141 Commits

Author SHA1 Message Date
gaspar-ilom
e647e20b4a
refactor printing of battery state to confuse less users
only print the battery manufacturer in case there is more than one battery, otherwise omit it

make the code more readable for non-bash developers

extract common functions

Signed-off-by: gaspar-ilom <gasparilom@riseup.net>
2025-02-26 23:42:02 +01:00
Thierry Laurion
7ce3ac709f
functions: remove now unused calc helper, readd TRACE_FUNC and DEBUG info for future tracing and debug of now hackish bashisms.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-02-24 09:56:46 -05:00
gaspar-ilom
543ab5543e
refactor how battery status string is composed
simplify and make sure health and charge state are printed next to each other for the same battery

Signed-off-by: gaspar-ilom <gasparilom@riseup.net>
2025-02-23 00:06:51 +01:00
gaspar-ilom
60faa5f05c
fix show system info battery display in case there is more than 1 battery
show health and charge state for each battery

Signed-off-by: gaspar-ilom <gasparilom@riseup.net>
2025-02-23 00:04:41 +01:00
gaspar-ilom
cb8d23c45a
fix battery health and charging display in system info
calc was not found, but awk can do the job just fine and was anyway already used

Signed-off-by: gaspar-ilom <gasparilom@riseup.net>
2025-02-21 22:55:14 +01:00
Thierry Laurion
f02ab497a1
System Info (battery info): dependant functions: add tracing and debug
Repro:
On QEMU (no battery, debug + tracing on):
[   41.792342] TRACE: /bin/gui-init(383): show_main_menu
[   44.722784] TRACE: /etc/gui_functions(167): show_system_info
[   44.765643] TRACE: /etc/functions(1241): print_battery_charge
[   44.846725] DEBUG: No battery found in /sys/class/power_supply/
[   44.899241] TRACE: /etc/functions(1224): print_battery_health
[   45.009917] DEBUG: No battery found in /sys/class/power_supply/

Battery info not provided under whiptail output.
Info for battery depends on linux kernel enablement. Maybe something missing for t480.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-02-18 08:45:41 -05:00
Thierry Laurion
836af32a42
BUGFIX >2tb drives: replace all fdisk -l calls with stderr suppression (workaround)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-01-20 14:15:06 -05:00
Thierry Laurion
930d3e6114
BUGFIX: replace direct calls from LOG to INFO, so that only DO_WITH_DEBUG uses LOG. INFO manages console output to log or console
Quiet mode introduced output reduction to console to limit technical info provided to end users.
Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log
Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log

This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-01-13 11:00:14 -05:00
Thierry Laurion
8f7b1c4128
Revert "functions: remove DO_WITH_DEBUG call for kexec-parse-boot which redirects output to file used to show boot options in GUI"
This reverts commit 618ff26d28edd55faf498563d293842f41124c71.

This is not the proper way.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-01-13 10:50:42 -05:00
Thierry Laurion
618ff26d28
functions: remove DO_WITH_DEBUG call for kexec-parse-boot which redirects output to file used to show boot options in GUI
Thanks @3hhh for bug in PR bug report at https://github.com/linuxboot/heads/pull/1875#issuecomment-2580660074
This bug is present for all DO_WITH_DEBUG calls to functions redirecting output to file.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-01-09 13:49:14 -05:00
Jonathon Hall
516f7b6924
etc/functions: Fix SINK_LOG blank lines, add more dev doc
Add examples for capturing stderr or both stdout+stderr.

