ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,804 Commits 27 Branches 6 Tags 21 MiB
master
Commit Graph

35 Commits

Author SHA1 Message Date
Thierry Laurion
9b101f1454 flash.sh: FLASHROM_OPTIONS->FLASH_OPTIONS: require FLASH_OPTIONS to specify flash program in board configs 
- boards: switch flashrom->flashprog, FLASH_OPTIONS: flashprog memory --progress --programmer internal

TODO: check, Might break:
- xx20 : x220/t420/t520: used hwseq: verify compat
- legacy : not sure --ifd bios are support: verify compat (and drop, future PR drop legacy boards anyway...)
- talos: linux_mtd is used: verify compat

Tested:
- x230 works with awesome progress bar on read, erase and write.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-10-29 08:58:09 -04:00
Thierry Laurion
8114bbb4c8 ash_functions: make sure newlines are passed, fix error redirection 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-10-29 08:58:09 -04:00
Thierry Laurion
0e90021931
etc/ash_functions: remove TRACE_FUNC that cannot be used in ash, only under bash 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-09-09 09:30:43 -04:00
Thierry Laurion
77d4be1dc6
TPM extend ops: Augment output of TPM1/TMP22 for filename and file content hash ops 
Debug logtrace, screenshots of non-debug will be added in PR #1758

