Commit Graph

784 Commits

Author SHA1 Message Date
Jonathon Hall
a925219efb
oem-factory-reset: Improve prompt flow formatting flash drive
Combine prompt to disconnect other devices with prompt to connect the
desired device.

Show block device sizes in MB/GB when selecting device so it is easier
to select.  file_selector now supports --show-size to include block
device sizes in menu.

Rework file_selector so menu options can contain spaces (use bash
array) and to simplify logic.

Prompt to select flash drive and LUKS percentage in OEM reset before
actually taking any actions, so aborting doesn't half-reset the system.

Abort OEM reset if user aborts the flash drive selection instead of
looping forever.  (Canceling the confirmation still loops to retry but
it is possible to exit by aborting the repeated menu.)

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 13:54:37 -05:00
Thierry Laurion
e924a8afca
oem-factory-reset : Prompt user for any connected block device, give storage size and loop until none is connected to exit loop.
Warn user if connected usb block device is less then 128mb, since creating LUKS container of less then 8mb might cause issues.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-09 17:04:33 -05:00
Thierry Laurion
37872937f0
oem-factory-reset: unify booleen y/n variable usage and double check logic. Also move USB Security dongle capability detection under code already checking for USB Security Dongle's smartcard presence.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-07 14:34:50 -05:00
Thierry Laurion
160367d065
oem-factory-reset: normal output to inform user of consequences of generating keys on smartcard without backup, not a wanring anymore
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 16:05:08 -05:00
Thierry Laurion
659de63180
oem-factory-reset: fix typo : Same a GPG Admin PIN
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 16:02:37 -05:00
Thierry Laurion
388ee5198b
All TPM Extend additional context passed from console echo output to DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 15:53:17 -05:00
Jonathon Hall
fd6a947cb3
tpmr: Move last TPM owner password prompt/shred into tpmr
Prompt for TPM owner password internally within tpm2_counter_create.
Add tpm1_counter_create to prompt for password internally.  Wipe the
cache in either if the operation fails, in case the password was
incorrect.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-06 15:20:29 -05:00
Thierry Laurion
9e0491e9db
oem-factory-reset/librem boards: remove CONFIG_OEMRESET_OFFER_DEFAULTS=y and checks for it; the default of oem-factory-reset is now to propose user to use defaults first for simplicity of most common use case without allianating advanced users which can simply not accept the default and answer questionnaire
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 11:27:51 -05:00
Thierry Laurion
0042163861
kexec-seal-key: remove non-needed shred of file cached /tmp/secret/tpm_owner_password (done when sealing fails under tpmr)
- document why shred is still called under functions:check_tpm_counter for safety and add TODO there

