Commit Graph

2187 Commits

Author SHA1 Message Date
Thierry Laurion
a3086e9a1c
Remove TODO in code that were not relevant prior of first review
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:19 -04:00
Thierry Laurion
ad1bff6b23
oem-factory-reset: make initial questionnaire more concise
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:16 -04:00
Thierry Laurion
38fc097976
Squash: revert testing changes for RSA and unify once more USB Security dongle's usage
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:13 -04:00
Thierry Laurion
867fb8d023
RSA keygen adaptation testing with rsa 2048 in memory keygen and key to card missing pieces
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:09 -04:00
Thierry Laurion
e6eeb571b0
oem-factory-reset: simplify provisioned secret output at end of wizard, including GPG key material output passphrase (uses strings+=string)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:06 -04:00
Thierry Laurion
c3a5359a85
Squash: remove DEBUG that were TODO for removal
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:03 -04:00
Thierry Laurion
8a8634f6a3
oem-factory-reset seal-hotpkey: unify prompts and vocabulary
oem-factory-reset: bugfix, keytocard inverts prompts. First is keyring then smartcard.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:00 -04:00
Thierry Laurion
7cd44b6dc4
oem-factory-reset: further cleaning of code for proper validation and consistency checks for passphrases. Also skip flashing code on qemu boards with short explanation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:56 -04:00
Thierry Laurion
9c3fb35358
initrd/bin/reboot: BugFix in nv41/ns50 condition check to call nitropad-shutdown.sh (otherwise output error on console for improper condition in ash
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:53 -04:00
Thierry Laurion
7f5d9700b7
gpg_auth function was not failing properly on failing, die instead
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:50 -04:00
Thierry Laurion
05fc4c1747
PCR extend ops inform users on what happens, otherwise we tpm commands output on screen without context
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:47 -04:00
Thierry Laurion
9e838ad615
oem-factory-reset: make passphrases variables able to contain strings and validate things more solidly
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:43 -04:00
Thierry Laurion
56b602974b
WiP: NK3 with p256 ECC algo supported for in-memory keygen and key-to-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:40 -04:00
Thierry Laurion
2b21623bc6
qemu doc: add modify list/mount instructions to use losetup to map partitions to loop0pX and mount them to get public key
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:37 -04:00
Thierry Laurion
b2cb9b4997
.ash_history: add history command for manual detached signed integrity validation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:34 -04:00
Thierry Laurion
cf065eeba2
bin/reboot: fix parameter order so that we pause when in DEBUG before rebooting
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:30 -04:00
Thierry Laurion
27c457f04b
TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm_password into tpm_owner_password and reusing correctly
i
TODO: fix all TODO in PR prior of review + squash