TPM1:
[    4.815559] [U] hello world
[    5.099000] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[    5.122059] TRACE: Under init
[    5.165917] DEBUG: Applying panic_on_oom setting to sysctl
[    5.388757] TRACE: /bin/cbfs-init(5): main
[    5.516637] TRACE: /bin/cbfs-init(24): main
[    5.662271] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx
[    5.732223] TRACE: /bin/tpmr(790): main
[    5.785372] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae
[    5.838082] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx
[    6.081466] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx
[    6.147455] TRACE: /bin/tpmr(790): main
[    6.196545] DEBUG: TPM: Extending PCR[7] with hash ee79223a3b9724ad1aab290a3785132805c79eae
[    6.251251] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx
[    6.445119] TRACE: /bin/cbfs-init(24): main
[    6.585854] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg
[    6.659172] TRACE: /bin/tpmr(790): main
[    6.707564] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042
[    6.757645] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg
[    7.013547] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg
[    7.082863] TRACE: /bin/tpmr(790): main
[    7.131022] DEBUG: TPM: Extending PCR[7] with hash ca8898407cacd96d6f2de90ae90825351be81c62
[    7.183344] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg
[    7.413787] TRACE: /bin/key-init(6): main
[    8.718367] TRACE: Under /etc/ash_functions:combine_configs
[    8.803914] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[    9.045341] TRACE: /bin/setconsolefont.sh(6): main
[    9.096853] DEBUG: Board does not ship setfont, not checking console font
[    9.320494] TRACE: /bin/gui-init(641): main
[    9.356729] TRACE: Under /etc/ash_functions:enable_usb
[    9.445981] TRACE: /sbin/insmod(9): main
[    9.609464] TRACE: /sbin/insmod(53): main
[    9.660145] DEBUG: No module parameters, extending only with the module's content
[    9.791896] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-hcd.ko
[    9.860477] TRACE: /bin/tpmr(790): main
[    9.914849] DEBUG: TPM: Extending PCR[5] with hash bc9ff28a99e314cda69695ba34b26ed0d8b1e4ed
[    9.976867] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-hcd.ko
[   10.146966] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[   10.184086] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   10.276564] TRACE: /sbin/insmod(9): main
[   10.433503] TRACE: /sbin/insmod(53): main
[   10.486272] DEBUG: No module parameters, extending only with the module's content
[   10.620200] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/uhci-hcd.ko
[   10.698710] TRACE: /bin/tpmr(790): main
[   10.750637] DEBUG: TPM: Extending PCR[5] with hash bcb2f15c7eb52484072a76fc8a0d7399f6cf2189
[   10.808379] DEBUG: exec tpm extend -ix 5 -if /lib/modules/uhci-hcd.ko
[   10.996254] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[   11.026108] uhci_hcd: USB Universal Host Controller Interface driver
[   11.040703] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[   11.053129] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[   11.061568] uhci_hcd 0000:00:1d.0: detected 2 ports
[   11.070973] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[   11.089004] hub 1-0:1.0: USB hub found
[   11.097535] hub 1-0:1.0: 2 ports detected
[   11.114890] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[   11.123848] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[   11.134989] uhci_hcd 0000:00:1d.1: detected 2 ports
[   11.142404] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[   11.153338] hub 2-0:1.0: USB hub found
[   11.160572] hub 2-0:1.0: 2 ports detected
[   11.176481] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[   11.183898] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[   11.193509] uhci_hcd 0000:00:1d.2: detected 2 ports
[   11.201574] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[   11.211182] hub 3-0:1.0: USB hub found
[   11.219256] hub 3-0:1.0: 2 ports detected
[   11.314467] TRACE: /sbin/insmod(9): main
[   11.468430] TRACE: /sbin/insmod(53): main
[   11.521914] DEBUG: No module parameters, extending only with the module's content
[   11.656647] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-hcd.ko
[   11.726721] TRACE: /bin/tpmr(790): main
[   11.778253] DEBUG: TPM: Extending PCR[5] with hash f563e46fbbed46423a1e10219953233d310792f5
[   11.831718] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-hcd.ko
[   12.010752] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[   12.044192] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   12.136462] TRACE: /sbin/insmod(9): main
[   12.293409] TRACE: /sbin/insmod(53): main
[   12.345947] DEBUG: No module parameters, extending only with the module's content
[   12.481562] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-pci.ko
[   12.547754] TRACE: /bin/tpmr(790): main
[   12.604827] DEBUG: TPM: Extending PCR[5] with hash a24699fdaac9976cc9447fd0cd444a469299ad2f
[   12.661256] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-pci.ko
[   12.847247] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[   12.870986] ohci-pci: OHCI PCI platform driver
