only print the battery manufacturer in case there is more than one battery, otherwise omit it
make the code more readable for non-bash developers
extract common functions
Signed-off-by: gaspar-ilom <gasparilom@riseup.net>
Repro:
On QEMU (no battery, debug + tracing on):
[ 41.792342] TRACE: /bin/gui-init(383): show_main_menu
[ 44.722784] TRACE: /etc/gui_functions(167): show_system_info
[ 44.765643] TRACE: /etc/functions(1241): print_battery_charge
[ 44.846725] DEBUG: No battery found in /sys/class/power_supply/
[ 44.899241] TRACE: /etc/functions(1224): print_battery_health
[ 45.009917] DEBUG: No battery found in /sys/class/power_supply/
Battery info not provided under whiptail output.
Info for battery depends on linux kernel enablement. Maybe something missing for t480.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
nk3 was not tested on non-hotp boards. Make sure both htop_verification and nk3 is present before resetting Secrets App
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
There are many flows through oem-factory-reset that use passwords
provided by the user or basic defaults to be changed later. We don't
need to badger the user to record those passwords.
Still do this if we generated diceware passwords though, as the user
does not know them yet.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Quiet mode introduced output reduction to console to limit technical info provided to end users.
Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log
Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log
This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Additional 0.5h for applying changes linked to code review under https://github.com/linuxboot/heads/pull/1875
Linked to Nitrokey unacknowledged RfP https://github.com/linuxboot/heads/issues/1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
So that export CONFIG_TPM2_CAPTURE_PCAP=n across all boards doesn't break and so that its easy for auditors to just toggle on in board configs
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
These two settings are exclusive, so they would disable each other if
enabled. Present them as one setting with three output levels.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Don't print the URL and then explain how to get the secret out of it,
just print the secret.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
If a TPM reset step fails, don't blindly continue onto the other
steps. Use DO_WITH_DEBUG to trace failures, so they're visible in the
log but we still exit due to set -e.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Use SINK_LOG to capture tpm2 unseal rather than a temp file.
Don't double up output from tpm "$@" to log; DO_WITH_DEBUG already
captures it.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Insights:
- We should use oem generated pubkey naming to distinguish between oem/user generated keys and try to use default PINs also for GPG User to sign with default PIN and warn even if it works/doesn't, urging users to do reownership
- Point is that oem factory reset does in the direction of using randomized PINs, while continuing to use those for a user should be strongly discouraged
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
We're adding leading blank lines, which makes the prompt look odd and
now have to be removed later. Just stop adding the leading blank
lines.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
TODO: further specialize warning prompt to tell what is going to happen (randomized PIN, signle custom randomized PIN etc)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
works:
- oem and user mode passphrase generation
- qrcode
missing:
- unattended
- luks reencryption + passphrase change for OEM mode (only input to be provided) with SINGLE passphrase when in unattended mode
- same for user reownership when previously OEM reset unattended
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Mitigate misunderstands and show GPG User/Admin PIN counts until proper output exists under hotp_verification info to reduce global confusion
Add TODO under initrd/bin/seal-hotpkey to not foget to fix output since now outputting counter of 8 for Admin PIN which makes no sense at all under hotp_verification 1.6 https://github.com/Nitrokey/nitrokey-hotp-verification/issues/38
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
