From f6134e9c35b2494c2087fe32f8a0ff4c4ebec055 Mon Sep 17 00:00:00 2001
From: Jonathon Hall <jonathon.hall@puri.sm>
Date: Fri, 23 Jun 2023 08:18:59 -0400
Subject: [PATCH] gui-init: Opt into skipping QR code scan for Librem boards
 only

Introduce CONFIG_TOTP_SKIP_QRCODE to skip this step and enable it on
Librem boards.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
---
 boards/librem_13v2/librem_13v2.config       | 1 +
 boards/librem_13v4/librem_13v4.config       | 1 +
 boards/librem_14/librem_14.config           | 1 +
 boards/librem_15v3/librem_15v3.config       | 1 +
 boards/librem_15v4/librem_15v4.config       | 1 +
 boards/librem_l1um/librem_l1um.config       | 1 +
 boards/librem_l1um_v2/librem_l1um_v2.config | 1 +
 boards/librem_mini/librem_mini.config       | 1 +
 boards/librem_mini_v2/librem_mini_v2.config | 1 +
 initrd/bin/gui-init                         | 9 +++++++++
 10 files changed, 18 insertions(+)

diff --git a/boards/librem_13v2/librem_13v2.config b/boards/librem_13v2/librem_13v2.config
index cc7d13df..435a577a 100644
--- a/boards/librem_13v2/librem_13v2.config
+++ b/boards/librem_13v2/librem_13v2.config
@@ -30,6 +30,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
diff --git a/boards/librem_13v4/librem_13v4.config b/boards/librem_13v4/librem_13v4.config
index 78d3a51b..9cd7566b 100644
--- a/boards/librem_13v4/librem_13v4.config
+++ b/boards/librem_13v4/librem_13v4.config
@@ -30,6 +30,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
diff --git a/boards/librem_14/librem_14.config b/boards/librem_14/librem_14.config
index 0087b6fe..1fa030f6 100644
--- a/boards/librem_14/librem_14.config
+++ b/boards/librem_14/librem_14.config
@@ -28,6 +28,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
diff --git a/boards/librem_15v3/librem_15v3.config b/boards/librem_15v3/librem_15v3.config
index 29122d36..26b9daa0 100644
--- a/boards/librem_15v3/librem_15v3.config
+++ b/boards/librem_15v3/librem_15v3.config
@@ -30,6 +30,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
diff --git a/boards/librem_15v4/librem_15v4.config b/boards/librem_15v4/librem_15v4.config
index deef7996..8b54bda4 100644
--- a/boards/librem_15v4/librem_15v4.config
+++ b/boards/librem_15v4/librem_15v4.config
@@ -30,6 +30,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
diff --git a/boards/librem_l1um/librem_l1um.config b/boards/librem_l1um/librem_l1um.config
index f46917e9..4d182cbc 100644
--- a/boards/librem_l1um/librem_l1um.config
+++ b/boards/librem_l1um/librem_l1um.config
@@ -28,6 +28,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
diff --git a/boards/librem_l1um_v2/librem_l1um_v2.config b/boards/librem_l1um_v2/librem_l1um_v2.config
index 675c9f68..32187c5a 100644
--- a/boards/librem_l1um_v2/librem_l1um_v2.config
+++ b/boards/librem_l1um_v2/librem_l1um_v2.config
@@ -32,6 +32,7 @@ CONFIG_TPM2_TSS=y
 CONFIG_OPENSSL=y
 CONFIG_PRIMARY_KEY_TYPE=ecc
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
diff --git a/boards/librem_mini/librem_mini.config b/boards/librem_mini/librem_mini.config
index 3c6761a2..2fcd42e2 100644
--- a/boards/librem_mini/librem_mini.config
+++ b/boards/librem_mini/librem_mini.config
@@ -29,6 +29,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=n
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
diff --git a/boards/librem_mini_v2/librem_mini_v2.config b/boards/librem_mini_v2/librem_mini_v2.config
index 04c8cfd0..cd51515d 100644
--- a/boards/librem_mini_v2/librem_mini_v2.config
+++ b/boards/librem_mini_v2/librem_mini_v2.config
@@ -31,6 +31,7 @@ CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=n
 export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+export CONFIG_TOTP_SKIP_QRCODE=y
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index b3729c1c..6bf3d50e 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -159,7 +159,16 @@ generate_totp_hotp()
   elif echo -e "Generating new TOTP secret...\n\n" && /bin/seal-totp "$BOARD_NAME" "$tpm_password"; then
     echo
     if [ -x /bin/hotp_verification ]; then
+      if [ "$CONFIG_TOTP_SKIP_QRCODE" != y ]; then
+        echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
+        read
+      fi
       /bin/seal-hotpkey
+    else
+      if [ "$CONFIG_TOTP_SKIP_QRCODE" != y ]; then
+        echo "Once you have scanned the QR code, hit Enter to continue"
+        read
+      fi
     fi
     # clear screen
     printf "\033c"