Commit Graph

673 Commits

Author SHA1 Message Date
Jonathon Hall
7b2b95cb94
flash-gui.sh: Show .rom or .tgz in UI, not both
talos-2 (only) uses .tgz instead of .rom for updates.  Currently, both
are treated as alternatives to a ZIP-format update archive with
SHA-256 integrity check, extend that to the prompts to reduce clutter.

Reflow the "You will need ... your BIOS image" prompt to fit on
fbwhiptail.

The .tgz format could be better integrated with the ZIP updates, but
this needs more work specific to talos-2.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 17:17:07 -05:00
Jonathon Hall
5bd50652a0
flash-gui.sh: Extend NPF archive format to ZIP, improve workflow
Allow configuring the ZIP-format update file extension with
CONFIG_BRAND_UPDATE_PKG_EXT in board config.  Default is 'zip'.

Create update package in the default Makefile target.  Delete
create_npf.sh.

Do not require /tmp/verified_rom in the update file package's
sha256sum.txt (but allow it for backward compatibility).

Show the integrity error if unzip fails instead of dying (which returns
to main menu with no explanation, error is left on recovery console).
This is the most likely way corruption would be detected as ZIP has
CRCs.  The sha256sum is still present for more robust detection.

Don't require the ROM to be the first file in sha256sum.txt since it
raises complexity of adding more files to the update archive in the
future.  Instead require that the package contains exactly one file
matching '*.rom'.

Restore confirmation prompt for the update-package flow, at some point
this was lost.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 16:42:05 -05:00
Thierry Laurion
c0cf446034
flash-gui.sh: add proper checks and cleanup in case of npf rom archive 2023-10-31 09:47:47 -04:00
Thierry Laurion
eb1032a55d
flash-gui.sh: Add SHA256SUM and rom name in non npf rom prompt for manual hash verification 2023-10-31 09:34:29 -04:00
tlaurion
1733552fe7
Merge pull request #1505 from JonathonHall-Purism/upstream_28.1_librem_11
Add support for Librem 11
2023-10-30 15:38:02 -04:00
Thierry Laurion
139f77113c
ash_functions: make DEBUG call pass multiline messages one at a time to /tmp/debug.log and kmsg 2023-10-21 14:37:31 -04:00
Thierry Laurion
576e2a8fff
qubes release signing keys: move qubes-4.key to qubes-4.1.key, add qubes-4.2.key 2023-10-18 13:37:22 -04:00
Jonathon Hall
e6272b70fb
initrd/.ash_history: Add comments after reboot/poweroff
Add comments after reboot/poweroff to clarify what they do.  These
commands are here partly for discoverability by users who might not
know what to do in a recovery shell, so clarifying their purpose helps
those users figure out what to do.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-10-12 13:24:49 -04:00
Thierry Laurion
65e5286b5a
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console. 2023-10-10 12:28:52 -04:00
Thierry Laurion
0416896b82
etc/ash_function's warn/die/TRACE/DEBUG now output also under /dev/kmsg when DEBUG is enabled 2023-10-10 12:28:15 -04:00
Jonathon Hall
af5eb2edf9
Blob jail: Make device firmware available during initrd
Some device firmware, such as the graphics microcontroller, is needed
during the initrd - i915 is often loaded in the initrd, and this is the
only chance to load GuC firmware.

Device firmware must still be available after the real root is mounted
too, so update the custom firmware path in the kernel when the firmware
is moved to /run.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-29 15:36:31 -04:00
Jonathon Hall
55155f6558
boards/librem_11: Add Librem 11
Add Librem 11 board.

Librem 11 uses coreboot graphics init, which is done with FSP GOP.

Set a custom keymap for the volume/power keys.  Configure the volume
keys as up/down arrows (for navigation in fbwhiptail, and for shell
history in the Linux console).  Configure the power key as Enter.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-29 15:36:30 -04:00
Jonathon Hall
5021bec3cd
librem_11: Add loadkeys (from kbd), optionally enabled
Allow boards to optionally include loadkeys to set a custom keymap.
showkey and dumpkeys (normally only needed for development) can also be
optionally included.

Remove *.map from .gitignore; this was probably intended for build
artifacts that are now excluded via the build/ directory.

Add reboot and poweroff to shell history, which is useful for devices
lacking full hardware keyboards to escape the recovery shell with just
"up" and "enter".

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-29 15:29:19 -04:00
Thierry Laurion
cba8c4542c
oem-factory-reset: fix call to mount-usb --mode rw (fix #1497) 2023-09-07 16:27:43 -04:00
tlaurion
9849b99717
Merge pull request #1495 from JonathonHall-Purism/improve_flash_sh
initrd/bin/flash.sh: Improve speed and reliability
2023-09-06 10:24:09 -04:00
tlaurion
2c3987f9a3
Merge pull request #1485 from Nitrokey/nx-nitropad
add Nitropad NV41/NS50 TPM2 boards (2nd)
2023-09-06 10:15:17 -04:00
tlaurion
54bce87691
Merge pull request #1496 from JonathonHall-Purism/unseal-hotp-die-on-error
initrd/bin/unseal-hotp: Prevent script errors if unseal fails
2023-09-05 16:24:56 -04:00
Jonathon Hall
4d7c1cb388
initrd/bin/unseal-hotp: Prevent script errors if unseal fails
If the secret can't be unsealed, die immediately rather than continuing
on to generate errors.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-05 16:12:57 -04:00
Jonathon Hall
8342603993
initrd/bin/flash.sh: Improve speed and reliability
Improve speed by pre-filtering only for lines containing any tokens of
interest to flashrom_progress_tokenize().