[   12.959387] TRACE: /sbin/insmod(9): main
[   13.112275] TRACE: /sbin/insmod(53): main
[   13.163112] DEBUG: No module parameters, extending only with the module's content
[   13.291360] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-pci.ko
[   13.364853] TRACE: /bin/tpmr(790): main
[   13.438536] DEBUG: TPM: Extending PCR[5] with hash b80a90e11a01eba40bb7e566f3374d0aad326acb
[   13.505500] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-pci.ko
[   13.679865] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[   13.704539] ehci-pci: EHCI PCI platform driver
[   13.725570] ehci-pci 0000:00:1d.7: EHCI Host Controller
[   13.735562] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[   13.745092] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[   13.773286] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[   13.783544] hub 4-0:1.0: USB hub found
[   13.791110] hub 4-0:1.0: 6 ports detected
[   13.800844] hub 1-0:1.0: USB hub found
[   13.807808] hub 1-0:1.0: 2 ports detected
[   13.823094] hub 2-0:1.0: USB hub found
[   13.829910] hub 2-0:1.0: 2 ports detected
[   13.839182] hub 3-0:1.0: USB hub found
[   13.846231] hub 3-0:1.0: 2 ports detected
[   13.946297] TRACE: /sbin/insmod(9): main
[   14.099143] TRACE: /sbin/insmod(53): main
[   14.149765] DEBUG: No module parameters, extending only with the module's content
[   14.291413] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-hcd.ko
[   14.372815] TRACE: /bin/tpmr(790): main
[   14.426919] DEBUG: TPM: Extending PCR[5] with hash 1fc55e846b9d5c93e58c6c8b6f867e744fa694bc
[   14.482815] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-hcd.ko
[   14.670419] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[   14.783374] TRACE: /sbin/insmod(9): main
[   14.939364] TRACE: /sbin/insmod(53): main
[   14.995136] DEBUG: No module parameters, extending only with the module's content
[   15.135482] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-pci.ko
[   15.204263] TRACE: /bin/tpmr(790): main
[   15.255478] DEBUG: TPM: Extending PCR[5] with hash bbdd85242570aa438b908420a43b8d7042db8b4f
[   15.305598] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-pci.ko
[   15.480844] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[   15.512476] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   15.528230] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[   15.540456] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[   15.554225] hub 5-0:1.0: USB hub found
[   15.562061] hub 5-0:1.0: 4 ports detected
[   15.572058] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   15.589966] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[   15.598116] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[   15.606150] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[   15.616354] hub 6-0:1.0: USB hub found
[   15.623767] hub 6-0:1.0: 4 ports detected
[   15.909854] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[   16.193548] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[   16.345381] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[   17.674973] TRACE: /etc/functions(715): detect_boot_device
[   17.718114] TRACE: /etc/functions(682): mount_possible_boot_device
[   17.759829] TRACE: /etc/functions(642): is_gpt_bios_grub
[   17.833271] TRACE: /dev/vda1 is partition 1 of vda
[   17.925490] TRACE: /etc/functions(619): find_lvm_vg_name
[   18.068352] TRACE: Try mounting /dev/vda1 as /boot
[   18.114444] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[   18.158648] TRACE: /bin/gui-init(319): clean_boot_check
[   18.247883] TRACE: /bin/gui-init(348): check_gpg_key
[   18.338052] TRACE: /bin/gui-init(185): update_totp
[   18.419286] TRACE: /bin/unseal-totp(8): main
[   18.511352] TRACE: /bin/tpmr(614): tpm1_unseal
[   18.624811] DEBUG: Running at_exit handlers
[   18.661992] TRACE: /bin/tpmr(390): cleanup_shred
[   18.692897]  !!! ERROR: Unable to unseal TOTP secret !!!
[   21.295284] TRACE: /bin/unseal-totp(8): main
[   21.386377] TRACE: /bin/tpmr(614): tpm1_unseal
[   21.496183] DEBUG: Running at_exit handlers
[   21.527060] TRACE: /bin/tpmr(390): cleanup_shred
[   21.558625]  !!! ERROR: Unable to unseal TOTP secret !!!
[   24.162881] TRACE: /bin/unseal-totp(8): main
[   24.249549] TRACE: /bin/tpmr(614): tpm1_unseal
[   24.362331] DEBUG: Running at_exit handlers
[   24.394154] TRACE: /bin/tpmr(390): cleanup_shred
[   24.427400]  !!! ERROR: Unable to unseal TOTP secret !!!
[   26.475340] DEBUG: CONFIG_TPM: y
[   26.521538] DEBUG: CONFIG_TPM2_TOOLS:
[   26.578490] DEBUG: Show PCRs
[   26.730805] DEBUG: PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.751488] PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.778571] PCR-02: C0 A9 54 C8 45 5C 78 49 80 EC 1C DB D8 E8 9B CC 65 11 58 BF
[   26.808771] PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.830508] PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.849538] PCR-05: 2C 3A 40 05 70 DB 21 89 4F CD C2 F8 D6 AE 40 DA 56 E1 B6 74
[   26.878951] PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.895421] PCR-07: 7A 8A 4C E6 BA B0 AA 26 22 B1 26 A2 F6 36 BD F3 86 23 50 B6

