Commit Graph

812 Commits

Author SHA1 Message Date
Jonathon Hall
e0b46d086a
functions: TRACE_FUNC and DEBUG_STACK
Add TRACE_FUNC to trace the file, line, and name of the calling
function.  File and function names don't have to be duplicated in a
TRACE statement with this (they tend to become inaccurate as functions
are renamed and the TRACE statement is forgotten).

Add DEBUG_STACK to dump the bash stack to debug output.

Configure bash with --enable-debugger.  Bash doesn't actually include
the entire debugger, this is just some supporting variables for it.
Evidently, BASH_SOURCE[n] is only set within a function if this is
enabled.  I couldn't find this indicated in any documentation, but it
happened in practice.

Compressed initrd size only increased by 2560 bytes for librem_mini_v2,
I think that is fine.  This also gives us BASH_ARGC/BASH_ARGV which
might be useful for diagnostics.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-17 16:32:37 -05:00
Jonathon Hall
0a823cb491
Allow laptops to include optional USB keyboard support
Laptops can include optional USB keyboard support (default off unless
the board also sets the default to 'y').  The setting is in the
configuration GUI.

CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those
boards.  'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict
with prior releases that expect this to be a compile-time setting only
(conflicts risk total lock out requiring hardware flash, so some
caution is justified IMO).

Boards previously exporting CONFIG_USB_KEYBOARD now export
CONFIG_USB_KEYBOARD_REQUIRED.  Those boards don't have built-in
keyboards, USB keyboard is always enabled. (librem_mini,
librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2,
kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb).

Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable
optional support.  The default is still 'off'.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-10 15:38:06 -05:00
Jonathon Hall
905d40bd9b
initrd/bin/flash-gui.sh: Show error if find fails due to I/O error
'find' may fail if I/O errors occur (medium faulty or removed,
filesystem corruption, etc.)  Show a message if this occurs rather than
just dying and returning to the main menu.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 15:15:24 -05:00
Jonathon Hall
40e96c7dae
initrd/bin/flash-gui.sh: Show message if plain ROM is unreadable
If the user selects a plain ROM, but that file can't be read, show a
message and exit rather than dying.  Copy the ROM to RAM before doing
anything with it in case the media fails later.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 15:15:24 -05:00
Jonathon Hall
7e57ce181b
initrd/bin/flash-gui.sh: Fix indentation
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 15:15:24 -05:00
tlaurion
90d1c2e9e3
Merge pull request #1578 from JonathonHall-Purism/config-automatic-boot-delay
initrd/bin/config-gui.sh: Allow configuring automatic boot
2024-01-09 15:12:03 -05:00
tlaurion
8e1e402dac
Merge pull request #1580 from tlaurion/force_absence_dirmngr
gpg2: make sure dirmngr is not spawn to refresh keys under initrd/.gnupg/gpg.conf
2024-01-09 15:03:17 -05:00
Thierry Laurion
012400af1b
gpg2: make sure dirmngr is not spawn to refresh keys under initrd/.gnupg/gpg.conf
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-01-09 12:53:56 -05:00
Jonathon Hall
5a00bfc035
initrd/bin/seal-hotpkey: Show error if /boot can't be mounted
If we can't mount /boot, show a meaningful error rather than dropping
to a recovery shell.

Dropping to a recovery shell should be a last resort.  Users that know
how to use the recovery shell know how to get there.  Users that don't
know how to use it can be completely stuck and may not know how to get
back to the menu or even how to turn off the device.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 12:27:59 -05:00
Jonathon Hall
25b977d1e5
initrd/bin/config-gui.sh: Allow configuring automatic boot
Automatic boot can be configured in the configuration GUI.  Options are
disable, 1 second, 5 seconds, or 10 seconds.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 10:12:22 -05:00
tlaurion
449977b617
Merge pull request #1561 from Nitrokey/up-v2.4
Bump Dasharo Coreboot / hotp-verification; fix nitropad-nxx ec-powerdown
2024-01-03 15:49:55 -05:00
Thierry Laurion
b4068e61fa
tpmr: fix TPM Disk Unlock Key which was not using proper cached passphrase.
Add debugging that was needed to spot the issue