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:30:11 -05:00
Thierry Laurion
923b4e1fe9
ash_functions:confirm_gpg_card: loop gpg_admin_pin prompt until non-empty
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:06:19 -05:00
Thierry Laurion
8d7efa021d
media-scan: die if gpg_auth fails (should loop and never exit anyway)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:04:51 -05:00
Thierry Laurion
bfc877c49c
kexec-select-boot/kexec-insert-key: add info message explaining why PCR 4 is extended
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:03:14 -05:00
Thierry Laurion
504f0336ac
init: add early boot 'o' option to jump directly to oem-factory-reset for OEM provisioning of secret prior of shipping products, once OS is installed and after MRC training happened on first boot.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:36 -04:00
Thierry Laurion
eee913d8d2
oem-factory-reset: add rudimentary mount_boot function so that oem-factory-reset can be called early at boot without /boot previously mounted. Also fix logic so that GPG User PIN is showed as configured when keytocard or smartcard only is configured.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:33 -04:00
Thierry Laurion
c064b78ef6
gui-init: fix TRACE: clean_check_boot stating mount_boot instead of clean_boot_check
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:30 -04:00
Thierry Laurion
4e10740453
oem-factory-reset/ash_functions/luks-functions: replace provisioning with configuring keywords. Tweak oem-factory-reset flow and questionnaire. Now first prompt is to ask if user wants to go advanced or use defaults.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:27 -04:00
Thierry Laurion
cd3ce6999c
tpmr/kexec-seal-key/functions: end refactoring of tpmr being in carge of wiping /tmp/secret/tpm_owner_password if invalid
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 13:53:47 -04:00
Thierry Laurion
afb817ca48
tpmr: give users better error/DEBUG messages in regard of TPM errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 11:07:36 -04:00
Thierry Laurion
84374dfbcd
kexec-seal-key/seal-totp/tpmr/functions: move wiping of tpm_owner_password to tpmr calls directly
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:54:16 -04:00
Thierry Laurion
e2985d386e
seal-totp/tpmr: differenciate die messages to show which between tpm1_seal/tpm2_seal or check_tpm_counter fails to seal as first step to possible refactor
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:15:52 -04:00
Thierry Laurion
51caab8ea4
functions: check_tpm_counter; add shred call to wipe tpm_owner_password if creating counter fails with cached tpm owner password so prompt_tpm_owner_password asks for it again on next run
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:10:05 -04:00
Thierry Laurion
9523b4fee2
unseal-totp: fix indentation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 09:31:44 -04:00
Thierry Laurion
6d7f9be414
TPM2: add DEBUG and fix path for TPM2 primary key handle hash.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 14:17:52 -04:00
Thierry Laurion
19c5d16e40
functions: guide user torward resetting TPM more directly if counter_increment fails.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:58:19 -04:00
Thierry Laurion
644a59ab60
oem-factory-reset: simplify first question for users to have a GPG key material backup and enable GPG Authentication
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:55:05 -04:00
Thierry Laurion
85266452fa
oem-factory-reset ash_functions: fix USB Security Dongle' smartcard -> USB Security Dongle's smartcard
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:54:39 -04:00
Thierry Laurion
48c446cd7d
functions: prompt_tpm_owner_password only reuses /tmp/secret/tpm_owner_password if already created by seal functions or itself. Sealing ops not being able to reuse the file shred it (kexec-seal-key and seal-totp)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 11:45:05 -04:00
Thierry Laurion
921acd0f6f
tpmr: move TPM2 related secrets artifacts to /tmp/secret to be autowiped when recovery shell is accessed. If you want to see those, use qemu and have main console launching qemu under recovery shell prior of doing ops you want to see /tmp/secret/ artifacts before being deleted. We still have pcap under /tmp which is as expected
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 11:45:02 -04:00
Thierry Laurion
af3287c001
luks_functions: fix width of whiptail messages with newlines so its not cut in the middle
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 15:07:36 -04:00
Thierry Laurion
2942d660de
oem-factory-reset: prmompt only for GPG User PIN when needed, warn users when no backup/when having only in-memory keygen backup without smartcard.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 14:27:22 -04:00
Thierry Laurion
c2c32c425b
ash_functions: have gpg_auth calls to confirm_gpg_card in subshell loop to force successful authentication
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 14:27:19 -04:00
Thierry Laurion
584c964064
oem-factory-reset: now permits to generate in-memory key, backuped to encrypted disk without copy to card from questionnaire. Can be tested out of the box on Qemu without modification from end of wizard's reboot call, prompting for gpg_auth when in debug mode.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:32 -04:00
Thierry Laurion
2aa9cfafb5
luks-functions: cleanup code of luks containers reported
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:29 -04:00
Thierry Laurion
4d72eb3120
oem-factory-reset: typo correction past tense
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:26 -04:00
Thierry Laurion
2a04fb5650
oem-factory-reset: RSA default should be 3072, not 3076. squash
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:22 -04:00
Thierry Laurion
a3086e9a1c
Remove TODO in code that were not relevant prior of first review
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:19 -04:00
Thierry Laurion
ad1bff6b23
oem-factory-reset: make initial questionnaire more concise
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:16 -04:00
Thierry Laurion
38fc097976
Squash: revert testing changes for RSA and unify once more USB Security dongle's usage
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:13 -04:00
Thierry Laurion
867fb8d023
RSA keygen adaptation testing with rsa 2048 in memory keygen and key to card missing pieces
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:09 -04:00
Thierry Laurion
e6eeb571b0
oem-factory-reset: simplify provisioned secret output at end of wizard, including GPG key material output passphrase (uses strings+=string)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:06 -04:00
Thierry Laurion
c3a5359a85
Squash: remove DEBUG that were TODO for removal
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:03 -04:00
Thierry Laurion
8a8634f6a3
oem-factory-reset seal-hotpkey: unify prompts and vocabulary
oem-factory-reset: bugfix, keytocard inverts prompts. First is keyring then smartcard.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:00 -04:00
Thierry Laurion
7cd44b6dc4
oem-factory-reset: further cleaning of code for proper validation and consistency checks for passphrases. Also skip flashing code on qemu boards with short explanation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:56 -04:00
Thierry Laurion
9c3fb35358
initrd/bin/reboot: BugFix in nv41/ns50 condition check to call nitropad-shutdown.sh (otherwise output error on console for improper condition in ash
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:53 -04:00
Thierry Laurion
7f5d9700b7
gpg_auth function was not failing properly on failing, die instead
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:50 -04:00
Thierry Laurion
05fc4c1747
PCR extend ops inform users on what happens, otherwise we tpm commands output on screen without context
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:47 -04:00
Thierry Laurion
9e838ad615
oem-factory-reset: make passphrases variables able to contain strings and validate things more solidly
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:43 -04:00
Thierry Laurion
56b602974b
WiP: NK3 with p256 ECC algo supported for in-memory keygen and key-to-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:40 -04:00
Thierry Laurion
b2cb9b4997
.ash_history: add history command for manual detached signed integrity validation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:34 -04:00
Thierry Laurion
cf065eeba2
bin/reboot: fix parameter order so that we pause when in DEBUG before rebooting
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:30 -04:00
Thierry Laurion
27c457f04b
TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm_password into tpm_owner_password and reusing correctly
i
TODO: fix all TODO in PR prior of review + squash

