Commit Graph

366 Commits

Author SHA1 Message Date
Thierry Laurion
90b2e0ca5d
kexec-save-default: do /boot operation in subshell
fixes screwed commit 6f6f37ec3a
2023-01-13 14:54:14 -05:00
Thierry Laurion
1dd8fb4cf1
gui-init: add a print clear after TOTP Qr code being confirmed to be scanned by user 2023-01-13 11:25:27 -05:00
Thierry Laurion
aa9b75f64d
/boot: make sure operations requiring to be happening under /boot are under subshells 2023-01-11 13:59:26 -05:00
Thierry Laurion
d3eb708bcb
TOTP code mismatch: better guidelines in code 2023-01-04 16:07:38 -05:00
Jonathon Hall
817b9b3bb7
gui-init: Always go to main menu when selecting "continue to main menu"
If the user selects "continue to main menu" from an error, do not show
any more error prompts until reaching the main menu.

We still try to initialize everything (GPG, TOTP, HOTP) so that the
main menu can still show TOTP/HOTP if GPG is not configured, etc., but
no more prompts are shown after selecting "continue to main menu".

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-11-23 14:01:02 -05:00
Thierry Laurion
81b4bb77de
whiptail: no more whiptail reseting console on call (--clear)
So we have console logs to troubleshoot errors and catch them correctly
2022-11-15 15:11:58 -05:00
Thierry Laurion
83591fbbc1
talos II: die when tgz archive is corrupt 2022-11-14 18:05:32 -05:00
tlaurion
5e00800877
Merge pull request #1222 from SergiiDmytruk/flashrom 2022-11-11 15:37:25 -05:00
Sergii Dmytruk
472ca6fb30
flash-gui.sh: accept tgz package for Talos boards
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-11-11 00:59:45 +02:00
Sergii Dmytruk
5ee3219322
Add cbfs wrapper script to handle PNOR
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-11-11 00:59:12 +02:00
Jonathon Hall
3c0e5c06c6
kexec-parse-boot: Refactor common parts of echo_entry()
A lot of echo_entry() is now common to elf/multiboot/xen kernels, just
branch for the type-specific logic.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-11-10 11:30:38 -05:00
Jonathon Hall
698360199c
kexec-parse-boot: Ensure kernel/initrd paths exist in boot option
If a boot option doesn't refer to a valid file for the kernel/initrd,
ignore it.  Such an option is never bootable, because we would fail to
find the kernel/initrd.  This could happen if the path contained GRUB
variables, or specified a device that wasn't /boot, etc.

This is checked before expanding GRUB variables.  It's unlikely that
any kernel/initrd path containing variables would end up working when
all variables expand to nothing (since we do not handle GRUB
variables).

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-11-10 11:30:38 -05:00
Jonathon Hall
2a8a7655d3
kexec-parse-boot: Trim device specifications from GRUB entries
Some configs specify kernel/initrd paths relative to a device (often
found in a variable).  Assume the device is the /boot partition and
ignore the device specification.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-11-10 11:30:34 -05:00
Thierry Laurion
9bb6be8874
whiptail: fixate width to 80 characters and have height dynamic to all whiptail/fbwhiptail prompts 2022-11-09 11:51:27 -05:00
tlaurion
77c6ac9bea
Merge pull request #1235 from JonathonHall-Purism/partitioned-usb-improvements
mount-usb: Improve reliability with partitioned disks
2022-11-04 13:40:15 -04:00
Matt DeVillier
297369fd8b
oem-factory-reset: Add missing newline to prompt
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2022-11-03 18:42:32 -04:00
Jonathon Hall
a8a843ecc8
mount-usb: Improve reliability with partitioned disks
Extract exclusion for unpartitioned block device of partitioned media
to gui_functions, and exclude them even if kernel hasn't listed the
partitions yet.  (Fixes flash/USB boot prompts incorrectly trying to
use the whole device for partitioned media the first time.)