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-12-29 15:22:17 -05:00
Markus Meissner
a1c13ff132 nitropad-nx: fix EC-based poweroff/reboot
Signed-off-by: Markus Meissner <coder@safemailbox.de>
2023-12-22 15:37:29 +01:00
tlaurion
6b936e76aa
Merge pull request #1542 from UndeadDevel/luks_reencrypt_text_patch
Luks functions text patch & change order of reencrypt and passphrase change
2023-12-06 22:59:42 -05:00
UndeadDevel
d640c3be28 Update oem-factory-reset
Change order if user chooses both reencrypt and change passphrase, so that passphrase is changed first.

Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2023-12-06 15:56:14 +01:00
UndeadDevel
920f871f9f Update luks-functions texts & reencrypt new pw use
Removed all mentions of a "Recovery Disk Key" and replaced with "Disk Recovery Key".

Fixed some grammatical errors.

Added check for new passphrase in reencrypt function to accommodate switching of reencrypt and new passphrase setting order in oem-factory-reset.

Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2023-12-06 15:56:14 +01:00
Christian Foerster
ce2abd4f29 Apply suggestion
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2023-12-06 14:53:15 +01:00
UndeadDevel
e98b26c32a Use better suggested solution (fold)
Uses fold on the entire passphrase string now; tested in recovery shell of NK Heads 2.1.
Reverted change of WIDTH parameter (first commit of this PR).

Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2023-12-06 14:52:15 +01:00
UndeadDevel
85e6f60438 Update oem-factory-reset - wider window to show secrets
This partially fixes #1537, but while the increased width wouldn't be a problem on the NV41 AFAICT, I don't know about other machines.

I don't know what @tlaurion means with "busybox's folding", which may be a better solution.

Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2023-12-06 14:52:15 +01:00
Markus Meissner
397a46203b oem-factory-reset: kill scdaemon after aes regenerate on nk storage
The call to `hotp_verification regenerate` seems to leave the
communication in a bad state, thus the following `gpg` calls fail. With
this workaround `scdaemon` will resart with the next `gpg` call.

Signed-off-by: Markus Meissner <coder@safemailbox.de>
2023-11-22 11:09:49 +01:00
JonathonHall-Purism
f5377b3bd5
Merge pull request #1526 from JonathonHall-Purism/zip_updates
flash-gui.sh: Extend NPF archive format to ZIP, improve workflow
2023-11-17 10:21:44 -05:00
Jonathon Hall
6873df60c1
Remove CONFIG_BRAND_UPDATE_PKG_EXT, use zip everywhere
Nitrokey is going to switch from npf to zip per discussion.  Remove
this config.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-16 08:58:38 -05:00
Thierry Laurion
56d38e112c
Talos-2 fixes to comply with hashing file standard. Bypass flash-gui.sh prompt when talos-2 ato validate hashes against hashes provided under tgz through flash.sh validation (still offer zip and tgz, which tgz might change to zip later but only tgz offered through builds)
Attempt to address https://github.com/linuxboot/heads/pull/1526#issuecomment-1811185197

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-16 08:44:39 -05:00
Jonathon Hall
7b2b95cb94
flash-gui.sh: Show .rom or .tgz in UI, not both
talos-2 (only) uses .tgz instead of .rom for updates.  Currently, both
are treated as alternatives to a ZIP-format update archive with
SHA-256 integrity check, extend that to the prompts to reduce clutter.

Reflow the "You will need ... your BIOS image" prompt to fit on
fbwhiptail.