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:27 -04:00
Thierry Laurion
729f2b17b8
WiP to be squashed: we need to refactor prompt_tpm_password which is used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:24 -04:00
Thierry Laurion
15f1d0b77a
To Squash: changes to reboot were not ash compliant
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:21 -04:00
Thierry Laurion
3fb84f0b42
WiP: Clean cached /tmp/secret/tpm_password when sealing fails, otherwise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key
gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:17 -04:00
Thierry Laurion
911eb07565
TPM1/TPM2: unify wording for TPM Owner Password and cache it externally to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot
TODO: Why two functions prompt_tpm_password and prompt_new_owner_password
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:14 -04:00
Thierry Laurion
754e3c9165
bin/reboot: intercept reboot call when in DEBUG mode to type 'r' to go to recovery shell instead of rebooting
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:11 -04:00
Thierry Laurion
2ea62ff17e
/etc/functions: add missing TRACE traces to get where TPM passphrase should be written to file and reused since not all in same functions/files for TPM2
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:08 -04:00
Thierry Laurion
88d00dfcb2
scripts: unify luks in text/prompts/messages to LUKS
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:01 -04:00
Thierry Laurion
2697a6ad1f
WiP: further removal of unecessary debug messages
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:58 -04:00
Thierry Laurion
1f28c71447
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:55 -04:00
Thierry Laurion
eceb97aa4d
WiP: provide proper info/warn/die messages explaining causes of errors linked to detach signing errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:51 -04:00
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:48 -04:00
Thierry Laurion
b1e5c638cd
WiP
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:45 -04:00
Thierry Laurion
c0cf446034
flash-gui.sh: add proper checks and cleanup in case of npf rom archive 2023-10-31 09:47:47 -04:00
Thierry Laurion
eb1032a55d
flash-gui.sh: Add SHA256SUM and rom name in non npf rom prompt for manual hash verification 2023-10-31 09:34:29 -04:00
tlaurion
1733552fe7
Merge pull request #1505 from JonathonHall-Purism/upstream_28.1_librem_11
Add support for Librem 11
2023-10-30 15:38:02 -04:00
Thierry Laurion
139f77113c
ash_functions: make DEBUG call pass multiline messages one at a time to /tmp/debug.log and kmsg 2023-10-21 14:37:31 -04:00
Thierry Laurion
576e2a8fff
qubes release signing keys: move qubes-4.key to qubes-4.1.key, add qubes-4.2.key 2023-10-18 13:37:22 -04:00
Jonathon Hall
e6272b70fb
initrd/.ash_history: Add comments after reboot/poweroff
Add comments after reboot/poweroff to clarify what they do.  These
commands are here partly for discoverability by users who might not
know what to do in a recovery shell, so clarifying their purpose helps
those users figure out what to do.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-10-12 13:24:49 -04:00
Thierry Laurion
65e5286b5a
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console. 2023-10-10 12:28:52 -04:00
Thierry Laurion
0416896b82
etc/ash_function's warn/die/TRACE/DEBUG now output also under /dev/kmsg when DEBUG is enabled 2023-10-10 12:28:15 -04:00
Jonathon Hall
af5eb2edf9
Blob jail: Make device firmware available during initrd
Some device firmware, such as the graphics microcontroller, is needed
during the initrd - i915 is often loaded in the initrd, and this is the
only chance to load GuC firmware.

