Add TRACE_FUNC to trace the file, line, and name of the calling
function. File and function names don't have to be duplicated in a
TRACE statement with this (they tend to become inaccurate as functions
are renamed and the TRACE statement is forgotten).
Add DEBUG_STACK to dump the bash stack to debug output.
Configure bash with --enable-debugger. Bash doesn't actually include
the entire debugger, this is just some supporting variables for it.
Evidently, BASH_SOURCE[n] is only set within a function if this is
enabled. I couldn't find this indicated in any documentation, but it
happened in practice.
Compressed initrd size only increased by 2560 bytes for librem_mini_v2,
I think that is fine. This also gives us BASH_ARGC/BASH_ARGV which
might be useful for diagnostics.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Laptops can include optional USB keyboard support (default off unless
the board also sets the default to 'y'). The setting is in the
configuration GUI.
CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those
boards. 'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict
with prior releases that expect this to be a compile-time setting only
(conflicts risk total lock out requiring hardware flash, so some
caution is justified IMO).
Boards previously exporting CONFIG_USB_KEYBOARD now export
CONFIG_USB_KEYBOARD_REQUIRED. Those boards don't have built-in
keyboards, USB keyboard is always enabled. (librem_mini,
librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2,
kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb).
Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable
optional support. The default is still 'off'.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
'find' may fail if I/O errors occur (medium faulty or removed,
filesystem corruption, etc.) Show a message if this occurs rather than
just dying and returning to the main menu.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If the user selects a plain ROM, but that file can't be read, show a
message and exit rather than dying. Copy the ROM to RAM before doing
anything with it in case the media fails later.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If we can't mount /boot, show a meaningful error rather than dropping
to a recovery shell.
Dropping to a recovery shell should be a last resort. Users that know
how to use the recovery shell know how to get there. Users that don't
know how to use it can be completely stuck and may not know how to get
back to the menu or even how to turn off the device.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Automatic boot can be configured in the configuration GUI. Options are
disable, 1 second, 5 seconds, or 10 seconds.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Change order if user chooses both reencrypt and change passphrase, so that passphrase is changed first.
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
Removed all mentions of a "Recovery Disk Key" and replaced with "Disk Recovery Key".
Fixed some grammatical errors.
Added check for new passphrase in reencrypt function to accommodate switching of reencrypt and new passphrase setting order in oem-factory-reset.
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
Uses fold on the entire passphrase string now; tested in recovery shell of NK Heads 2.1.
Reverted change of WIDTH parameter (first commit of this PR).
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
This partially fixes#1537, but while the increased width wouldn't be a problem on the NV41 AFAICT, I don't know about other machines.
I don't know what @tlaurion means with "busybox's folding", which may be a better solution.
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
The call to `hotp_verification regenerate` seems to leave the
communication in a bad state, thus the following `gpg` calls fail. With
this workaround `scdaemon` will resart with the next `gpg` call.
Signed-off-by: Markus Meissner <coder@safemailbox.de>
talos-2 (only) uses .tgz instead of .rom for updates. Currently, both
are treated as alternatives to a ZIP-format update archive with
SHA-256 integrity check, extend that to the prompts to reduce clutter.
Reflow the "You will need ... your BIOS image" prompt to fit on
fbwhiptail.
The .tgz format could be better integrated with the ZIP updates, but
this needs more work specific to talos-2.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Allow configuring the ZIP-format update file extension with
CONFIG_BRAND_UPDATE_PKG_EXT in board config. Default is 'zip'.
Create update package in the default Makefile target. Delete
create_npf.sh.
Do not require /tmp/verified_rom in the update file package's
sha256sum.txt (but allow it for backward compatibility).
Show the integrity error if unzip fails instead of dying (which returns
to main menu with no explanation, error is left on recovery console).
This is the most likely way corruption would be detected as ZIP has
CRCs. The sha256sum is still present for more robust detection.
Don't require the ROM to be the first file in sha256sum.txt since it
raises complexity of adding more files to the update archive in the
future. Instead require that the package contains exactly one file
matching '*.rom'.
Restore confirmation prompt for the update-package flow, at some point
this was lost.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Don't repeat this message if the user says "no" to the confirmation
prompt. Go directly to the menu.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Move confirmation of formatting flash drive with LUKS percentage
selection before any reset actions have been taken, so aborting does
not result in a half-reset system. Combine with the more basic
"confirm" prompt that existed after selecting the device (but did not
include the LUKS size information).
Split up prepare_flash_drive into interactive_prepare_flash_drive (both
prompts and formats as before), confirm_thumb_drive_format (just
confirms the selections), and prepare_thumb_drive (now noninteractive).
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Combine prompt to disconnect other devices with prompt to connect the
desired device.
Show block device sizes in MB/GB when selecting device so it is easier
to select. file_selector now supports --show-size to include block
device sizes in menu.
Rework file_selector so menu options can contain spaces (use bash
array) and to simplify logic.
Prompt to select flash drive and LUKS percentage in OEM reset before
actually taking any actions, so aborting doesn't half-reset the system.
Abort OEM reset if user aborts the flash drive selection instead of
looping forever. (Canceling the confirmation still loops to retry but
it is possible to exit by aborting the repeated menu.)
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Warn user if connected usb block device is less then 128mb, since creating LUKS container of less then 8mb might cause issues.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Prompt for TPM owner password internally within tpm2_counter_create.
Add tpm1_counter_create to prompt for password internally. Wipe the
cache in either if the operation fails, in case the password was
incorrect.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
- document why shred is still called under functions:check_tpm_counter for safety and add TODO there
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Add comments after reboot/poweroff to clarify what they do. These
commands are here partly for discoverability by users who might not
know what to do in a recovery shell, so clarifying their purpose helps
those users figure out what to do.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Some device firmware, such as the graphics microcontroller, is needed
during the initrd - i915 is often loaded in the initrd, and this is the
only chance to load GuC firmware.
Device firmware must still be available after the real root is mounted
too, so update the custom firmware path in the kernel when the firmware
is moved to /run.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>