The .tgz format could be better integrated with the ZIP updates, but
this needs more work specific to talos-2.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 17:17:07 -05:00
Jonathon Hall
5bd50652a0
flash-gui.sh: Extend NPF archive format to ZIP, improve workflow
Allow configuring the ZIP-format update file extension with
CONFIG_BRAND_UPDATE_PKG_EXT in board config.  Default is 'zip'.

Create update package in the default Makefile target.  Delete
create_npf.sh.

Do not require /tmp/verified_rom in the update file package's
sha256sum.txt (but allow it for backward compatibility).

Show the integrity error if unzip fails instead of dying (which returns
to main menu with no explanation, error is left on recovery console).
This is the most likely way corruption would be detected as ZIP has
CRCs.  The sha256sum is still present for more robust detection.

Don't require the ROM to be the first file in sha256sum.txt since it
raises complexity of adding more files to the update archive in the
future.  Instead require that the package contains exactly one file
matching '*.rom'.

Restore confirmation prompt for the update-package flow, at some point
this was lost.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 16:42:05 -05:00
tlaurion
133da0e48e
Merge pull request #1515 from tlaurion/inmemory_keygen-gpg_backup_usable_for_RSA_only-copy_to_card_working_for_RSA_only-gpg_auth_for_recovery_and_sub_boot
GPG User Authentication: In-memory gpg keygen + keytocard and GPG key material backup enabling  (plus a lot of code cleanup and UX improvements)
2023-11-13 16:05:26 -05:00
Jonathon Hall
97d903f22a
oem-factory-reset: Don't repeat "insert flash drive" message
Don't repeat this message if the user says "no" to the confirmation
prompt.  Go directly to the menu.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 14:52:09 -05:00
Jonathon Hall
d39fc26dd9
oem-factory-reset: Move format confirmation before resetting anything
Move confirmation of formatting flash drive with LUKS percentage
selection before any reset actions have been taken, so aborting does
not result in a half-reset system.  Combine with the more basic
"confirm" prompt that existed after selecting the device (but did not
include the LUKS size information).

Split up prepare_flash_drive into interactive_prepare_flash_drive (both
prompts and formats as before), confirm_thumb_drive_format (just
confirms the selections), and prepare_thumb_drive (now noninteractive).

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 14:37:19 -05:00
Jonathon Hall
a925219efb
oem-factory-reset: Improve prompt flow formatting flash drive
Combine prompt to disconnect other devices with prompt to connect the
desired device.

Show block device sizes in MB/GB when selecting device so it is easier
to select.  file_selector now supports --show-size to include block
device sizes in menu.

Rework file_selector so menu options can contain spaces (use bash
array) and to simplify logic.

Prompt to select flash drive and LUKS percentage in OEM reset before
actually taking any actions, so aborting doesn't half-reset the system.

Abort OEM reset if user aborts the flash drive selection instead of
looping forever.  (Canceling the confirmation still loops to retry but
it is possible to exit by aborting the repeated menu.)

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 13:54:37 -05:00
Thierry Laurion
e924a8afca
oem-factory-reset : Prompt user for any connected block device, give storage size and loop until none is connected to exit loop.
Warn user if connected usb block device is less then 128mb, since creating LUKS container of less then 8mb might cause issues.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-09 17:04:33 -05:00
Thierry Laurion
37872937f0
oem-factory-reset: unify booleen y/n variable usage and double check logic. Also move USB Security dongle capability detection under code already checking for USB Security Dongle's smartcard presence.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-07 14:34:50 -05:00
Thierry Laurion
160367d065
oem-factory-reset: normal output to inform user of consequences of generating keys on smartcard without backup, not a wanring anymore
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 16:05:08 -05:00
Thierry Laurion
659de63180
oem-factory-reset: fix typo : Same a GPG Admin PIN
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 16:02:37 -05:00
Thierry Laurion
388ee5198b
All TPM Extend additional context passed from console echo output to DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 15:53:17 -05:00
Jonathon Hall
fd6a947cb3
tpmr: Move last TPM owner password prompt/shred into tpmr
Prompt for TPM owner password internally within tpm2_counter_create.
Add tpm1_counter_create to prompt for password internally.  Wipe the
cache in either if the operation fails, in case the password was
incorrect.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-06 15:20:29 -05:00
Thierry Laurion
9e0491e9db
oem-factory-reset/librem boards: remove CONFIG_OEMRESET_OFFER_DEFAULTS=y and checks for it; the default of oem-factory-reset is now to propose user to use defaults first for simplicity of most common use case without allianating advanced users which can simply not accept the default and answer questionnaire
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 11:27:51 -05:00
Thierry Laurion
0042163861
kexec-seal-key: remove non-needed shred of file cached /tmp/secret/tpm_owner_password (done when sealing fails under tpmr)
- document why shred is still called under functions:check_tpm_counter for safety and add TODO there