Device firmware must still be available after the real root is mounted
too, so update the custom firmware path in the kernel when the firmware
is moved to /run.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-29 15:36:31 -04:00
Jonathon Hall
55155f6558
boards/librem_11: Add Librem 11
Add Librem 11 board.

Librem 11 uses coreboot graphics init, which is done with FSP GOP.

Set a custom keymap for the volume/power keys.  Configure the volume
keys as up/down arrows (for navigation in fbwhiptail, and for shell
history in the Linux console).  Configure the power key as Enter.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-29 15:36:30 -04:00
Jonathon Hall
5021bec3cd
librem_11: Add loadkeys (from kbd), optionally enabled
Allow boards to optionally include loadkeys to set a custom keymap.
showkey and dumpkeys (normally only needed for development) can also be
optionally included.

Remove *.map from .gitignore; this was probably intended for build
artifacts that are now excluded via the build/ directory.

Add reboot and poweroff to shell history, which is useful for devices
lacking full hardware keyboards to escape the recovery shell with just
"up" and "enter".

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-29 15:29:19 -04:00
Thierry Laurion
cba8c4542c
oem-factory-reset: fix call to mount-usb --mode rw (fix #1497) 2023-09-07 16:27:43 -04:00
tlaurion
9849b99717
Merge pull request #1495 from JonathonHall-Purism/improve_flash_sh
initrd/bin/flash.sh: Improve speed and reliability
2023-09-06 10:24:09 -04:00
tlaurion
2c3987f9a3
Merge pull request #1485 from Nitrokey/nx-nitropad
add Nitropad NV41/NS50 TPM2 boards (2nd)
2023-09-06 10:15:17 -04:00
tlaurion
54bce87691
Merge pull request #1496 from JonathonHall-Purism/unseal-hotp-die-on-error
initrd/bin/unseal-hotp: Prevent script errors if unseal fails
2023-09-05 16:24:56 -04:00
Jonathon Hall
4d7c1cb388
initrd/bin/unseal-hotp: Prevent script errors if unseal fails
If the secret can't be unsealed, die immediately rather than continuing
on to generate errors.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-05 16:12:57 -04:00
Jonathon Hall
8342603993
initrd/bin/flash.sh: Improve speed and reliability
Improve speed by pre-filtering only for lines containing any tokens of
interest to flashrom_progress_tokenize().