Improve reliability by avoiding dropping tokens that cross a stream
buffer boundary.  Occasionally, a token could be missed if it crosses a
stream buffer boundary, due to read timing out too quickly before the
next buffer is flushed.  If this was a state-changing token,
flashrom_progress() would hang forever.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-05 16:04:30 -04:00
Jonathon Hall
003bec4fd4
initrd/bin/flash-gui.sh: Exit instead of errant return
Return is not valid outside of a function - exit instead.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-05 15:57:13 -04:00
tlaurion
8272d33e7c
Merge pull request #1482 from tlaurion/ease_tpm_disk_unlock_key_resealing_after_totp_mismatch-warn_and_die_changes
Ease TPM Disk Unlock Key sealing/resealing after TOTP mismatch (firmware upgrade) + warn and die changes
2023-09-05 11:48:50 -04:00
Markus Meissner
a00aed50d7
reboot/poweroff: run nitropad-shutdown.sh for required boards 2023-09-05 17:13:56 +02:00
Markus Meissner
fabddb4f7a
flash-gui.sh: add .npf handling; add create-npf.sh 2023-09-05 17:13:56 +02:00
Markus Meissner
902866cc29
add nitropad-shutdown.sh for EC based poweroff 2023-09-05 17:13:56 +02:00
Markus Meissner
075d40950b
oem-factory-reset: introduce GPG_ALGO
* use GPG_ALGO as gpg key generation algorithm
* determine GPG_ALGO during runtime like this:
  * if CONFIG_GPG_ALGO is set, use as preference
  * adapt based on usb-token capabilities (currently only Nitrokey 3)
2023-09-05 12:28:52 +02:00
Thierry Laurion
47eba7d80b
kexec-save-default: Fix multiple LUKS/LVM+LUKS suggestion + other working uniformization for DUK 2023-09-02 11:49:57 -04:00
Thierry Laurion
e291797e65
kexec-save-default : Finally fix #1474 under #1482 2023-09-02 04:21:08 -04:00
Thierry Laurion
8b0fc0f129
kexec-seal/save-key /etc/functions : some more uniformisation of TPM DUK verbiage 2023-09-02 04:19:43 -04:00
Thierry Laurion
51b1ad39c3
sbin/insmod wrapper: Add TRACE and DEBUG traces 2023-09-02 04:16:16 -04:00
Thierry Laurion
52947e2767
WiP TPM DUK cleanup 2023-09-02 01:53:31 -04:00
Thierry Laurion
e9dbce2adf
bin/unpack_initramfs.sh: Add TRACE and DEBUG traces 2023-09-02 01:51:50 -04:00
Thierry Laurion
0ba10e5174
path substitution still not working. This is PoC to be tested. Had to go 2023-09-01 18:19:29 -04:00
Thierry Laurion
a2a30020c0
TPM Disk Unlock Key setup: use unpack_initrd.sh, replace none with /secret.key. Still no joy 2023-09-01 16:28:53 -04:00
Thierry Laurion
4a7e23b4c6
Address review for: first set up of TPM DUK and renewal after firmware upg 2023-09-01 15:18:36 -04:00
Thierry Laurion
64ad01f333
WiP: Staging commit to facilitate review, will squash into previous commits once confirmed good 2023-08-31 14:36:27 -04:00
Thierry Laurion
67c865d151
TPM DISK Unlock Key : add cryptroot/crypttab to fix #1474
Tested working on both TPM1/TPM2 under debian bookwork, standard encrypted TLVM setup
2023-08-30 18:07:21 -04:00
Thierry Laurion
4910c1188f
TPM Disk Unlock Key sealing/renewal cleanup (Triggered automatically when resealing TOTP)
Changes:
- As per master: when TOTP cannot unseal TOTP, user is prompted to either reset or regenerate TOTP
- Now, when either is done and a previous TPM Disk Unlock Key was setuped, the user is guided into:
  - Regenerating checksums and signing them
  - Regenerating TPM disk Unlock Key and resealing TPM disk Unlock Key with passphrase into TPM
  - LUKS header being modified, user is asked to resign kexec.sig one last time prior of being able to default boot
- When no previous Disk Unlock Key was setuped, the user is guided into:
  - The above, plus
    - Detection of LUKS containers,suggesting only relevant partitions

- Addition of TRACE and DEBUG statements to troubleshoot actual vs expected behavior while coding
  - Were missing under TPM Disk Unlock Key setup codepaths