Trace blank lines with LOG like non-blank lines.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:21:40 -05:00
Thierry Laurion
97121ab86e
global: finalize switch from ash to bash shell, including recovery shell access
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:21:10 -05:00
Thierry Laurion
08f52af033
Deprecate ash in favor of bash shell; /etc/ash_functions: move /etc/ash_functions under /etc/functions, replace TRACE calls by TRACE_FUNC, remove xx30-flash.init
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:20:00 -05:00
Thierry Laurion
d768e80de6
WiP: staging changes, no more tpm output. Next warn /boot changed because htop counter and primary handle until removed outside of this PR
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:19:30 -05:00
Thierry Laurion
c7ab861325
Turn some info on default boot into LOGged info, LOG might go out forever if not pertinent to most?
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:19:25 -05:00
Thierry Laurion
eca4e34176
WiP: staging changes
Attacking nv index next for TPM nvram read in prod_quiet testing

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:19:19 -05:00
Thierry Laurion
19fd98df2d
WiP: staging changes (TPM1 regression fixes for LOG/DEBUG on quiet mode)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:19:01 -05:00
Jonathon Hall
be49517a0d
functions: Simplify dictionary word selection
The dice-rolls method was relatively complex and somewhat biased
(~2.4% biased toward 1-4 on each roll due to modulo bias).

Just pick a line from the dictionary at random.  Using all 32 bits of
entropy to pick a line once distributes the modulo bias so it is only
0.000003% biased toward the first 1263 words.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:18:38 -05:00
Jonathon Hall
98e20544ef
functions: Fix spelling of 'dictionaries'
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:18:32 -05:00
Thierry Laurion
a6df16ec3c
WiP initrd/bin/oem-factory-reset: add qrcode+secet output loop until user press y (end of reownership wizard secret output)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>

works:
- oem and user mode passphrase generation
- qrcode

missing:
- unattended
  - luks reencryption + passphrase change for OEM mode (only input to be provided) with SINGLE passphrase when in unattended mode
    - same for user reownership when previously OEM reset unattended

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:14:18 -05:00
Thierry Laurion
40df08ecbc
/etc/functions:: reuse detect_boot_device instead of trying only to mount /etc/fstab existing /boot partition (otherwise early 'o' to enter oem mode of oem-factory-reset
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:14:12 -05:00
Thierry Laurion
1da5119584
initrd/etc/functions: add generate_passphrase logic
Nothing uses it for the moment, needs to be called from recovery shell: bash, source /etc/functions. generate_passphrase

- parses dictionary to check how many dice rolls needed on first entry, defaults to EFF short list v2 (bigger words easier to remember, 4 dices roll instead of 5)
  - defaults to using initrd/etc/diceware_dictionnaries/eff_short_wordlist_2_0.txt, parametrable
  - make sure format of dictionary is 'digit word' and fail early otherwise: we expect EFF diceware format dictionaries
- enforces max length of 256 chars, parametrable, reduces number of words to fit if not override
- enforces default 3 words passphrase, parametrable
- enforces captialization of first letter, lowercase parametrable
- read multiple bytes from /dev/urandom to fit number of dice rolls

Unrelated: uniformize format of file

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:13:54 -05:00
Thierry Laurion
faa77d4064
/etc/functions:mount_possible_boot_device; punch exclusion of mount attempt on partitions <2Mb (4096 sectors)
Removes spurious errors thrown for exfat in dmesg in that function. Something better to propose?

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-09 10:45:27 -04:00
Jonathon Hall
a767347afd
kexec-boot: Only capture kexec -d output to log, not console/kmsg
LOG() is added to log to the log only (not kmsg, more verbose than
TRACE).

DO_WITH_DEBUG only captures stdout/stderr to the log with LOG().

kexec-boot silences stderr from kexec, we don't want it on the console.

No need to repeat the kexec command when asking in debug to continue
boot, it's no longer hidden behind verbose output from kexec.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-04-19 14:14:54 -04:00
Jonathon Hall
d3656bbe65
kexec-boot, functions: Restore eval and DO_WITH_DEBUG that were deleted
`eval "$kexeccmd"` should become `DO_WITH_DEBUG eval "$kexeccmd"` when
adding DO_WITH_DEBUG, command invocation is still the same, still needs
eval.

