Commit Graph

670 Commits

Author SHA1 Message Date
Thierry Laurion
9633d6bfb1
key-init: only attempt to import individual user keys if legacy dir exists, skip otherwise
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-03 15:25:05 -04:00
Thierry Laurion
ebb4d7ab69
key-init: force user to change time if <2024, give warnings on errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-03 14:28:45 -04:00
Thierry Laurion
87213c503b
flash.sh: Add warning to remind user to not interfere with flashrom operations that will follow
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-08-23 13:01:36 -04:00
Thierry Laurion
1e03e8c646
flash.sh: drop inhouse progress output on console when flashing with flashrom
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-08-23 08:21:05 -04:00
Jonathon Hall
05b3d85c93
change-time.sh: Remind of the system time when beginning
Show the system time when starting to change the time.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 14:01:49 -04:00
Jonathon Hall
c51643b65a
gui-init: Remove unneeded UTC time zone indication from current time
The time zone in Heads is always UTC and we mentioned that in the text.
Don't repeat it.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 12:44:04 -04:00
Jonathon Hall
3a0df1bd4b
change-time.sh: Fix input of 08 and 09
printf was interpreting these as invalid octal numbers, they're
decimal.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 12:43:20 -04:00
Jonathon Hall
05ce2cd0a6
gui-init: Improve wording of TOTP/HOTP mismatch change-time question
This was a yes/no prompt but didn't actually have a question in it,
ask if the user wants to change the time.

Include the current time so the user can tell if it's correct.
Mention that if it's incorrect they should change the time and check
again.

The first line was too long for fbwhiptail by a few characters, trim it
a little.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 10:03:30 -04:00
Jonathon Hall
6eab9ddd90
change-time: Add .sh
We're trying to move all shell scripts to including '.sh' to
differentiate them from functions.  While it's not 100% consistent yet,
do it for new scripts.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 10:03:30 -04:00
Jonathon Hall
653542870d
change-time: Improve prompt wording
Adjust prompt wording when entering fields.  Technically the desired
value isn't always between min/max, because min and max are also
acceptable :)

No need to repeat an incorrect value, it is right there on the screen
and it dilutes the important point describing what value is needed.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 10:03:30 -04:00
Jonathon Hall
355b7bc302
change-time: Ask whether to retry, don't say "any key", loop instead of recurse
Ask whether to retry instead of always retrying, so users can escape
if there is a problem setting the date instead of being forced to enter
values until it works.

Ask to press Enter instead of "any key".  "Any key" prompts are
generally misleading, because there are usually keys that won't
actually work (e.g. Ctrl, Caps Lock, Shift).

Loop to retry if setting the date fails instead of recursing.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 10:03:29 -04:00
Jonathon Hall
234595df4a
change-time: Infer value digits automatically
Infer digits from the length of the maximum value.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 10:03:29 -04:00
Jonathon Hall
b908e0b8bd
change-time: Don't offer minimum field value as default
There's little value to offering the minimum field value as a default
IMO:
* it's rarely accurate (e.g. minute 00 is only accuate 1/60 of the time)
* it's very obvious to just press '0'<enter> instead (and no longer
  needs to be '00')
* it eliminates a lot of wordiness you otherwise have to read (or more
  likely, ignore)

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 10:03:29 -04:00
Jonathon Hall
a1343666d5
change-time: Test date exit status directly
There's no need to try to parse stdout/stderr to figure out if date
succeeded, just check if it was successful directly.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 09:22:59 -04:00
Jonathon Hall
770815cba8
change-time: Complete input with Enter, allow Backspace, don't require leading zeroes
Allow Backspace in input.  It's really frustrating otherwise if a typo
cannot be corrected, and worse, the backspace key actually produces a
character that becomes part of the input.

Complete input with Enter.  It is surprising when the script just
moves on right away once a fourth/second digit is entered, and worse,
users expecting to press Enter could reasonably press it before
realizing the script did not require it, which then skips the _next_
prompt inadvertently.  Users with imperfect typing might double a
digit unintentionally, do not force them to proceed with an incorrect
value.

Removing '-n $digits' from read does both of those.  Add '-r' so
backslashes do not have unexpected behavior.