TPM2:
[    5.305235] [U] hello world
[    5.591175] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[    5.615802] TRACE: Under init
[    5.657823] DEBUG: Applying panic_on_oom setting to sysctl
[    5.831457] TRACE: /bin/tpmr(349): tpm2_startsession
[    6.567984] TRACE: /bin/cbfs-init(5): main
[    6.695758] TRACE: /bin/cbfs-init(24): main
[    6.811665] TRACE: /bin/tpmr(832): main
[    6.870411] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[    6.907262] TRACE: /bin/tpmr(234): tpm2_extend
[    6.983504] TRACE: /bin/tpmr(247): tpm2_extend
[    7.037543] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/pubring.kbx
[    7.192665] TRACE: /bin/tpmr(265): tpm2_extend
[    7.246318] DEBUG: TPM: Extended PCR[7] with hash 96ab5053e4630a040d55549ba73cff2178d401d763147776771f9774597b86a1
[    7.355327] TRACE: /bin/tpmr(832): main
[    7.409042] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[    7.446920] TRACE: /bin/tpmr(234): tpm2_extend
[    7.485782] TRACE: /bin/tpmr(252): tpm2_extend
[    7.540496] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/pubring.kbx
[    7.759033] TRACE: /bin/tpmr(265): tpm2_extend
[    7.811693] DEBUG: TPM: Extended PCR[7] with hash f196f9cae98362568d31638e7522eee5042286b2c18627b06b30a0275207872e
[    7.903033] TRACE: /bin/cbfs-init(24): main
[    8.026099] TRACE: /bin/tpmr(832): main
[    8.077074] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[    8.108061] TRACE: /bin/tpmr(234): tpm2_extend
[    8.180580] TRACE: /bin/tpmr(247): tpm2_extend
[    8.234748] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/trustdb.gpg
[    8.412522] TRACE: /bin/tpmr(265): tpm2_extend
[    8.469868] DEBUG: TPM: Extended PCR[7] with hash 53b843fe9bb52894d3a7d00197c776d56f3059f6a285124c7916724cd5013b0b
[    8.596316] TRACE: /bin/tpmr(832): main
[    8.655651] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[    8.690508] TRACE: /bin/tpmr(234): tpm2_extend
[    8.723206] TRACE: /bin/tpmr(252): tpm2_extend
[    8.782554] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/trustdb.gpg
[    8.999969] TRACE: /bin/tpmr(265): tpm2_extend
[    9.066744] DEBUG: TPM: Extended PCR[7] with hash abf745ef9f960af5d8b19a1acd4bc0a19da056f607b06cce6b920eab83cbbdec
[    9.215143] TRACE: /bin/key-init(6): main
[   10.661503] TRACE: Under /etc/ash_functions:combine_configs
[   10.749050] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[   10.998267] TRACE: /bin/setconsolefont.sh(6): main
[   11.059640] DEBUG: Board does not ship setfont, not checking console font
[   11.303012] TRACE: /bin/gui-init(641): main
[   11.334099] TRACE: Under /etc/ash_functions:enable_usb
[   11.421487] TRACE: /sbin/insmod(9): main
[   11.578754] TRACE: /sbin/insmod(53): main
[   11.630500] DEBUG: No module parameters, extending only with the module's content
[   11.741780] TRACE: /bin/tpmr(832): main
[   11.789365] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-hcd.ko
[   11.823496] TRACE: /bin/tpmr(234): tpm2_extend
[   11.862739] TRACE: /bin/tpmr(252): tpm2_extend
[   11.920404] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-hcd.ko
[   12.123507] TRACE: /bin/tpmr(265): tpm2_extend
[   12.175292] DEBUG: TPM: Extended PCR[5] with hash 40c5206f06702e45d8e6632632255258af433be0641c96f514ea75ac14523a30
[   12.234130] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[   12.278479] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   12.371875] TRACE: /sbin/insmod(9): main
[   12.523874] TRACE: /sbin/insmod(53): main
[   12.578418] DEBUG: No module parameters, extending only with the module's content
[   12.697785] TRACE: /bin/tpmr(832): main
[   12.753607] DEBUG: TPM: Extending PCR[5] with /lib/modules/uhci-hcd.ko
[   12.786940] TRACE: /bin/tpmr(234): tpm2_extend
[   12.819199] TRACE: /bin/tpmr(252): tpm2_extend
[   12.879805] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/uhci-hcd.ko
[   13.088925] TRACE: /bin/tpmr(265): tpm2_extend
[   13.158660] DEBUG: TPM: Extended PCR[5] with hash 1877332107fb8737a5636da26d4db2c10ffe4d1db2bcbde30b47774cdf05e02f
[   13.223888] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[   13.253700] uhci_hcd: USB Universal Host Controller Interface driver
[   13.269580] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[   13.278675] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[   13.287280] uhci_hcd 0000:00:1d.0: detected 2 ports
[   13.296481] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[   13.314557] hub 1-0:1.0: USB hub found
[   13.332614] hub 1-0:1.0: 2 ports detected
[   13.352400] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[   13.361016] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[   13.368653] uhci_hcd 0000:00:1d.1: detected 2 ports
[   13.376700] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[   13.395046] hub 2-0:1.0: USB hub found
[   13.403107] hub 2-0:1.0: 2 ports detected
[   13.418573] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[   13.426975] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[   13.434733] uhci_hcd 0000:00:1d.2: detected 2 ports
[   13.442497] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[   13.460237] hub 3-0:1.0: USB hub found
[   13.467466] hub 3-0:1.0: 2 ports detected
[   13.579102] TRACE: /sbin/insmod(9): main
[   13.730892] TRACE: /sbin/insmod(53): main
[   13.781345] DEBUG: No module parameters, extending only with the module's content
[   13.891152] TRACE: /bin/tpmr(832): main
[   13.954015] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-hcd.ko
[   13.995207] TRACE: /bin/tpmr(234): tpm2_extend
[   14.031074] TRACE: /bin/tpmr(252): tpm2_extend
[   14.095694] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-hcd.ko
[   14.315253] TRACE: /bin/tpmr(265): tpm2_extend
[   14.369608] DEBUG: TPM: Extended PCR[5] with hash 8a12ce4abfc87f11a023d4f1c26c225f5cffae248f9dad1fd30e78022996df02
[   14.425800] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[   14.455207] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   14.548050] TRACE: /sbin/insmod(9): main
[   14.693175] TRACE: /sbin/insmod(53): main
[   14.742761] DEBUG: No module parameters, extending only with the module's content
[   14.855233] TRACE: /bin/tpmr(832): main
[   14.908035] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-pci.ko
[   14.940321] TRACE: /bin/tpmr(234): tpm2_extend
[   14.970307] TRACE: /bin/tpmr(252): tpm2_extend
[   15.018421] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-pci.ko
[   15.226408] TRACE: /bin/tpmr(265): tpm2_extend
[   15.279951] DEBUG: TPM: Extended PCR[5] with hash 2065ee6544d78a5d31e67983166a9b8cf60dbe61bf0ee99c39e92816cc3a98db
[   15.335930] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[   15.360537] ohci-pci: OHCI PCI platform driver
[   15.446600] TRACE: /sbin/insmod(9): main
[   15.597149] TRACE: /sbin/insmod(53): main
[   15.649850] DEBUG: No module parameters, extending only with the module's content
[   15.753738] TRACE: /bin/tpmr(832): main