Restore DO_WITH_DEBUG in front of kexec-parse-boot that had been
removed.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-04-19 13:48:27 -04:00
Jonathon Hall
d8810b7032
functions: DO_WITH_DEBUG: Label stderr/stdout more clearly
"$1 err:" looked like an error, but often there's output on stderr
that's diagnostic (like kexec -d).  "$1 stderr:" is clearer.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-04-19 13:31:29 -04:00
Jonathon Hall
015af7e6c7
functions: Add visibility to DO_WITH_DEBUG without affecting command
DO_WITH_DEBUG traces command exit status (if failed), stdout/stderr (if
not empty), and PATH (if command was not found).  The caller still
observes the exit status, and stdout/stderr still go to the caller as
well.

This way, DO_WITH_DEBUG can be inserted anywhere with minimal spam in
the logs and without affecting the script.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-04-19 10:29:43 -04:00
Thierry Laurion
ae5f9c5416
Improve DEBUG and DO_WITH_DEBUG output handling to also keep output of kexec -l when BOARD is in DEBUG+TRACE mode (configuration settings menu + flash)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-18 16:30:13 -04:00
Jonathon Hall
a6228b9843
functions: Improve detect_boot_device to silence exFAT errors
When testing a possible boot device, detect its partition type and
skip grub, LUKS, and LVM partitions.  These aren't mountable as /boot,
this silences spurious exFAT errors.

In detect_boot_device, skip testing CONFIG_BOOT_DEV a second time if it
is found as a block device.  This avoids doubling any errors shown from
checking this device, no sense trying it twice.

Refactor some logic to avoid duplication - extract
device_has_partitions and use it in detect_boot_device, extract
mount_possible_boot_device and use it instead of duplicating the logic.

Move find_lvm_vg_name() to /etc/functions.

Avoid mixing up similarly-named devices like 'nvme0n1'/'nvme0n10' or
'sda'/'sdaa' - it's probably unlikely that many devices will appear,
but looking for partitions in '/sys/class/block/<device>/' instead of
'/dev/' would avoid any collisions.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-02-02 17:14:33 -05:00
Thierry Laurion
40c34453df
all scripts: replace TRACE manual strings with dynamic tracing by bash debug
Exception: scripts sourcing/calls within etc/ash_functions continues to use old TRACE functions until we switch to bash completely getting rid of ash.
This would mean getting rid of legacy boards (flash + legacy boards which do not have enough space for bash in flash boards) once and for all.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-02-01 15:48:27 -05:00
tlaurion
5a75e6bffa
Merge pull request #1586 from JonathonHall-Purism/root-file-hash-qubes
Root file hashing: support Qubes default partition layout (+ tracing helpers)
2024-02-01 14:25:48 -05:00
Thierry Laurion
6db03b0bdd
Uniformize vocabulary: LUKS TPM Disk Unlock Key & LUKS Disk Recovery Key
When playing with long fbwhiptail/whiptail messages, this commit played around the long string using fold.

'''
echo -e "This will replace the encrypted container content and its LUKS Disk Recovery Key.\n\nThe passphrase associated with this key will be asked from the user under the following conditions:\n 1-Every boot if no Disk Unlock Key was added to the TPM\n 2-If the TPM fails (hardware failure)\n 3-If the firmware has been tampered with/modified by the user\n\nThis process requires you to type the current LUKS Disk Recovery Key passphrase and will delete the LUKS TPM Disk Unlock Key slot, if set up, by setting a default boot LUKS key slot (1) if present.\n\nAt the next prompt, you may be asked to select which file corresponds to the LUKS device container.\n\nHit Enter to continue." | fold -w 70 -s
'''

Which gave the exact output of what will be inside of the fbwhiptail prompt, fixed to 70 chars width:

'''
This will replace the encrypted container content and its LUKS Disk
Recovery Key.

The passphrase associated with this key will be asked from the user
under the following conditions:
 1-Every boot if no Disk Unlock Key was added to the TPM
 2-If the TPM fails (hardware failure)
 3-If the firmware has been tampered with/modified by the user

This process requires you to type the current LUKS Disk Recovery Key
passphrase and will delete the LUKS TPM Disk Unlock Key slot, if set
up, by setting a default boot LUKS key slot (1) if present.

At the next prompt, you may be asked to select which file corresponds
to the LUKS device container.

