ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-08 20:10:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

WiP: staging changes

Browse Source 
Attacking nv index next for TPM nvram read in prod_quiet testing

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-12-12 17:03:47 -05:00
parent f68df1ccf0
commit eca4e34176
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
4 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
initrd/bin/gui-init
View File

@ -571,7 +571,7 @@ reset_tpm()
# now that the TPM is reset, remove invalid TPM counter files
mount_boot
mount -o rw,remount /boot
warn "Removing rollback and primary handle hash under /boot"
LOG "Removing rollback and primary handle hash under /boot"
rm -f /boot/kexec_rollback.txt
rm -f /boot/kexec_primhdl_hash.txt
@ -585,6 +585,8 @@ reset_tpm()
sha256sum /tmp/counter-$counter > /boot/kexec_rollback.txt \
|| die "Unable to create rollback file"
warn "boot content has been modified, please update the checksums and sign the files from Options -> Update checksums and sign all files in /boot"
mount -o ro,remount /boot
generate_totp_hotp "$tpm_owner_password"

4
initrd/bin/oem-factory-reset
View File

@ -1288,7 +1288,7 @@ else
#Reset Nitrokey 3 secret app
reset_nk3_secret_app
#Generate GPG key and subkeys on smartcard only
echo -e "\nResetting USB Security dongle's OpenPGP smartcard with GPG...\n(this will take around 3 minutes...)\n"
echo -e "\nResetting USB Security dongle's OpenPGP smartcard with GPG...\n(this may take up to 3 minutes...)\n"
gpg_key_factory_reset
generate_OEM_gpg_keys
fi
@ -1353,7 +1353,7 @@ else
#We are not running in QEMU, so flash the key to ROM
## flash generated key to ROM
echo -e "\nReading current firmware...\n(this will take a minute or two)\n"
echo -e "\nReading current firmware...\n(this may take up to two minutes...)\n"
/bin/flash.sh -r /tmp/oem-setup.rom >/dev/null 2>/tmp/error
if [ ! -s /tmp/oem-setup.rom ]; then
ERROR=$(tail -n 1 /tmp/error | fold -s)

4
initrd/etc/functions
View File

@ -368,7 +368,7 @@ check_tpm_counter() {
if [ -r "$1" ]; then
TPM_COUNTER=$(grep counter- "$1" | cut -d- -f2)
else
warn "$1 does not exist; creating new TPM counter"
LOG "$1 does not exist; creating new TPM counter"
tpmr counter_create \
-pwdc '' \
-la $LABEL |
@ -384,7 +384,7 @@ check_tpm_counter() {
read_tpm_counter() {
TRACE_FUNC
tpmr counter_read -ix "$1" | tee "/tmp/counter-$1" ||
tpmr counter_read -ix "$1" | tee "/tmp/counter-$1" > /dev/null 2>&1 ||
die "Counter read failed"
}

2
modules/hotp-verification
View File

@ -7,7 +7,7 @@ hotp-verification_version := e6cf719d67a811356eecff69769fa1dbce47f953
hotp-verification_dir := hotp-verification-$(hotp-verification_version)
hotp-verification_tar := nitrokey-hotp-verification-$(hotp-verification_version).tar.gz
hotp-verification_url := https://github.com/Nitrokey/nitrokey-hotp-verification/archive/$(hotp-verification_version).tar.gz
hotp-verification_hash := 1095640fdae77938ce2d2ce294c7ecb8c27b77060975af8d838b6fd056ed5068
hotp-verification_hash := 3c8b44e4d9a1f7454269f76102f32de6ed9de19ab0cf7119747eb97377c66a84
hotp-verification_target := \
$(MAKE_JOBS) \