Improve reliability by avoiding dropping tokens that cross a stream
buffer boundary.  Occasionally, a token could be missed if it crosses a
stream buffer boundary, due to read timing out too quickly before the
next buffer is flushed.  If this was a state-changing token,
flashrom_progress() would hang forever.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-05 16:04:30 -04:00
Jonathon Hall
003bec4fd4
initrd/bin/flash-gui.sh: Exit instead of errant return
Return is not valid outside of a function - exit instead.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-05 15:57:13 -04:00
tlaurion
8272d33e7c
Merge pull request #1482 from tlaurion/ease_tpm_disk_unlock_key_resealing_after_totp_mismatch-warn_and_die_changes
Ease TPM Disk Unlock Key sealing/resealing after TOTP mismatch (firmware upgrade) + warn and die changes
2023-09-05 11:48:50 -04:00
Markus Meissner
a00aed50d7
reboot/poweroff: run nitropad-shutdown.sh for required boards 2023-09-05 17:13:56 +02:00
Markus Meissner
fabddb4f7a
flash-gui.sh: add .npf handling; add create-npf.sh 2023-09-05 17:13:56 +02:00
Markus Meissner
902866cc29
add nitropad-shutdown.sh for EC based poweroff 2023-09-05 17:13:56 +02:00
Markus Meissner
075d40950b
oem-factory-reset: introduce GPG_ALGO
* use GPG_ALGO as gpg key generation algorithm
* determine GPG_ALGO during runtime like this:
  * if CONFIG_GPG_ALGO is set, use as preference
  * adapt based on usb-token capabilities (currently only Nitrokey 3)
2023-09-05 12:28:52 +02:00
Thierry Laurion
47eba7d80b
kexec-save-default: Fix multiple LUKS/LVM+LUKS suggestion + other working uniformization for DUK 2023-09-02 11:49:57 -04:00
Thierry Laurion
e291797e65
kexec-save-default : Finally fix #1474 under #1482 2023-09-02 04:21:08 -04:00
Thierry Laurion
8b0fc0f129
kexec-seal/save-key /etc/functions : some more uniformisation of TPM DUK verbiage 2023-09-02 04:19:43 -04:00
Thierry Laurion
51b1ad39c3
sbin/insmod wrapper: Add TRACE and DEBUG traces 2023-09-02 04:16:16 -04:00
Thierry Laurion
52947e2767
WiP TPM DUK cleanup 2023-09-02 01:53:31 -04:00
Thierry Laurion
e9dbce2adf
bin/unpack_initramfs.sh: Add TRACE and DEBUG traces 2023-09-02 01:51:50 -04:00
Thierry Laurion
0ba10e5174
path substitution still not working. This is PoC to be tested. Had to go 2023-09-01 18:19:29 -04:00
Thierry Laurion
a2a30020c0
TPM Disk Unlock Key setup: use unpack_initrd.sh, replace none with /secret.key. Still no joy 2023-09-01 16:28:53 -04:00
Thierry Laurion
4a7e23b4c6
Address review for: first set up of TPM DUK and renewal after firmware upg 2023-09-01 15:18:36 -04:00
Thierry Laurion
64ad01f333
WiP: Staging commit to facilitate review, will squash into previous commits once confirmed good 2023-08-31 14:36:27 -04:00
Thierry Laurion
67c865d151
TPM DISK Unlock Key : add cryptroot/crypttab to fix #1474
Tested working on both TPM1/TPM2 under debian bookwork, standard encrypted TLVM setup
2023-08-30 18:07:21 -04:00
Thierry Laurion
4910c1188f
TPM Disk Unlock Key sealing/renewal cleanup (Triggered automatically when resealing TOTP)
Changes:
- As per master: when TOTP cannot unseal TOTP, user is prompted to either reset or regenerate TOTP
- Now, when either is done and a previous TPM Disk Unlock Key was setuped, the user is guided into:
  - Regenerating checksums and signing them
  - Regenerating TPM disk Unlock Key and resealing TPM disk Unlock Key with passphrase into TPM
  - LUKS header being modified, user is asked to resign kexec.sig one last time prior of being able to default boot
- When no previous Disk Unlock Key was setuped, the user is guided into:
  - The above, plus
    - Detection of LUKS containers,suggesting only relevant partitions

- Addition of TRACE and DEBUG statements to troubleshoot actual vs expected behavior while coding
  - Were missing under TPM Disk Unlock Key setup codepaths

- Fixes for #645 : We now check if only one slots exists and we do not use it if its slot1.
  - Also shows in DEBUG traces now

Unrelated staged changes
- ash_functions: warn and die now contains proper spacing and eye attaction
- all warn and die calls modified if containing warnings and too much punctuation
- unify usage of term TPM Disk Unlock Key and Disk Recovery Key
2023-08-30 18:06:29 -04:00
Thierry Laurion
f6eed42208
Add external/usb disk encryption (adds exfatprogs and e2fsprogs)
prepare_thumb_drive: default to creating 10% LUKS container on usb drive, prompts for passphrase is not provided and scan drives if no --device specified

NOTE: qemu usb_thumb drive of 128 mb are not big enough so that 10% of it (12mb) can be used to create thumb drive.

Adds:
- e2fsprogs to support ext4 filesystem creation through mke2fs
- add /etc/mke2fs.conf so that mke2fs knows how to handle ext2/ext3/ext4
- removes mke2fs support from busybox
- bump busybox to latest version which adds cpu accelerated hash functions (not needed per se here)
- Adds exfatprogs to have mkfs.exfat and fsck.exfat
- Adds prepare_thumb_drive /etc/luks-functions to be able to prepare a thumb drive with percentage of drive assigned to LUKS, rest to exfat
- Modify most board configs to test space requirements failing
- Talos2 linux config: add staging Exfat support
- Make e2fsprogs and exfatprogs included by default unless explicitely deactivate in board configs
- Change cryptsetup calls : luksOpen to open and luksClose to close to addresss review
- etc/luks_functions: cleanup

GOAL here is to have secure thumb drive creation which Heads will be able to use to backup/restore/use generated GPG key material in the future (next PR)
2023-08-28 16:23:48 -04:00
Thierry Laurion
0b154aaee1
config-gui.sh: Add option to toggle DEBUG and TRACE output from Configuration Settings menu 2023-08-25 14:27:51 -04:00