Ignore block devices of size 0, like empty USB SD card readers.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-11-03 18:22:03 -04:00
Thierry Laurion
5a7902c5ab
flash.sh: single firmware read backup and logic fixes
- Have Talos II supported by detecting correctly size of mtd chip (not internal: different flashrom output needs to be parsed for chip size)
- Read SPI content only once: 66% speedup (TOCTOU? Don't think so, nothing should happen in parallel when flashing insingle user mode)
- Have the main flash_progress loop not break, but break in flash_rom state subcases (otherwise, verifying step was breaking)
- Change "Initializing internal Flash Programmer" -> "Initializing Flash Programmer"
- Apply changes suggested by @SergiiDmytruk under https://github.com/osresearch/heads/pull/1230#issuecomment-1295332539 to reduce userland wasted time processing flashrom -V output
2022-10-28 14:59:24 -04:00
Sergii Dmytruk
75748e86b7
gui-init: fix TOTP/HOTP initialization on missing OS
Skip only GPG key check, but always init TOTP and HOTP.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-21 00:05:20 +03:00
Victor Bessonov
a221321b6a Allow gpg to select digest algo
EC signatures requires that the digest has the corresponding length. Removing the hardcoded sha2-256 hash function and adding support of sha2-384 and sha2-512 should allow using EC crypto.
2022-07-23 01:10:52 +03:00
Thierry Laurion
cc28121beb
gui-init: Have TPMTOTP QrCode named under TOTP app with $BOARD_NAME 2022-06-22 16:43:29 -04:00
Thierry Laurion
810daebc58
oem-system-info-xx30: fix missing exec mode on shell script 2022-06-15 15:40:37 -04:00
Thierry Laurion
7548580450
create oem-system-info-xx30 (w/trackpad info)
- Take System Info changes from 06311ff068 (Thanks to @nestire)
- Move changes to seperate script under /bin/oem-system-info-xx30
- Add additional camera and wifi card IDs, add synaptic touchpad detection if kernel has module built in

Above changes squashed in this commit.
2022-06-10 10:00:25 -04:00
Thierry Laurion
32e7031678
bin/oem-factory-reset: prevent users to choose a GPG Admin PIN > 25 chars which would fail HOTP sealing
Fixes https://github.com/osresearch/heads/issues/1167
Circumvents https://github.com/Nitrokey/nitrokey-pro-firmware/issues/32
Adds validation so user cannot enter GPG User PIN > 64 while we are at it.

Note that GPG PINs can be up to 64 characters.
But GPG Admin PIN will fail HOTP sealing with GPG Admin PIN of more then 25 chars.

Edit: change upstream error to firmware issue, not nitrokey-app.
2022-06-02 14:08:39 -04:00
Thierry Laurion
37bb4906ce
oem-factory-reset: fix bug where it was impossible to just change LUKS passphrase without reencrypting encrypted container.
Since /etc/luks-functions are currently exporting passphrases tested good per cryptsetup to be reused in the code,
the logic calling both luks_reencrypt and luks_change_passphrase testing for non-empty luks_current_Disk_Recovery_Key_passphrase
was bogus.

This commit includes a new variable luks_new_Disk_Recovery_Key_desired which is set when reencryption is desired.
The 3 use cases (reencrypt+passphrase change, reencrypt no passphrase change and passphrase change alone now only test
for luks_new_Disk_Recovery_Key_desired and luks_new_Disk_Recovery_Key_passphrase_desired, nothing else.
2022-05-03 16:41:07 -04:00
Thierry Laurion
e60287fa1d
bin/network-init-recovery: generate random MAC and set it to eth0
network-init-reovery can be used to automatically set RTC clock to obtained NTP clock.
The script would fail if other devices devices previously registered on the network with the same MAC.
Consequently, maximized boards are detected here, and a full random MAC is generated and used instead of using hardcoded DE:AD:C0:FF:EE.
2022-04-29 10:26:12 -04:00
Thierry Laurion
70572fd100
oem-factory-reset: Only set default boot option if no TPM Disk Unlock Key
This continues to generate checksums and sign them per new GPG User PIN, but does not set a default boot option.
The user hitting Default Boot on reboot will go through having to setup a new boot default, which will ask him to setup a Disk Unlock Key if desired.

Otherwise, hitting Default Boot goes into asking the user for its Disk Recovery Key passphrase, and requires to manually setup a default boot option.
2022-04-13 14:29:54 -04:00
Thierry Laurion
4e5f781be3
fix removal of --menu from commit ba054b15c3 2022-04-13 11:15:52 -04:00
Matt DeVillier
ba054b15c3
kexec-select-boot: use 'fold' to wrap kernel args at 80 char
Prevents truncation via fbwhiptail window

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2022-04-07 14:32:29 -05:00
Matt DeVillier
025f914eb3
kexec-select-boot: Skip duplicate prompt when setting new default boot entry
The text based prompt isn't needed when using a GUI menu for selection/confirmation, so skip it

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2022-04-07 13:21:29 -05:00
Matt DeVillier
19067a9a72
kexec-select-boot: Simplify boot selection confirmation, reverse order
Simplify the menu options by removing the duplication of the entry name
in the menu selections; instead, use clear verbiage to distinish
between booting one time and making the default. And as the majority of
the boot menu is shown is when the grub entires have changed and the
user is prompted to select a new default, so make that the first/default
menu option.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2022-04-07 13:21:27 -05:00
Matt DeVillier
7769d13996
kexec-select-boot: Simplify boot menu entries
Drop the duplicated kernel info which hurts readability, runs off the
end of the menu window. This also makes it easier to identify which
menu option is the default, and more closely resembles the grub menu
shown in a traditional BIOS boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2022-04-07 12:25:37 -05:00
Matt DeVillier
f3d4924646
/bin/reencrypt-luks: rename to /etc/luks-functions
Move/rename as file is only sourced, not directly executed

