gui-init/seal-libremkey: reduce friction when generating new secret

Reduce friction when generating a new TOTP/HOTP secret by eliminating an unnecessary 'press enter to continue' prompt following QR code generation, and by attempting to use the default admin PIN set by the OEM factory reset function. Fall back to prompting the user if the default PIN fails. Also, ensure error messages are visible to users before being returned back to the GUI menu from which they came by wrapping existing calls to die() Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2024-12-19 21:17:55 +00:00 · 2019-08-21 15:40:36 -05:00 · 2019-08-21 15:40:36 -05:00 · d094dcd346
commit d094dcd346
parent d937426306
2 changed files with 34 additions and 22 deletions
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@ -152,17 +152,13 @@ generate_totp_hotp()
 {
  tpm_password="$1"	# May be empty, will prompt if needed and empty
  TRACE "Under /bin/gui-init:generate_totp_hotp"
-  if [ "$CONFIG_TPM" != "y" ]; then
+  if [ "$CONFIG_TPM" != "y" ] && [ -x /bin/hotp_verification ]; then
    echo "Generating new HOTP secret"
    /bin/seal-hotpkey
-  elif echo "Scan the QR code to add the new TOTP secret" && /bin/seal-totp "$BOARD_NAME" "$tpm_password"; then
+  elif echo -e "Generating new TOTP secret...\n\n" && /bin/seal-totp "$BOARD_NAME" "$tpm_password"; then
+    echo
    if [ -x /bin/hotp_verification ]; then
-      echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
-      read
      /bin/seal-hotpkey
-    else
-      echo "Once you have scanned the QR code, hit Enter to continue"
-      read
    fi
    # clear screen
    printf "\033c"
--- a/initrd/bin/seal-hotpkey
+++ b/initrd/bin/seal-hotpkey
@ -19,6 +19,13 @@ mount_boot()

 TRACE "Under /bin/seal-hotpkey"

+fatal_error()
+{
+  echo -e "\nERROR: ${1}; press Enter to continue."
+  read
+  die "$1"
+}
+
 # Use stored HOTP key branding (this might be useful after OEM reset)
 if [ -r /boot/kexec_hotp_key ]; then
 	HOTPKEY_BRANDING="$(cat /boot/kexec_hotp_key)"
@ -29,7 +36,7 @@ fi
 if [ "$CONFIG_TPM" = "y" ]; then
 	DEBUG "Sealing HOTP secret reuses TOTP sealed secret..."
 	tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET" \
-		|| die "Unable to unseal HOTP secret"
+		|| fatal_error "Unable to unseal HOTP secret"
 else
 	# without a TPM, use the first 20 characters of the ROM SHA256sum 
 	secret_from_rom_hash > "$HOTP_SECRET"
@ -55,12 +62,12 @@ counter_value=1

 enable_usb
 if ! hotp_verification info ; then
-  echo "Insert your $HOTPKEY_BRANDING and press Enter to configure it"
+  echo -e "\nInsert your $HOTPKEY_BRANDING and press Enter to configure it"
  read
  if ! hotp_verification info ; then
    # don't leak key on failure
    shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
-    die "Unable to find $HOTPKEY_BRANDING"
+    fatal_error "Unable to find $HOTPKEY_BRANDING"
  fi
 fi

@ -73,20 +80,29 @@ else
 	HOTPKEY_BRANDING="HOTP USB Security Dongle"
 fi

-echo -e ""
-read -s -p "Enter your $HOTPKEY_BRANDING Admin PIN: " admin_pin
-echo -e "\n"
-
-hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING"
+# try using factory default admin PIN
+admin_pin="12345678"
+hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
+  # prompt user for PIN and retry
+  echo ""
+  read -s -p "Enter your $HOTPKEY_BRANDING Admin PIN: " admin_pin
  echo -e "\n"
-  read -s -p "Error setting HOTP secret, re-enter Admin PIN and try again: " admin_pin
-  echo -e "\n"
-  if ! hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" ; then
-    # don't leak key on failure
-    shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
-    die "Setting HOTP secret failed"
+  
+  hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING"
+  if [ $? -ne 0 ]; then
+    echo -e "\n"
+    read -s -p "Error setting HOTP secret, re-enter Admin PIN and try again: " admin_pin
+    echo -e "\n"
+    if ! hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" ; then
+      # don't leak key on failure
+      shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
+      fatal_error "Setting HOTP secret failed"
+    fi
  fi
+else 
+  # remind user to change admin password
+  echo -e "\nWARNING: default GPG admin PIN detected: please change this as soon as possible."
 fi

 # HOTP key no longer needed
@ -102,7 +118,7 @@ mount -o remount,rw /boot

 counter_value=`expr $counter_value + 1`
 echo $counter_value > $HOTP_COUNTER \
-|| die "Unable to create hotp counter file"
+|| fatal_error "Unable to create hotp counter file"

 # Store/overwrite HOTP USB Security Dongle branding found out beforehand
 echo $HOTPKEY_BRANDING > $HOTP_KEY \