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:30:11 -05:00
Thierry Laurion
923b4e1fe9
ash_functions:confirm_gpg_card: loop gpg_admin_pin prompt until non-empty
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:06:19 -05:00
Thierry Laurion
8d7efa021d
media-scan: die if gpg_auth fails (should loop and never exit anyway)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:04:51 -05:00
Thierry Laurion
bfc877c49c
kexec-select-boot/kexec-insert-key: add info message explaining why PCR 4 is extended
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-06 10:03:14 -05:00
Thierry Laurion
504f0336ac
init: add early boot 'o' option to jump directly to oem-factory-reset for OEM provisioning of secret prior of shipping products, once OS is installed and after MRC training happened on first boot.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:36 -04:00
Thierry Laurion
eee913d8d2
oem-factory-reset: add rudimentary mount_boot function so that oem-factory-reset can be called early at boot without /boot previously mounted. Also fix logic so that GPG User PIN is showed as configured when keytocard or smartcard only is configured.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:33 -04:00
Thierry Laurion
c064b78ef6
gui-init: fix TRACE: clean_check_boot stating mount_boot instead of clean_boot_check
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:30 -04:00
Thierry Laurion
4e10740453
oem-factory-reset/ash_functions/luks-functions: replace provisioning with configuring keywords. Tweak oem-factory-reset flow and questionnaire. Now first prompt is to ask if user wants to go advanced or use defaults.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 16:41:27 -04:00
Thierry Laurion
cd3ce6999c
tpmr/kexec-seal-key/functions: end refactoring of tpmr being in carge of wiping /tmp/secret/tpm_owner_password if invalid
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 13:53:47 -04:00
Thierry Laurion
afb817ca48
tpmr: give users better error/DEBUG messages in regard of TPM errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 11:07:36 -04:00
Thierry Laurion
84374dfbcd
kexec-seal-key/seal-totp/tpmr/functions: move wiping of tpm_owner_password to tpmr calls directly
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:54:16 -04:00
Thierry Laurion
e2985d386e
seal-totp/tpmr: differenciate die messages to show which between tpm1_seal/tpm2_seal or check_tpm_counter fails to seal as first step to possible refactor
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:15:52 -04:00
Thierry Laurion
51caab8ea4
functions: check_tpm_counter; add shred call to wipe tpm_owner_password if creating counter fails with cached tpm owner password so prompt_tpm_owner_password asks for it again on next run
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 10:10:05 -04:00
Thierry Laurion
9523b4fee2
unseal-totp: fix indentation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 09:31:44 -04:00
Thierry Laurion
6d7f9be414
TPM2: add DEBUG and fix path for TPM2 primary key handle hash.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 14:17:52 -04:00
Thierry Laurion
19c5d16e40
functions: guide user torward resetting TPM more directly if counter_increment fails.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:58:19 -04:00
Thierry Laurion
644a59ab60
oem-factory-reset: simplify first question for users to have a GPG key material backup and enable GPG Authentication
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:55:05 -04:00
Thierry Laurion
85266452fa
oem-factory-reset ash_functions: fix USB Security Dongle' smartcard -> USB Security Dongle's smartcard
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 12:54:39 -04:00
Thierry Laurion
48c446cd7d
functions: prompt_tpm_owner_password only reuses /tmp/secret/tpm_owner_password if already created by seal functions or itself. Sealing ops not being able to reuse the file shred it (kexec-seal-key and seal-totp)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 11:45:05 -04:00
Thierry Laurion
921acd0f6f
tpmr: move TPM2 related secrets artifacts to /tmp/secret to be autowiped when recovery shell is accessed. If you want to see those, use qemu and have main console launching qemu under recovery shell prior of doing ops you want to see /tmp/secret/ artifacts before being deleted. We still have pcap under /tmp which is as expected
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-02 11:45:02 -04:00
Thierry Laurion
