gui-init: warn the user when sealing measurements through TOTP/HOTP requires TPM reset

2024-12-18 20:47:55 +00:00 · 2023-01-19 14:58:21 -05:00 · 2023-01-19 14:58:21 -05:00 · e00280e663
commit e00280e663
parent f2ba6679ca
1 changed files with 12 additions and 9 deletions
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@ -149,17 +149,20 @@ prompt_update_checksums()
 generate_totp_htop()
 {
  echo "Scan the QR code to add the new TOTP secret"
-  /bin/seal-totp "$BOARD_NAME"
-  if [ -x /bin/hotp_verification ]; then
-    echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
-    read
-    /bin/seal-hotpkey
+  if /bin/seal-totp "$BOARD_NAME"; then
+    if [ -x /bin/hotp_verification ]; then
+      echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
+      read
+      /bin/seal-hotpkey
+    else
+      echo "Once you have scanned the QR code, hit Enter to continue"
+      read
+    fi
+    # clear screen
+    printf "\033c"
  else
-    echo "Once you have scanned the QR code, hit Enter to continue"
-    read
+    warn "Sealing of measurements inside of TPM failed. You might want to take ownership of TPM by resetting it."
  fi
-  # clear screen
-  printf "\033c"
 }

 update_totp()