[   15.809086] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-pci.ko
[   15.847559] TRACE: /bin/tpmr(234): tpm2_extend
[   15.878030] TRACE: /bin/tpmr(252): tpm2_extend
[   15.930320] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-pci.ko
[   16.131948] TRACE: /bin/tpmr(265): tpm2_extend
[   16.190395] DEBUG: TPM: Extended PCR[5] with hash 116145df2c495dfd58354025799fe5bb9b4d8e078960e8d0d7ceda746e4f2d06
[   16.247675] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[   16.275465] ehci-pci: EHCI PCI platform driver
[   16.296704] ehci-pci 0000:00:1d.7: EHCI Host Controller
[   16.306151] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[   16.316293] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[   16.340527] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[   16.357688] hub 4-0:1.0: USB hub found
[   16.365707] hub 4-0:1.0: 6 ports detected
[   16.376687] hub 1-0:1.0: USB hub found
[   16.384573] hub 1-0:1.0: 2 ports detected
[   16.393986] hub 2-0:1.0: USB hub found
[   16.401424] hub 2-0:1.0: 2 ports detected
[   16.410387] hub 3-0:1.0: USB hub found
[   16.418087] hub 3-0:1.0: 2 ports detected
[   16.513839] TRACE: /sbin/insmod(9): main
[   16.670778] TRACE: /sbin/insmod(53): main
[   16.721953] DEBUG: No module parameters, extending only with the module's content
[   16.835964] TRACE: /bin/tpmr(832): main
[   16.888003] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-hcd.ko
[   16.919798] TRACE: /bin/tpmr(234): tpm2_extend
[   16.957470] TRACE: /bin/tpmr(252): tpm2_extend
[   17.013535] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-hcd.ko
[   17.225097] TRACE: /bin/tpmr(265): tpm2_extend
[   17.281099] DEBUG: TPM: Extended PCR[5] with hash 7f5a6bd0f7de6104e49374e1e5ce421e11795fcc4f53014ef9259d630d7876bc
[   17.337551] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[   17.448660] TRACE: /sbin/insmod(9): main
[   17.595458] TRACE: /sbin/insmod(53): main
[   17.653305] DEBUG: No module parameters, extending only with the module's content
[   17.763612] TRACE: /bin/tpmr(832): main
[   17.817350] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-pci.ko
[   17.849196] TRACE: /bin/tpmr(234): tpm2_extend
[   17.879069] TRACE: /bin/tpmr(252): tpm2_extend
[   17.927859] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-pci.ko
[   18.126778] TRACE: /bin/tpmr(265): tpm2_extend
[   18.188056] DEBUG: TPM: Extended PCR[5] with hash 5502fa8c101f7e509145b9826094f06dd0e225c2311a14edc9ae9c812518a250
[   18.247945] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[   18.286509] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   18.294553] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[   18.308276] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[   18.320288] hub 5-0:1.0: USB hub found
[   18.328425] hub 5-0:1.0: 4 ports detected
[   18.337635] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   18.344430] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[   18.351769] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[   18.360900] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[   18.371095] hub 6-0:1.0: USB hub found
[   18.378046] hub 6-0:1.0: 4 ports detected
[   18.673695] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[   18.960744] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[   19.112485] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[   20.433294] TRACE: /etc/functions(715): detect_boot_device
[   20.489580] TRACE: /etc/functions(682): mount_possible_boot_device
[   20.546126] TRACE: /etc/functions(642): is_gpt_bios_grub
[   20.653417] TRACE: /dev/vda1 is partition 1 of vda
[   20.777737] TRACE: /etc/functions(619): find_lvm_vg_name
[   20.946450] TRACE: Try mounting /dev/vda1 as /boot
[   20.997145] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[   21.053058] TRACE: /bin/gui-init(319): clean_boot_check
[   21.157752] TRACE: /bin/gui-init(348): check_gpg_key
[   21.260339] TRACE: /bin/gui-init(185): update_totp
[   21.376906] TRACE: /bin/unseal-totp(8): main
[   21.497372] TRACE: /bin/tpmr(569): tpm2_unseal
[   21.574501] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   22.212056] DEBUG: Running at_exit handlers
[   22.247818] TRACE: /bin/tpmr(374): cleanup_session
[   22.301292] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   22.423005]  !!! ERROR: Unable to unseal TOTP secret !!!
[   25.058227] TRACE: /bin/unseal-totp(8): main
[   25.205031] TRACE: /bin/tpmr(569): tpm2_unseal
[   25.284388] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   25.914243] DEBUG: Running at_exit handlers
[   25.947988] TRACE: /bin/tpmr(374): cleanup_session
[   26.001694] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   26.126464]  !!! ERROR: Unable to unseal TOTP secret !!!
[   28.766165] TRACE: /bin/unseal-totp(8): main
[   28.898452] TRACE: /bin/tpmr(569): tpm2_unseal
[   28.982708] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   29.609216] DEBUG: Running at_exit handlers
[   29.643372] TRACE: /bin/tpmr(374): cleanup_session
[   29.696741] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   29.822748]  !!! ERROR: Unable to unseal TOTP secret !!!
[   31.890980] DEBUG: CONFIG_TPM: y
[   31.945147] DEBUG: CONFIG_TPM2_TOOLS: y
[   31.999643] DEBUG: Show PCRs
[   32.157607] DEBUG:   sha256:
[   32.190288] 0 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.221302] 1 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.251240] 2 : 0x9FC171D45D54BDD49D40E8438BCF15808427BA72B11EC2DF1ACE877CA0CF4F14
[   32.282127] 3 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.315382] 4 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.345767] 5 : 0xD76470232B7C3FD7D18D4DF3B77DACAFFDB876DBF3E84C996D74F7ECFA0FF60F
[   32.379099] 6 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.409630] 7 : 0x2E3147A8ADA1FEBEB2D32D7F50F25DC10F47D7CD48DF1D61A2D6BF958114A231
[   32.439780] 8 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.508514] 9 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.537395] 10: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.583510] 11: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.622661] 12: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.651831] 13: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.687298] 14: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.721766] 15: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.751345] 16: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.782919] 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.813071] 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.841994] 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.869358] 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.907215] 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.937346] 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.967810] 23: 0x0000000000000000000000000000000000000000000000000000000000000000