af3287c001
luks_functions: fix width of whiptail messages with newlines so its not cut in the middle
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 15:07:36 -04:00
Thierry Laurion
2942d660de
oem-factory-reset: prmompt only for GPG User PIN when needed, warn users when no backup/when having only in-memory keygen backup without smartcard.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 14:27:22 -04:00
Thierry Laurion
c2c32c425b
ash_functions: have gpg_auth calls to confirm_gpg_card in subshell loop to force successful authentication
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 14:27:19 -04:00
Thierry Laurion
584c964064
oem-factory-reset: now permits to generate in-memory key, backuped to encrypted disk without copy to card from questionnaire. Can be tested out of the box on Qemu without modification from end of wizard's reboot call, prompting for gpg_auth when in debug mode.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:32 -04:00
Thierry Laurion
2aa9cfafb5
luks-functions: cleanup code of luks containers reported
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:29 -04:00
Thierry Laurion
4d72eb3120
oem-factory-reset: typo correction past tense
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:26 -04:00
Thierry Laurion
2a04fb5650
oem-factory-reset: RSA default should be 3072, not 3076. squash
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:22 -04:00
Thierry Laurion
a3086e9a1c
Remove TODO in code that were not relevant prior of first review
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:19 -04:00
Thierry Laurion
ad1bff6b23
oem-factory-reset: make initial questionnaire more concise
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:16 -04:00
Thierry Laurion
38fc097976
Squash: revert testing changes for RSA and unify once more USB Security dongle's usage
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:13 -04:00
Thierry Laurion
867fb8d023
RSA keygen adaptation testing with rsa 2048 in memory keygen and key to card missing pieces
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:09 -04:00
Thierry Laurion
e6eeb571b0
oem-factory-reset: simplify provisioned secret output at end of wizard, including GPG key material output passphrase (uses strings+=string)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:06 -04:00
Thierry Laurion
c3a5359a85
Squash: remove DEBUG that were TODO for removal
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:03 -04:00
Thierry Laurion
8a8634f6a3
oem-factory-reset seal-hotpkey: unify prompts and vocabulary
oem-factory-reset: bugfix, keytocard inverts prompts. First is keyring then smartcard.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:00 -04:00
Thierry Laurion
7cd44b6dc4
oem-factory-reset: further cleaning of code for proper validation and consistency checks for passphrases. Also skip flashing code on qemu boards with short explanation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:56 -04:00
Thierry Laurion
9c3fb35358
initrd/bin/reboot: BugFix in nv41/ns50 condition check to call nitropad-shutdown.sh (otherwise output error on console for improper condition in ash
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:53 -04:00
Thierry Laurion
7f5d9700b7
gpg_auth function was not failing properly on failing, die instead
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:50 -04:00
Thierry Laurion
05fc4c1747
PCR extend ops inform users on what happens, otherwise we tpm commands output on screen without context
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:47 -04:00
Thierry Laurion
9e838ad615
oem-factory-reset: make passphrases variables able to contain strings and validate things more solidly
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:43 -04:00
Thierry Laurion
56b602974b
WiP: NK3 with p256 ECC algo supported for in-memory keygen and key-to-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:40 -04:00
Thierry Laurion
b2cb9b4997
.ash_history: add history command for manual detached signed integrity validation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:34 -04:00
Thierry Laurion
cf065eeba2
bin/reboot: fix parameter order so that we pause when in DEBUG before rebooting
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:30 -04:00
Thierry Laurion
27c457f04b
TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm_password into tpm_owner_password and reusing correctly
i
TODO: fix all TODO in PR prior of review + squash