- Fixes for #645 : We now check if only one slots exists and we do not use it if its slot1.
  - Also shows in DEBUG traces now

Unrelated staged changes
- ash_functions: warn and die now contains proper spacing and eye attaction
- all warn and die calls modified if containing warnings and too much punctuation
- unify usage of term TPM Disk Unlock Key and Disk Recovery Key
2023-08-30 18:06:29 -04:00
Thierry Laurion
f6eed42208
Add external/usb disk encryption (adds exfatprogs and e2fsprogs)
prepare_thumb_drive: default to creating 10% LUKS container on usb drive, prompts for passphrase is not provided and scan drives if no --device specified

NOTE: qemu usb_thumb drive of 128 mb are not big enough so that 10% of it (12mb) can be used to create thumb drive.

Adds:
- e2fsprogs to support ext4 filesystem creation through mke2fs
- add /etc/mke2fs.conf so that mke2fs knows how to handle ext2/ext3/ext4
- removes mke2fs support from busybox
- bump busybox to latest version which adds cpu accelerated hash functions (not needed per se here)
- Adds exfatprogs to have mkfs.exfat and fsck.exfat
- Adds prepare_thumb_drive /etc/luks-functions to be able to prepare a thumb drive with percentage of drive assigned to LUKS, rest to exfat
- Modify most board configs to test space requirements failing
- Talos2 linux config: add staging Exfat support
- Make e2fsprogs and exfatprogs included by default unless explicitely deactivate in board configs
- Change cryptsetup calls : luksOpen to open and luksClose to close to addresss review
- etc/luks_functions: cleanup

GOAL here is to have secure thumb drive creation which Heads will be able to use to backup/restore/use generated GPG key material in the future (next PR)
2023-08-28 16:23:48 -04:00
Thierry Laurion
0b154aaee1
config-gui.sh: Add option to toggle DEBUG and TRACE output from Configuration Settings menu 2023-08-25 14:27:51 -04:00
tlaurion
59972f3972
Merge pull request #1459 from JonathonHall-Purism/hires_scale
Scale fbwhiptail and console font for high resolution displays
2023-08-11 14:53:04 -04:00
Jonathon Hall
98fc0cb81a
initrd/bin/setconsolefont.sh: Reduce threshold for 2x console to 1350
Based on feedback, 1440p displays can benefit from 2x console as well.
Err toward a font too large rather than too small and lower the
threshold to 1350, which is the threshold fbwhiptail uses for 1.5x.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-08-11 14:40:11 -04:00
Jonathon Hall
2f329d9007
kbd: Add setfont from kbd to set large console font on large displays
Build kbd and ship setfont if enabled with CONFIG_KBD.

When CONFIG_KBD is enabled, setconsolefont.sh will double the console
font size on large displays (>1600 lines tall as a heuristic).

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-08-11 14:40:04 -04:00
Thierry Laurion
2965cf69cc
Archlinux distro signing public key update to (expires 2037-10-27) 2023-08-08 12:55:08 -04:00
Jonathon Hall
47e9e4cf45
Merge remote-tracking branch 'github-heads/master' into pureboot-27-heads-upstream 2023-07-12 14:14:17 -04:00
Krystian Hebel
77eb9536d6
initrd/bin/tpmr: add debug for replay_pcr()
It also includes instructions for introspecting the replayed values
manually.

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2023-07-12 14:57:44 +02:00
Krystian Hebel
f7066d020d
initrd/bin/gui-init: retry TOTP in case of error
On platforms using CONFIG_BOOT_EXTRA_TTYS multiple processes may try to
access TPM at the same time, failing with EBUSY. The order of execution
is unpredictable, so the error may appear on main console, secondary one,
or neither of them if the calls are sufficiently staggered. Try up to
three times (including previous one) with small delays in case of error,
instead of immediately scaring users with "you've been pwned" message.

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2023-07-12 14:52:07 +02:00
Krystian Hebel
9a72749675
initrd/bin/talos-init: remove alias for cbmem and bump coreboot revision
Updated cbmem searches for CBMEM exposed by kernel in sysfs before
trying to read it from memory directly. As such, there is no need for
pointing to that file explicitly.

New coreboot revision also fixes output of 'cbmem -t' caused by wrong
endianness.

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2023-07-12 14:50:54 +02:00
Krystian Hebel
d1a18f1f83
initrd/bin/tpmr: replay PCR values from event log instead of assumming their values
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2023-07-12 14:50:42 +02:00
Jonathon Hall
440dc5b61c
Merge remote-tracking branch 'github-heads/master' into pureboot-27-heads-upstream 2023-07-11 16:42:54 -04:00
Jonathon Hall
718be739eb
config-gui.sh: Reword Restricted Boot prompts
Simplify "enable" prompt a bit, clarify that firmware updating is
blocked, and remove mention of "failsafe boot mode".  Reword "disable"
prompt similarly.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-11 16:42:43 -04:00