cbfs-init: remove temp files, measure direct cbfs output, extend PCR with proper introspection tracing
flash.sh: do not die but go to recovery if flashrom fails, cosmetic fix for warning given to user
kexec-insert-key: extend PCR with proper introspection tracing
kexec-select-boot: extend PCR with proper introspection tracing
kexec-measure-luks: extend PCR with proper introspection tracing
tpmr: Add missing TRACE_FUNC, fix comments, extend give hash that was extended to tpm call in DEBUG, fix TPM startsession unsuppressed output still present
ash_functions: extend PCR with proper introspection tracing
insmod: DEBUG info more pertinent, extend PCR with proper introspection tracing
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This was a yes/no prompt but didn't actually have a question in it,
ask if the user wants to change the time.
Include the current time so the user can tell if it's correct.
Mention that if it's incorrect they should change the time and check
again.
The first line was too long for fbwhiptail by a few characters, trim it
a little.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
We're trying to move all shell scripts to including '.sh' to
differentiate them from functions. While it's not 100% consistent yet,
do it for new scripts.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Adjust prompt wording when entering fields. Technically the desired
value isn't always between min/max, because min and max are also
acceptable :)
No need to repeat an incorrect value, it is right there on the screen
and it dilutes the important point describing what value is needed.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Ask whether to retry instead of always retrying, so users can escape
if there is a problem setting the date instead of being forced to enter
values until it works.
Ask to press Enter instead of "any key". "Any key" prompts are
generally misleading, because there are usually keys that won't
actually work (e.g. Ctrl, Caps Lock, Shift).
Loop to retry if setting the date fails instead of recursing.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
There's little value to offering the minimum field value as a default
IMO:
* it's rarely accurate (e.g. minute 00 is only accuate 1/60 of the time)
* it's very obvious to just press '0'<enter> instead (and no longer
needs to be '00')
* it eliminates a lot of wordiness you otherwise have to read (or more
likely, ignore)
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
There's no need to try to parse stdout/stderr to figure out if date
succeeded, just check if it was successful directly.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Allow Backspace in input. It's really frustrating otherwise if a typo
cannot be corrected, and worse, the backspace key actually produces a
character that becomes part of the input.
Complete input with Enter. It is surprising when the script just
moves on right away once a fourth/second digit is entered, and worse,
users expecting to press Enter could reasonably press it before
realizing the script did not require it, which then skips the _next_
prompt inadvertently. Users with imperfect typing might double a
digit unintentionally, do not force them to proceed with an incorrect
value.
Removing '-n $digits' from read does both of those. Add '-r' so
backslashes do not have unexpected behavior.
Don't require leading zeroes, zero-pad automatically.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Use local named variables instead of $1-$4 throughout the function.
This makes the implementation clearer and documents the usage.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit effectively reverts commits a1c13ff and 902866cc. There is
no need for this special EC-based poweroff command. See more details in
issue linked below.
Fixes: https://github.com/Dasharo/dasharo-issues/issues/711
Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
- Revert gnupg toolstack version bump to prior of #1661 merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility.
- Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master)
- oem-factory-reset
- Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors
- Wipe keyrings only (*.gpg, *.kbx) not conf files under gpg homedir (keep initrd/.gnupg/*.conf)
- flake.nix
- switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker)
- add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing
- flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds
- README.md: have consistent docker testing + release (push) notes
- .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing)
TODO:
- some fd2 instead of fd1?!
- oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
LOG() is added to log to the log only (not kmsg, more verbose than
TRACE).
DO_WITH_DEBUG only captures stdout/stderr to the log with LOG().
kexec-boot silences stderr from kexec, we don't want it on the console.
No need to repeat the kexec command when asking in debug to continue
boot, it's no longer hidden behind verbose output from kexec.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
`eval "$kexeccmd"` should become `DO_WITH_DEBUG eval "$kexeccmd"` when
adding DO_WITH_DEBUG, command invocation is still the same, still needs
eval.
Restore DO_WITH_DEBUG in front of kexec-parse-boot that had been
removed.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
TODO:
- $(pcrs) call sometimes fail in DEBUG call, outputting too many chars to be inserted in kmesg. Call removed here since redundant (PCR6 already extended with LUKS header)
- Notes added for TPM2 simplification over TPM1 in code as TODO
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Fixes linuxboot#1092.
Supersedes linuxboot#1093
- Cherry-picks ed1c23a (credit to @hardened-vault) thank you!)
- Addresses and correct self-review under linuxboot#1093 (@hardened-vault: you don't answer often here!)
- kexec-unseal-key: Warn a user who attempts to default boot while his Disk Unlock Key passphrase fails to unseal because LUKS headers changed.
(linuxboot#1093 (comment))
- kexec-seal-key: Identical as in ed1c23a
- kexec-add-key: Tell the user that the Headers did not change when changing TPM released Disk Unlock Key
(Through changing default boot at Options->Boot Options -> Show OS boot options: select a new boot option
and set a Disk Unlock Key in TPM, accept to modify disk and sign /boot options)
- Here, we cancel the diff output shown on screen linuxboot#1093 (comment)
- And we change the warning given to the user to past tense "Headers of LUKS containers to be unlocked via TPM Disk Unlock Key passphrase did not change."
Signed-off-by: Thierry Laurion <insurgo@riseup.net>