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:27 -04:00
Thierry Laurion
729f2b17b8
WiP to be squashed: we need to refactor prompt_tpm_password which is used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:24 -04:00
Thierry Laurion
15f1d0b77a
To Squash: changes to reboot were not ash compliant
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:21 -04:00
Thierry Laurion
3fb84f0b42
WiP: Clean cached /tmp/secret/tpm_password when sealing fails, otherwise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key
gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:17 -04:00
Thierry Laurion
911eb07565
TPM1/TPM2: unify wording for TPM Owner Password and cache it externally to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot
TODO: Why two functions prompt_tpm_password and prompt_new_owner_password
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:14 -04:00
Thierry Laurion
754e3c9165
bin/reboot: intercept reboot call when in DEBUG mode to type 'r' to go to recovery shell instead of rebooting
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:11 -04:00
Thierry Laurion
2ea62ff17e
/etc/functions: add missing TRACE traces to get where TPM passphrase should be written to file and reused since not all in same functions/files for TPM2
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:08 -04:00
Thierry Laurion
88d00dfcb2
scripts: unify luks in text/prompts/messages to LUKS
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:01 -04:00
Thierry Laurion
2697a6ad1f
WiP: further removal of unecessary debug messages
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:58 -04:00
Thierry Laurion
1f28c71447
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:55 -04:00
Thierry Laurion
eceb97aa4d
WiP: provide proper info/warn/die messages explaining causes of errors linked to detach signing errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:51 -04:00
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:48 -04:00
Thierry Laurion
b1e5c638cd
WiP
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:45 -04:00
Thierry Laurion
c0cf446034
flash-gui.sh: add proper checks and cleanup in case of npf rom archive 2023-10-31 09:47:47 -04:00
Thierry Laurion
eb1032a55d
flash-gui.sh: Add SHA256SUM and rom name in non npf rom prompt for manual hash verification 2023-10-31 09:34:29 -04:00
tlaurion
1733552fe7
Merge pull request #1505 from JonathonHall-Purism/upstream_28.1_librem_11
Add support for Librem 11
2023-10-30 15:38:02 -04:00
Thierry Laurion
139f77113c
ash_functions: make DEBUG call pass multiline messages one at a time to /tmp/debug.log and kmsg 2023-10-21 14:37:31 -04:00
Thierry Laurion
576e2a8fff
qubes release signing keys: move qubes-4.key to qubes-4.1.key, add qubes-4.2.key 2023-10-18 13:37:22 -04:00
Jonathon Hall
e6272b70fb
initrd/.ash_history: Add comments after reboot/poweroff
Add comments after reboot/poweroff to clarify what they do.  These
commands are here partly for discoverability by users who might not
know what to do in a recovery shell, so clarifying their purpose helps
those users figure out what to do.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-10-12 13:24:49 -04:00
Thierry Laurion
65e5286b5a
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console. 2023-10-10 12:28:52 -04:00
Thierry Laurion
0416896b82
etc/ash_function's warn/die/TRACE/DEBUG now output also under /dev/kmsg when DEBUG is enabled 2023-10-10 12:28:15 -04:00
Jonathon Hall
af5eb2edf9
Blob jail: Make device firmware available during initrd
Some device firmware, such as the graphics microcontroller, is needed
during the initrd - i915 is often loaded in the initrd, and this is the
only chance to load GuC firmware.

Device firmware must still be available after the real root is mounted
too, so update the custom firmware path in the kernel when the firmware
is moved to /run.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-29 15:36:31 -04:00