Hit Enter to continue.
'''

Therefore, for long prompts in the future, one can just deal with "\n 1-" alignments to be respected in prompts and have fold deal with cutting the length of strings properly.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-01-20 11:47:35 -05:00
Jonathon Hall
e0b46d086a
functions: TRACE_FUNC and DEBUG_STACK
Add TRACE_FUNC to trace the file, line, and name of the calling
function.  File and function names don't have to be duplicated in a
TRACE statement with this (they tend to become inaccurate as functions
are renamed and the TRACE statement is forgotten).

Add DEBUG_STACK to dump the bash stack to debug output.

Configure bash with --enable-debugger.  Bash doesn't actually include
the entire debugger, this is just some supporting variables for it.
Evidently, BASH_SOURCE[n] is only set within a function if this is
enabled.  I couldn't find this indicated in any documentation, but it
happened in practice.

Compressed initrd size only increased by 2560 bytes for librem_mini_v2,
I think that is fine.  This also gives us BASH_ARGC/BASH_ARGV which
might be useful for diagnostics.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-17 16:32:37 -05:00
Jonathon Hall
fd6a947cb3
tpmr: Move last TPM owner password prompt/shred into tpmr
Prompt for TPM owner password internally within tpm2_counter_create.
Add tpm1_counter_create to prompt for password internally.  Wipe the
cache in either if the operation fails, in case the password was
incorrect.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-06 15:20:29 -05:00
Thierry Laurion
0042163861
kexec-seal-key: remove non-needed shred of file cached /tmp/secret/tpm_owner_password (done when sealing fails under tpmr)
- document why shred is still called under functions:check_tpm_counter for safety and add TODO there

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:30:11 -05:00
Thierry Laurion
cd3ce6999c
tpmr/kexec-seal-key/functions: end refactoring of tpmr being in carge of wiping /tmp/secret/tpm_owner_password if invalid
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 13:53:47 -04:00
Thierry Laurion
84374dfbcd
kexec-seal-key/seal-totp/tpmr/functions: move wiping of tpm_owner_password to tpmr calls directly
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:54:16 -04:00
Thierry Laurion
51caab8ea4
functions: check_tpm_counter; add shred call to wipe tpm_owner_password if creating counter fails with cached tpm owner password so prompt_tpm_owner_password asks for it again on next run
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:10:05 -04:00
Thierry Laurion
19c5d16e40
functions: guide user torward resetting TPM more directly if counter_increment fails.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:58:19 -04:00
Thierry Laurion
48c446cd7d
functions: prompt_tpm_owner_password only reuses /tmp/secret/tpm_owner_password if already created by seal functions or itself. Sealing ops not being able to reuse the file shred it (kexec-seal-key and seal-totp)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 11:45:05 -04:00
Thierry Laurion
a3086e9a1c
Remove TODO in code that were not relevant prior of first review
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:19 -04:00
Thierry Laurion
c3a5359a85
Squash: remove DEBUG that were TODO for removal
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:03 -04:00
Thierry Laurion
27c457f04b
TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm_password into tpm_owner_password and reusing correctly
i
TODO: fix all TODO in PR prior of review + squash

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:27 -04:00
Thierry Laurion
729f2b17b8
WiP to be squashed: we need to refactor prompt_tpm_password which is used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:24 -04:00
Thierry Laurion
3fb84f0b42
WiP: Clean cached /tmp/secret/tpm_password when sealing fails, otherwise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key
gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:17 -04:00
Thierry Laurion
911eb07565
TPM1/TPM2: unify wording for TPM Owner Password and cache it externally to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot
TODO: Why two functions prompt_tpm_password and prompt_new_owner_password
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:14 -04:00
Thierry Laurion
2ea62ff17e
/etc/functions: add missing TRACE traces to get where TPM passphrase should be written to file and reused since not all in same functions/files for TPM2
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:08 -04:00
Thierry Laurion
eceb97aa4d
WiP: provide proper info/warn/die messages explaining causes of errors linked to detach signing errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:51 -04:00
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:48 -04:00
Thierry Laurion
b1e5c638cd
WiP
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:45 -04:00