oem-factory-reset + seal-hotpkey: Give debug output to underatand in what state is the USB Security dongle

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-18 20:47:55 +00:00 · 2024-04-19 14:30:55 -04:00 · 2024-04-19 14:30:55 -04:00 · fc874728f6
commit fc874728f6
parent 00ce2f4d1c
2 changed files with 4 additions and 0 deletions
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -496,7 +496,9 @@ gpg_key_factory_reset() {
    fi
    # If Nitrokey Storage is inserted, reset AES keys as well
    if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ]; then
+        DEBUG "Nitrokey Storage detected, resetting AES keys..."
        /bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
+        DEBUG "Restarting scdaemon to remove possible exclusive lock of dongle"
        killall -9 scdaemon
    fi
    # Toggle forced sig (good security practice, forcing PIN request for each signature request)
--- a/initrd/bin/seal-hotpkey
+++ b/initrd/bin/seal-hotpkey
@ -26,6 +26,8 @@ fatal_error()
 {
  echo -e "\nERROR: ${1}; press Enter to continue."
  read
+  # get lsusb output for debugging
+  DEBUG "lsusb output: $(lsusb)"
  die "$1"
 }