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:27 -04:00
Thierry Laurion
729f2b17b8
WiP to be squashed: we need to refactor prompt_tpm_password which is used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:24 -04:00
Thierry Laurion
15f1d0b77a
To Squash: changes to reboot were not ash compliant
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:21 -04:00
Thierry Laurion
3fb84f0b42
WiP: Clean cached /tmp/secret/tpm_password when sealing fails, otherwise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key
gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:17 -04:00
Thierry Laurion
911eb07565
TPM1/TPM2: unify wording for TPM Owner Password and cache it externally to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot
TODO: Why two functions prompt_tpm_password and prompt_new_owner_password
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:14 -04:00
Thierry Laurion
754e3c9165
bin/reboot: intercept reboot call when in DEBUG mode to type 'r' to go to recovery shell instead of rebooting
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:11 -04:00
Thierry Laurion
2ea62ff17e
/etc/functions: add missing TRACE traces to get where TPM passphrase should be written to file and reused since not all in same functions/files for TPM2
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:08 -04:00
Thierry Laurion
2ae94405ad
WiP: add export CONFIG_HAVE_GPG_KEY_BACKUP=y so whiptail-tpm2 can be used with GPG key material thumb drive backup
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:04 -04:00
Thierry Laurion
88d00dfcb2
scripts: unify luks in text/prompts/messages to LUKS
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:01 -04:00
Thierry Laurion
2697a6ad1f
WiP: further removal of unecessary debug messages
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:58 -04:00
Thierry Laurion
1f28c71447
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:55 -04:00
Thierry Laurion
eceb97aa4d
WiP: provide proper info/warn/die messages explaining causes of errors linked to detach signing errors
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:51 -04:00
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:48 -04:00
Thierry Laurion
b1e5c638cd
WiP
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:45 -04:00
tlaurion
e1d972be37
Merge pull request #1517 from tlaurion/pass_debug_call_output_to_kmsg_one_line_at_a_time
BugFix: Pass debug call output to kmsg one line at a time
2023-10-21 14:39:08 -04:00
Thierry Laurion
139f77113c
ash_functions: make DEBUG call pass multiline messages one at a time to /tmp/debug.log and kmsg 2023-10-21 14:37:31 -04:00
tlaurion
9e55e08ac0
Merge pull request #1512 from tlaurion/update_qubes_release_signing_keys
qubes release signing keys: move qubes-4.key to qubes-4.1.key, add qubes-4.2.key
2023-10-18 14:11:54 -04:00
Thierry Laurion
576e2a8fff
qubes release signing keys: move qubes-4.key to qubes-4.1.key, add qubes-4.2.key 2023-10-18 13:37:22 -04:00
tlaurion
5002198bb1
Merge pull request #1510 from tlaurion/debian-11_dependencies_fix_for_openssl_module_build
CircleCI: fix debian-11 packages dependencies (#1507)
2023-10-17 17:56:52 -04:00
tlaurion
f78786705e
Merge pull request #1509 from tlaurion/whiptail_respect_lowercase_uppercase_choices
newt(whiptail): fix code that was doing toupper of input
2023-10-17 13:30:47 -04:00
Thierry Laurion
44fa663d60
CircleCI: fix debian-11 packages dependencies (#1507) 2023-10-17 09:40:57 -04:00
Thierry Laurion
498a78af57
newt(whiptail): fix code that was doing toupper of input 2023-10-11 15:47:53 -04:00
tlaurion
bd2a8eb96e
Merge pull request #1478 from tlaurion/stenghten_entropy_sources_with_jitter_and_TPM
Have CRNG avail early on boot and maximize ligcrypt entropy sources/efficiency
2023-10-10 14:23:47 -04:00
Thierry Laurion
9addb3b6b0
qemu board doc: add Nitrokey3NFC in md doc 2023-10-10 12:30:41 -04:00
Thierry Laurion
65e5286b5a
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console. 2023-10-10 12:28:52 -04:00
Thierry Laurion
0416896b82
etc/ash_function's warn/die/TRACE/DEBUG now output also under /dev/kmsg when DEBUG is enabled 2023-10-10 12:28:15 -04:00
Thierry Laurion
4ff955918f
x230-maximized board configs: add DEBUG/TRACE board config in comment
Enabling DEBUG/TRACE options from board config vs from configuration menu is different.

When enabled in board config, /etc/config is from ROM, and sourced early and make TRACE/DEBUG calls appear early.
If added through configuration menu, those are /etc/config.user overrides extracted from CBFS and then sourced after combine_configs call

If for whatever reason early DEBUG is needed on a platform, enabling in board config is needed.
For runtime debugging, enabling Debug output from configuration menu is enough
2023-10-10 12:14:36 -04:00
Thierry Laurion
84899cf631
libgcrypt module: remove disable-asm
As on master otherwise with --disable-asm:

    config.status: executing gcrypt-conf commands

            Libgcrypt v1.10.1 has been configured as follows:

            Platform:                  GNU/Linux (x86_64-pc-linux-musl)
            Hardware detection module: none
            Enabled cipher algorithms: arcfour blowfish cast5 des aes twofish
                                       serpent rfc2268 seed camellia idea salsa20
                                       gost28147 chacha20 sm4
            Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
                                       sha256 sha512 sha3 tiger whirlpool stribog
                                       blake2 sm3
            Enabled kdf algorithms:    s2k pkdf2 scrypt
            Enabled pubkey algorithms: dsa elgamal rsa ecc
            Random number generator:   default
            Try using jitter entropy:  yes
            Using linux capabilities:  no
            FIPS module version:
            Try using Padlock crypto:  n/a
            Try using AES-NI crypto:   n/a
            Try using Intel SHAEXT:    n/a
            Try using Intel PCLMUL:    n/a
            Try using Intel SSE4.1:    n/a
            Try using DRNG (RDRAND):   n/a
            Try using Intel AVX:       n/a
            Try using Intel AVX2:      n/a
            Try using ARM NEON:        n/a
            Try using ARMv8 crypto:    n/a
            Try using PPC crypto:      n/a