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-09-06 17:15:53 -04:00
Thierry Laurion
52992664ea
Improve TPM Extend infor in normal and DEBUG mode 
cbfs-init: remove temp files, measure direct cbfs output, extend PCR with proper introspection tracing
flash.sh: do not die but go to recovery if flashrom fails, cosmetic fix for warning given to user
kexec-insert-key: extend PCR with proper introspection tracing
kexec-select-boot: extend PCR with proper introspection tracing
kexec-measure-luks: extend PCR with proper introspection tracing
tpmr: Add missing TRACE_FUNC, fix comments, extend give hash that was extended to tpm call in DEBUG, fix TPM startsession unsuppressed output still present
ash_functions: extend PCR with proper introspection tracing
insmod: DEBUG info more pertinent, extend PCR with proper introspection tracing

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-08-24 15:33:51 -04:00
Jonathon Hall
00ce2f4d1c
ash_functions: Log board and version when entering recovery shell 
Log the board and version when entering the recovery shell.  Extract
the firmware version logic from init.

Currently this is the only way to get the debug log.  If we add a way
from the GUI, we may want to log the board and version somewhere else
too.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2024-04-19 14:16:41 -04:00
Jonathon Hall
a767347afd
kexec-boot: Only capture kexec -d output to log, not console/kmsg 
LOG() is added to log to the log only (not kmsg, more verbose than
TRACE).

