODO REMOVE THIS: ADMIN_PIN_DEF=${ADMIN_PIN_DEF} ADMIN_PIN=${ADMIN_PIN}"
-
    echo "Moving subkeys to smartcard..."
    {
        echo "key 1"            #Toggle on Signature key in --edit-key mode on local keyring
@ -296,9 +289,6 @@ keytocard_subkeys_to_smartcard() {
        ERROR=$(cat /tmp/gpg_card_edit_output)
        whiptail_error_die "GPG Key moving subkeys to smartcard failed!\n\n$ERROR"
    fi
-    #TODO: Clarify in code that since reset gpg is done, passwd is default and then cange_pass is done
-
-    DEBUG "TODO REMOVE THIS. Ouput of /tmp/gpg_card_edit_output: $(cat /tmp/gpg_card_edit_output)"

    TRACE "oem-factory-reset:keytocard_subkeys_to_smartcard done"
 }
@ -1101,16 +1091,13 @@ if [ "$GPG_GEN_KEY_IN_MEMORY" == "1" ]; then
    if [ "$GPG_ALGO" == "RSA" ]; then
        # Generate GPG master key
        generate_inmemory_RSA_master_and_subkeys
-        #TODO seperate wiping and thumb drive functions with proper validation
        wipe_thumb_drive_and_copy_gpg_key_material
-        #TODO seperate setting config
+        #TODO seperate setting config. Recovery shell under qemu without reboot doesn't prompt for PIN
        set_user_config "CONFIG_HAVE_GPG_KEY_BACKUP" "y"
        keytocard_subkeys_to_smartcard
    elif [ "$GPG_ALGO" == "p256" ]; then
        generate_inmemory_p256_master_and_subkeys
-        #TODO seperate wiping and thumb drive functions with proper validation
        wipe_thumb_drive_and_copy_gpg_key_material
-        #TODO seperate setting config
        keytocard_subkeys_to_smartcard
    else
        die "Unsupported GPG_ALGO: $GPG_ALGO"
@ -1172,13 +1159,11 @@ fi
 # Do not attempt to flash the key to ROM if we are running in QEMU based on CONFIG_BOARD_NAME matching glob pattern containing qemu-*
 # We check for qemu-* instead of ^qemu- because CONFIG_BOARD_NAME could be renamed to UNTESTED-qemu-* in a probable future
 if [[ "$CONFIG_BOARD_NAME" == qemu-* ]]; then
-    warn "Skipping flash of GPG key to ROM because we are running in QEMU"
-    warn "Please review documentation md file under board directory on your building machine, and review board config options in .config file to enable configuration options you want to test in QEMU until internal flashing support is integrated."
+    warn "Skipping flash of GPG key to ROM because we are running in QEMU without internal flashing support."
 else
    #We are not running in QEMU, so flash the key to ROM

    ## flash generated key to ROM
-    # TODO: would be nice if we warned users that qemu boards will fail here and tell them what to do
    echo -e "\nReading current firmware...\n(this will take a minute or two)\n"
    /bin/flash.sh -r /tmp/oem-setup.rom >/dev/null 2>/tmp/error
    if [ ! -s /tmp/oem-setup.rom ]; then
--- a/initrd/bin/tpmr
+++ b/initrd/bin/tpmr
@ -393,7 +393,6 @@ tpm2_seal() {
 	tpm_password="$7"	# Owner password - will prompt if needed and not empty
 	# TPM Owner Password is always needed for TPM2.

-	DEBUG "TODO REMOVE THIS. tpm2_seal: pass=$pass tpm_password=$tpm_password"
 	mkdir -p "$SECRET_DIR"
 	bname="`basename $file`"

@ -555,8 +554,6 @@ tpm2_unseal() {
 		UNSEAL_PASS_SUFFIX="+$(tpm2_password_hex "$pass")"
 	fi

-	DEBUG "TODO REMOVE THIS. tpm2_unseal: pass=$pass UNSEAL_PASS_SUFFIX=$UNSEAL_PASS_SUFFIX"
-
 	tpm2 unseal -Q -c "$handle" -p "session:$POLICY_SESSION$UNSEAL_PASS_SUFFIX" \
 		-S "/tmp/$ENC_SESSION_FILE" > "$file"
 }
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@ -197,12 +197,10 @@ prompt_tpm_owner_password() {
 	#Caller might already have cached the password in tpm_password. If not, prompt for it and cache it externally
 	if [ -n "$tpm_owner_password" ]; then
 		DEBUG "tpm_owner_password variable already set by caller. Reusing"
-		DEBUG "TODO REMOVE THIS! tpm_owner_password is $tpm_owner_password here."
 		return 0
 	elif [ -s /tmp/secret/tpm_owner_password ]; then
 		DEBUG "/tmp/secret/tpm_owner_password already cached in file. Reusing"
 		tpm_owner_password=$(cat /tmp/secret/tpm_owner_password)
-		DEBUG "TODO REMOVE THIS! tpm_owner_password is $tpm_owner_password here."
 		return 0
 	fi