By disabling --disable-asm in libgcrypt 1.10.1:

    config.status: executing gcrypt-conf commands

            Libgcrypt v1.10.1 has been configured as follows:

            Platform:                  GNU/Linux (x86_64-pc-linux-musl)
            Hardware detection module: libgcrypt_la-hwf-x86
            Enabled cipher algorithms: arcfour blowfish cast5 des aes twofish
                                       serpent rfc2268 seed camellia idea salsa20
                                       gost28147 chacha20 sm4
            Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
                                       sha256 sha512 sha3 tiger whirlpool stribog
                                       blake2 sm3
            Enabled kdf algorithms:    s2k pkdf2 scrypt
            Enabled pubkey algorithms: dsa elgamal rsa ecc
            Random number generator:   default
            Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
                                       sha256 sha512 sha3 tiger whirlpool stribog
                                       blake2 sm3
            Enabled kdf algorithms:    s2k pkdf2 scrypt
            Enabled pubkey algorithms: dsa elgamal rsa ecc
            Random number generator:   default
            Try using jitter entropy:  yes
            Using linux capabilities:  no
            FIPS module version:
            Try using Padlock crypto:  yes
            Try using AES-NI crypto:   yes
            Try using Intel SHAEXT:    yes
            Try using Intel PCLMUL:    yes
            Try using Intel SSE4.1:    yes
            Try using DRNG (RDRAND):   yes
            Try using Intel AVX:       yes
            Try using Intel AVX2:      yes
            Try using ARM NEON:        n/a
            Try using ARMv8 crypto:    n/a
            Try using PPC crypto:      n/a

To support PPC crypto, it seems we will need yasm.
To support linux capabilities, libcap would be required as well later on. :/ another point for rng-tools (which also depends on libcap-ng)
2023-10-10 12:06:18 -04:00
Thierry Laurion
0100f7b970
linux configs: unify CONFIG_UNIX98_PTYS=y, CONFIG_HW_RANDOM_TPM=n, # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set, CONFIG_RANDOM_TRUST_CPU=y, CONFIG_PROC_SYSCTL is not set 2023-10-10 12:03:58 -04:00
Thierry Laurion
d3ec6ac11f
busybox: add clear reset and cttyhack to better deal with terminal mishaps 2023-10-10 11:55:24 -04:00
Thierry Laurion
5f38c715ce
coreboot config: unify quiet loglevel=2 for boards not defining default loglevel 2023-10-10 11:53:35 -04:00
tlaurion
f640fb70ba
Merge pull request #1506 from tlaurion/branding_proposition
Branding proposition + d-wid logo/bootsplash
2023-10-06 17:10:35 -04:00
d-wid
2bfa1737f8
Support branding under branding subdirectories
Squash of #1502 + moving logo/bootsplash files under branding/Heads

- Move logos and bootsplashes from blobs to branding/Heads/
- Makefile: add support for BRAND_DIR which depends on BRAND_NAME which defaults to Heads if no branding
- Boards coreboot configs: change bootsplash directory to depend on BRAND_DIR (instead of BLOBS_DIR) in bootsplash enabled configs
- Branding/Heads/bootsplash-1024x768.jpg points to branding/Heads/d-wid-ThePlexus_coreboot-linuxboot-heads_background-plain_DonateQrCode.jpg
- xcf file deleted. Original still under #1502 to reuse for modification without recompressing (blobs/heads.xcf)
- CREDITS file created to point to original authors, remixers (Open for details)
  - Thanks to: @d-wid for remixing Bing's AI generated Janus logo, @ThePlexus for Qubes Box concept and @ThrillerAtPlay for its matrix background
2023-10-06 17:09:23 -04:00
tlaurion
97bb0a82cb
Merge pull request #1498 from tlaurion/oem-factory-reset_fix-mount-usb
oem-factory-reset: fix call to mount-usb --mode rw
2023-09-07 16:29:12 -04:00