DO_WITH_DEBUG only captures stdout/stderr to the log with LOG().

kexec-boot silences stderr from kexec, we don't want it on the console.

No need to repeat the kexec command when asking in debug to continue
boot, it's no longer hidden behind verbose output from kexec.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2024-04-19 14:14:54 -04:00
Thierry Laurion
ae5f9c5416
Improve DEBUG and DO_WITH_DEBUG output handling to also keep output of kexec -l when BOARD is in DEBUG+TRACE mode (configuration settings menu + flash) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-04-18 16:30:13 -04:00
Thierry Laurion
67f1dae840
ash_functions: move sleep 2 after all usb modules being loaded 
Otherwise we get ehci-pci and xhci_hcd kernel messages in dmesg debug AFTER "Verifying presence of GPG card" which explains why dongle might not be found in time and fails in oem-factory-reset

Fixes https://github.com/Nitrokey/heads/issues/48

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-04-12 17:05:29 -04:00
Jonathon Hall
2aeab5edbb
initrd/etc/ash_functions: ehci_pci/xhci-* aren't companion controllers 
All boards with CONFIG_LINUX_USB=y ship ehci-* and xhci-*, they are
not controlled by CONFIG_LINUX_USB_COMPANION_CONTROLLER.  Always
insert them when initializing USB.  Fixes commit 35de2348

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2024-02-23 09:44:40 -05:00
Thierry Laurion
35de23483a
etc/ash_functions: remove redundant lsmod prior of insmod 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-02-22 15:29:38 -05:00
Jonathon Hall
0a823cb491
Allow laptops to include optional USB keyboard support 
Laptops can include optional USB keyboard support (default off unless
the board also sets the default to 'y').  The setting is in the
configuration GUI.

CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those
boards.  'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict
with prior releases that expect this to be a compile-time setting only
(conflicts risk total lock out requiring hardware flash, so some
caution is justified IMO).

Boards previously exporting CONFIG_USB_KEYBOARD now export
CONFIG_USB_KEYBOARD_REQUIRED.  Those boards don't have built-in
keyboards, USB keyboard is always enabled. (librem_mini,
librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2,
kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb).

Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable
optional support.  The default is still 'off'.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2024-01-10 15:38:06 -05:00
Thierry Laurion
37872937f0
oem-factory-reset: unify booleen y/n variable usage and double check logic. Also move USB Security dongle capability detection under code already checking for USB Security Dongle's smartcard presence. 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-07 14:34:50 -05:00
Thierry Laurion
388ee5198b
All TPM Extend additional context passed from console echo output to DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements. 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-06 15:53:17 -05:00
Thierry Laurion
923b4e1fe9
ash_functions:confirm_gpg_card: loop gpg_admin_pin prompt until non-empty 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-06 10:06:19 -05:00
Thierry Laurion
4e10740453
oem-factory-reset/ash_functions/luks-functions: replace provisioning with configuring keywords. Tweak oem-factory-reset flow and questionnaire. Now first prompt is to ask if user wants to go advanced or use defaults. 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-03 16:41:27 -04:00
Thierry Laurion
85266452fa
oem-factory-reset ash_functions: fix USB Security Dongle' smartcard -> USB Security Dongle's smartcard 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-02 12:54:39 -04:00
Thierry Laurion
c2c32c425b
ash_functions: have gpg_auth calls to confirm_gpg_card in subshell loop to force successful authentication 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 14:27:19 -04:00
Thierry Laurion
7f5d9700b7
gpg_auth function was not failing properly on failing, die instead 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:50 -04:00
Thierry Laurion
2697a6ad1f
WiP: further removal of unecessary debug messages 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:58 -04:00
Thierry Laurion
1f28c71447
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:55 -04:00
Thierry Laurion
eceb97aa4d
WiP: provide proper info/warn/die messages explaining causes of errors linked to detach signing errors 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:51 -04:00
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead. 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:48 -04:00
Thierry Laurion
b1e5c638cd
WiP 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:45 -04:00
Thierry Laurion
139f77113c
ash_functions: make DEBUG call pass multiline messages one at a time to /tmp/debug.log and kmsg 2023-10-21 14:37:31 -04:00
Thierry Laurion
0416896b82
etc/ash_function's warn/die/TRACE/DEBUG now output also under /dev/kmsg when DEBUG is enabled 2023-10-10 12:28:15 -04:00
Thierry Laurion
4910c1188f
TPM Disk Unlock Key sealing/renewal cleanup (Triggered automatically when resealing TOTP) 
Changes:
- As per master: when TOTP cannot unseal TOTP, user is prompted to either reset or regenerate TOTP
- Now, when either is done and a previous TPM Disk Unlock Key was setuped, the user is guided into:
  - Regenerating checksums and signing them
  - Regenerating TPM disk Unlock Key and resealing TPM disk Unlock Key with passphrase into TPM
  - LUKS header being modified, user is asked to resign kexec.sig one last time prior of being able to default boot
- When no previous Disk Unlock Key was setuped, the user is guided into:
  - The above, plus
    - Detection of LUKS containers,suggesting only relevant partitions