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2022-04-06 17:17:07 -05:00
Thierry Laurion
9760181d09
Uniformize time display so it includes timezone
date=`date "+%Y-%m-%d %H:%M:%S %Z"`
2022-03-25 18:46:13 -04:00
Thierry Laurion
8f390f97c2
add integrity report in case some public key is already fused in firmware
- initrd/bin/oem-factory-reset: adds a measured integrity output prior of prompts. Goal is for stating TOTP/HOTP/boot detached signed measurements prior of initiating a Re-Ownership, validating provisioned OEM state.
2022-03-25 13:31:26 -04:00
Thierry Laurion
dacd99c629
add re-encrypting and passphrase change options to oem-factory-reset
- initrd/bin/oem-factory-reset: add 2 additional prompts defaulting to N, also explaining why its important.
2022-03-23 15:55:42 -04:00
Thierry Laurion
b976309498
add re-encrypt and passphrase change options to menu
- initrd/bin/gui-init : Add two additional menu options to LUKS reencrypt and LUKS passphrase change, calling functions of initrd/bin/reencrypt-luks
- initrd/bin/gui-init : Add option F for EOM Factory Reset / Reownership when no public key is exported by key-init
2022-03-23 15:50:58 -04:00
Thierry Laurion
058b07110b
add reencrypt-luks
initrd/bin/reencrypt-luks: add functions for reencryption and passphrase change. Feeds itself from external provisioning or local provisioning
2022-03-23 15:47:33 -04:00
Thierry Laurion
9016ebccc2 OEM Factory Reset -> OEM Factory Reset / Re-Ownership (with customs passwords and provisioned info given)
oem-factory-reset: adapt code so that custom passphrases can be provided by user without changing oem factory reset workflow.
    oem-factory-reset: output provisioned secrets on screen at the end of of the process.
    oem-factory-reset: warn user of what security components will be provisioned with defaults/customs PINs prior of choosing not after
    gui-init and oem-factory-reset: change OEM Factory Reset -> OEM Factory Reset / Re-Ownership to cover actual use cases
2022-03-11 14:24:54 -05:00
Thierry Laurion
acf709184f bin/kexec-iso-init: Add support for Arch iso support requirements (found at https://mbusb.aguslr.com/howto.html) 2022-03-07 19:02:29 -05:00
tslil clingman
19a8f9c242 Tweak syslinux parsing code to be compatible with new Arch isos 2022-03-07 19:02:29 -05:00
Marek Marczykowski-Górecki
ab6425cc7e
Check for /bin/hotp_verification instead of CONFIG_HOTPKEY
CONFIG_HOTPKEY is not exported to the initrd, check for binary presence.
2022-03-04 00:49:37 +01:00
Marek Marczykowski-Górecki
13a12d157b Move enable_usb earlier
It is going to be enabled later anyway (if CONFIG_HOTPKEY=y), so it can
also be simplified by enabling it at the very beginning.

This enables USB keyboard consistently during all boot menus, including
the "No Bootable OS Found" prompt. It isn't a big deal for "normal"
laptop usage, but it is important for automatic tests and also
non-laptop systems.
2022-03-01 13:39:59 -05:00
HardenedVault
b4b0bc4a7a Use luksHeaderBackup rather than luksDump to measure luks headers. 2022-01-19 10:12:37 -05:00
Matt DeVillier
519bd445d6 flash.sh: Add progress bar
Show state of flashrom reads/writes by means of a progress bar,
as used in the Librem coreboot flashing scripts

v2: add adjustment for use with `--ifd`

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-12-17 16:48:34 -05:00
Thierry Laurion
415a08a732 board additions: w530, t530, t520 (hotp-maximized and maximized flavors only)
-CircleCI addition.
-Removal of t530-flash, w530-flash boards, flash scripts and associated coreboot configs (no more legacy boards additions)

This is a merger of #1071, #1072 and #1073 so that test builds are available over CircleCI until osresearch/master CircleCI gets unlocked.
2021-12-06 19:52:25 -05:00
eganonoa
ce435a4148 adding working w530 board, initrd and config files 2021-12-06 19:52:25 -05:00
eganonoa
66e5c23b13 adding working t530 board, initrd and config files 2021-12-06 19:52:25 -05:00
icequbes1
b35e1bcbb3 oem-factory-reset: fix whiptail height/width order 2021-11-24 17:00:25 -05:00
Matt DeVillier
fdbd9b2d48 gui-init: Handle overflow of list of files w/failed hashes
When files in /boot fail hash verification, the list of files
can sometimes overflow the whiptail msgbox, preventing the
prompt and buttons to update checksums from showing. To mitigate
this, if # of files is > 10, use less to show the file list and
present a separate prompt to update the checksums once the file
list has been viewed.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-29 16:11:28 -04:00