Commit Graph

19 Commits

Author SHA1 Message Date
Thierry Laurion
85266452fa
oem-factory-reset ash_functions: fix USB Security Dongle' smartcard -> USB Security Dongle's smartcard
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:54:39 -04:00
Thierry Laurion
c2c32c425b
ash_functions: have gpg_auth calls to confirm_gpg_card in subshell loop to force successful authentication
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 14:27:19 -04:00
Thierry Laurion
7f5d9700b7
gpg_auth function was not failing properly on failing, die instead
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:50 -04:00
Thierry Laurion
2697a6ad1f
WiP: further removal of unecessary debug messages
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:58 -04:00
Thierry Laurion
1f28c71447
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:55 -04:00
Thierry Laurion
eceb97aa4d
WiP: provide proper info/warn/die messages explaining causes of errors linked to detach signing errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:51 -04:00
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:48 -04:00
Thierry Laurion
b1e5c638cd
WiP
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:45 -04:00
Thierry Laurion
139f77113c
ash_functions: make DEBUG call pass multiline messages one at a time to /tmp/debug.log and kmsg 2023-10-21 14:37:31 -04:00
Thierry Laurion
0416896b82
etc/ash_function's warn/die/TRACE/DEBUG now output also under /dev/kmsg when DEBUG is enabled 2023-10-10 12:28:15 -04:00
Thierry Laurion
4910c1188f
TPM Disk Unlock Key sealing/renewal cleanup (Triggered automatically when resealing TOTP)
Changes:
- As per master: when TOTP cannot unseal TOTP, user is prompted to either reset or regenerate TOTP
- Now, when either is done and a previous TPM Disk Unlock Key was setuped, the user is guided into:
  - Regenerating checksums and signing them
  - Regenerating TPM disk Unlock Key and resealing TPM disk Unlock Key with passphrase into TPM
  - LUKS header being modified, user is asked to resign kexec.sig one last time prior of being able to default boot
- When no previous Disk Unlock Key was setuped, the user is guided into:
  - The above, plus
    - Detection of LUKS containers,suggesting only relevant partitions

- Addition of TRACE and DEBUG statements to troubleshoot actual vs expected behavior while coding
  - Were missing under TPM Disk Unlock Key setup codepaths

- Fixes for #645 : We now check if only one slots exists and we do not use it if its slot1.
  - Also shows in DEBUG traces now

Unrelated staged changes
- ash_functions: warn and die now contains proper spacing and eye attaction
- all warn and die calls modified if containing warnings and too much punctuation
- unify usage of term TPM Disk Unlock Key and Disk Recovery Key
2023-08-30 18:06:29 -04:00
Jonathon Hall
89858f52a9
Merge remote-tracking branch 'github-heads/master' into pureboot-27-heads-upstream
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 15:15:23 -04:00
Kyle Rankin
79da79a5e4
Implement Restricted Boot Mode
Restricted Boot mode only allows booting from signed files, whether that
is signed kernels in /boot or signed ISOs on mounted USB disks. This
disables booting from abitrary USB disks as well as the forced "unsafe"
boot mode. This also disables the recovery console so you can't bypass
this mode simply by running kexec manually.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 13:26:45 -04:00
Thierry Laurion
995a6931f1
config-gui.sh: permit io386 platform locking to be dynamically disabled at runtime
ash_functions: make sure /tmp/config is sourced before going to recovery shell
TODO: revisit https://source.puri.sm/firmware/pureboot/-/blob/Release-27/initrd/bin/config-gui.sh#L33 to have proper config store later on
2023-06-20 12:42:12 -04:00
Thierry Laurion
8dbe85ddaf
Fix 'Tracing...' text output still stating functions instead of ash_functions where they are called from 2023-04-03 14:31:21 -04:00
Thierry Laurion
429d8bbead
move enable_usb from /etc/functions to /etc/ash_functions so that usb keyboard can be enabled from init
Reminder: insmod is a bash script and will fail on legacy-flash boards (which should not enable USB_KEYBOARD anyway)
2023-04-03 14:31:09 -04:00
Jonathon Hall
0760b6f237
init: Use busybox ash
init must use busybox ash because it is used on legacy-flash boards.
Change shebang, move needed functions to ash_functions.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 12:26:41 -04:00
Jonathon Hall
92a6b5410d
tpmr: Improve debug output, hide secrets, trim extend output more
Provide mask_param() function to uniformly mask secret parameters,
while still indicating whether they are empty.

Extend DO_WITH_DEBUG to allow masking a password parameter by position,
using mask_param().  Move from ash_functions to functions (isn't used
by ash scripts).

Mask password parameters in kexec-unseal-key and tpmr seal.  Use
mask_param() on existing masked params in tpmr.

Trim more troubleshooting output from tpm2_extend() in tpmr.

Clarify tpmr kexec_finalize echo; it's the TPM's platform heirarchy,
users might not know what this was referring to.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-08 12:45:55 -05:00
Jonathon Hall
eda24d85bf
*-flash.init: Use busybox ash
Busybox no longer has CONFIG_BASH since we are deploying bash on most
boards.  We also should clearly indicate which scripts cannot use
bashisms.

Change shebang in x230-flash.init, t430-flash.init, flash.sh to
/bin/ash.  Execute /bin/sh for interactive shells.

Move key functions needed by those scripts to initrd/etc/ash_functions.
Source ash_functions instead of functions in those scripts, so any
bashisms in other functions won't break parsing of the script in ash.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-08 12:45:53 -05:00