- Addition of TRACE and DEBUG statements to troubleshoot actual vs expected behavior while coding
  - Were missing under TPM Disk Unlock Key setup codepaths

- Fixes for #645 : We now check if only one slots exists and we do not use it if its slot1.
  - Also shows in DEBUG traces now

Unrelated staged changes
- ash_functions: warn and die now contains proper spacing and eye attaction
- all warn and die calls modified if containing warnings and too much punctuation
- unify usage of term TPM Disk Unlock Key and Disk Recovery Key
 2023-08-30 18:06:29 -04:00
Jonathon Hall
89858f52a9
Merge remote-tracking branch 'github-heads/master' into pureboot-27-heads-upstream 
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2023-06-21 15:15:23 -04:00
Kyle Rankin
79da79a5e4
Implement Restricted Boot Mode 
Restricted Boot mode only allows booting from signed files, whether that
is signed kernels in /boot or signed ISOs on mounted USB disks. This
disables booting from abitrary USB disks as well as the forced "unsafe"
boot mode. This also disables the recovery console so you can't bypass
this mode simply by running kexec manually.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2023-06-21 13:26:45 -04:00
Thierry Laurion
995a6931f1
config-gui.sh: permit io386 platform locking to be dynamically disabled at runtime 
ash_functions: make sure /tmp/config is sourced before going to recovery shell
TODO: revisit https://source.puri.sm/firmware/pureboot/-/blob/Release-27/initrd/bin/config-gui.sh#L33 to have proper config store later on
 2023-06-20 12:42:12 -04:00
Thierry Laurion
8dbe85ddaf
Fix 'Tracing...' text output still stating functions instead of ash_functions where they are called from 2023-04-03 14:31:21 -04:00
Thierry Laurion
429d8bbead
move enable_usb from /etc/functions to /etc/ash_functions so that usb keyboard can be enabled from init 
Reminder: insmod is a bash script and will fail on legacy-flash boards (which should not enable USB_KEYBOARD anyway)
 2023-04-03 14:31:09 -04:00
Jonathon Hall
0760b6f237
init: Use busybox ash 
init must use busybox ash because it is used on legacy-flash boards.
Change shebang, move needed functions to ash_functions.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2023-03-13 12:26:41 -04:00
Jonathon Hall
92a6b5410d
tpmr: Improve debug output, hide secrets, trim extend output more 
Provide mask_param() function to uniformly mask secret parameters,
while still indicating whether they are empty.

Extend DO_WITH_DEBUG to allow masking a password parameter by position,
using mask_param().  Move from ash_functions to functions (isn't used
by ash scripts).

Mask password parameters in kexec-unseal-key and tpmr seal.  Use
mask_param() on existing masked params in tpmr.

Trim more troubleshooting output from tpm2_extend() in tpmr.

Clarify tpmr kexec_finalize echo; it's the TPM's platform heirarchy,
users might not know what this was referring to.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2023-03-08 12:45:55 -05:00
Jonathon Hall
eda24d85bf
*-flash.init: Use busybox ash 
Busybox no longer has CONFIG_BASH since we are deploying bash on most
boards.  We also should clearly indicate which scripts cannot use
bashisms.

Change shebang in x230-flash.init, t430-flash.init, flash.sh to
/bin/ash.  Execute /bin/sh for interactive shells.

Move key functions needed by those scripts to initrd/etc/ash_functions.
Source ash_functions instead of functions in those scripts, so any
bashisms in other functions won't break parsing of the script in ash.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2023-03-08 12:45:53 -05:00