Don't require leading zeroes, zero-pad automatically.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 09:12:03 -04:00
Jonathon Hall
16f0793648
initrd/bin/change-time: Label parameters of get_date
Use local named variables instead of $1-$4 throughout the function.
This makes the implementation clearer and documents the usage.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-08-06 08:57:24 -04:00
Thierry Laurion
f4ce047167
gui-init: put change-time under TOTP mismatch where it should be, remove unneeded duplicate menu options to change system time
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-29 10:32:34 -04:00
Thierry Laurion
a99298acb2
change-time script: syntax, spcaing, wording and typo fixes
Signed-off-by: Thierry Laurion <insurgo@riseup.net>

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-29 10:12:20 -04:00
alexgithublab
07a6b7819a
UTC statment + menu order
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-29 10:12:14 -04:00
alexgithublab
a3b9a1d9e9
chmod
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-29 10:12:08 -04:00
alexgithublab
ff9dd5f667
change system time feature
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-29 10:12:03 -04:00
Matthew Drobnak
19a705c179
Add functions to handle normal, warning, and error for whiptail and fbwhiptail.
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
2024-06-25 17:26:14 +00:00
Thierry Laurion
96b619b5fd
Merge pull request #1704 from Dasharo/nitropad-shutdown
nitropad-nx: use standard shutdown/reboot commands
2024-06-21 10:24:45 -04:00
Maciej Pijanowski
fd98c8d0d9
nitropad-nx: use standard shutdown/reboot commands
This commit effectively reverts commits a1c13ff and 902866cc. There is
no need for this special EC-based poweroff command. See more details in
issue linked below.

Fixes: https://github.com/Dasharo/dasharo-issues/issues/711

Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
2024-06-20 18:27:05 +02:00
Thierry Laurion
868abb75ba
Merge pull request #1697 from mdrobnak/issue_1692
1692 Update text for TPM Primary Handle error with correct remediation steps.
2024-06-07 09:28:31 -04:00
Matthew Drobnak
c7a5fbd66f
1692 Update text for TPM Primary Handle error with correct remediation steps.
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
2024-06-05 03:59:40 +00:00
nestire
ea05b1ed45
extent hotp error message for nitrokeys
Signed-off-by: nestire <hannes@nitrokey.com>
2024-05-21 17:03:08 +02:00
Thierry Laurion
37f04e2855
Fix key to card failing with invalid time when moving keys to smartcard on master (Opt: Authenticated Heads)
- Revert gnupg toolstack version bump to prior of #1661 merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility.
  - Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master)

- oem-factory-reset
  - Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors
  - Wipe keyrings only (*.gpg, *.kbx)  not conf files under gpg homedir (keep initrd/.gnupg/*.conf)

- flake.nix
  - switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker)
  - add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing

- flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds

- README.md: have consistent docker testing + release (push) notes

- .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing)

TODO:
- some fd2 instead of fd1?!
- oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-17 09:27:29 -04:00
Jonathon Hall
165f90a8cf
Merge remote-tracking branch 'github-tlaurion/reproducible_openssl_libtss2_tpm2'
PR #1630
2024-04-26 12:26:55 -04:00
Thierry Laurion
60d9aa4d5a
tpmr: remove warning "Warn: check public portion of the tpmkey manually"
Discussed under https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429

TODO added in code.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-26 11:14:14 -04:00
Thierry Laurion
b2629f8d4d
Merge pull request #1625 from tlaurion:LUKS_header_change_validation_upon_sealing_and_unsealing
LUKS header change validation upon sealing and unsealing ops
2024-04-25 16:39:41 -04:00
Jonathon Hall
1ae4c19f9a
Merge remote-tracking branch 'github-tlaurion/fix_hotp_increment_counter_after_detection-oem-factory-reset_loop_3x_hotp_detect'
PR #1650
2024-04-23 08:33:30 -04:00
Christian Foerster
cb03ec5584
change correct PIN minimum
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-23 01:10:53 +02:00
Thierry Laurion
b6bd682cb3
Fix HOTP verification logic (and counter increment) in gui-init and oem-factory-reset scripts
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-22 17:24:21 -04:00
Christian Foerster
70e9c663bc
only change user PIN minimum requirement to 6
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-22 22:56:13 +02:00
Christian Foerster
408524fb31
Revert "UX improvements PIN questions"
This reverts commit ba20d98bdd.

Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-22 22:51:25 +02:00
Christian Foerster
0854f2ce80
Revert "fix small incongruency with previous commit"
This reverts commit be65c4be5b.

Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-22 22:51:17 +02:00
Christian Foerster
2828e2ca60
Revert "fix another small incongruency with previous commit"
This reverts commit cc70e772f8.

Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-22 22:50:34 +02:00
Christian Foerster
cc70e772f8
fix another small incongruency with previous commit
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-21 19:00:29 +02:00
Christian Foerster
be65c4be5b
fix small incongruency with previous commit
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-21 18:42:52 +02:00
Christian Foerster
ba20d98bdd
UX improvements PIN questions
Signed-off-by: Christian Foerster <christian.foerster@mailfence.com>
2024-04-21 18:31:43 +02:00
Thierry Laurion
fc874728f6
oem-factory-reset + seal-hotpkey: Give debug output to underatand in what state is the USB Security dongle
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-19 14:30:55 -04:00
Jonathon Hall
a767347afd
kexec-boot: Only capture kexec -d output to log, not console/kmsg
LOG() is added to log to the log only (not kmsg, more verbose than
TRACE).

DO_WITH_DEBUG only captures stdout/stderr to the log with LOG().

kexec-boot silences stderr from kexec, we don't want it on the console.

No need to repeat the kexec command when asking in debug to continue
boot, it's no longer hidden behind verbose output from kexec.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-04-19 14:14:54 -04:00
Jonathon Hall
d3656bbe65
kexec-boot, functions: Restore eval and DO_WITH_DEBUG that were deleted
`eval "$kexeccmd"` should become `DO_WITH_DEBUG eval "$kexeccmd"` when
adding DO_WITH_DEBUG, command invocation is still the same, still needs
eval.

Restore DO_WITH_DEBUG in front of kexec-parse-boot that had been
removed.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-04-19 13:48:27 -04:00
Thierry Laurion
ae5f9c5416
Improve DEBUG and DO_WITH_DEBUG output handling to also keep output of kexec -l when BOARD is in DEBUG+TRACE mode (configuration settings menu + flash)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-18 16:30:13 -04:00
Thierry Laurion
fb5cbf41a1
kexec-insert-key: refactor tampering check for encrypted disk keys prior of TPM unsealing ops
move code from kexec-unseal-key to kexec-insert-key, address code review and apply verbiage suggestion changes

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-11 14:50:40 -04:00
Thierry Laurion
f6232aa70f
Change disk encryption -> LUKS Disk Key and other relative/relative verbiage, remove irrelevant DEBUG trace under kexec-unseal-key
TODO:
- $(pcrs) call sometimes fail in DEBUG call, outputting too many chars to be inserted in kmesg. Call removed here since redundant (PCR6 already extended with LUKS header)
- Notes added for TPM2 simplification over TPM1 in code as TODO

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-11 14:44:13 -04:00
Thierry Laurion
adda59c675
LUKS header change validation at both sealing and unsealing of TPM Disk Unlock Key.
Fixes linuxboot#1092.
Supersedes linuxboot#1093

- Cherry-picks ed1c23a (credit to @hardened-vault) thank you!)
- Addresses and correct self-review under linuxboot#1093 (@hardened-vault: you don't answer often here!)
  - kexec-unseal-key: Warn a user who attempts to default boot while his Disk Unlock Key passphrase fails to unseal because LUKS headers changed.
    (linuxboot#1093 (comment))
  - kexec-seal-key: Identical as in ed1c23a
  - kexec-add-key: Tell the user that the Headers did not change when changing TPM released Disk Unlock Key
    (Through changing default boot at Options->Boot Options -> Show OS boot options: select a new boot option
    and set a Disk Unlock Key in TPM, accept to modify disk and sign /boot options)
    - Here, we cancel the diff output shown on screen linuxboot#1093 (comment)
    - And we change the warning given to the user to past tense "Headers of LUKS containers to be unlocked via TPM Disk Unlock Key passphrase did not change."

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-11 14:44:07 -04:00
Jonathon Hall
ebdcc8523c
Merge branch 'silence-exfat-errors-for-iso9660'
PR #1602
2024-02-23 13:22:33 -05:00
Thierry Laurion
ebe9db4350
initrd/bin/network-init-recovery: kill dropbear unconditionally prior of starting it
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-02-23 12:17:47 -05:00