ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-02 17:20:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,837 Commits 28 Branches 6 Tags
Commit Graph

2837 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thierry Laurion
abc97fe1be
WiP: staging changes including https://github.com/linuxboot/heads/pull/1850 https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 and https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:55 -05:00
Thierry Laurion
4ba7cc5495
patches/hotp-verification-*/46.patch : readd https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 so that this PR can be tested and reviewed from OEM Factory Reset/User Re-Ownership perspective 
(PR 43 not in which fixes hotp_verification info, needed to reuse default PINs under seal-hotp if pubkey age <1 month and if Secret app PIN/GPG Admin PIN count >=3 )

Repro:
mkdir patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346
wget https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/46.patch -O patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346/46.patch
sudo rm -rf  build/x86/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346/
./docker_repro.sh make BOARD=qemu-coreboot-whiptail-tpm2-hotp USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=pubkey.asc inject_gpg run

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:49 -05:00
Jonathon Hall
54baa37d4a
oem-factory-reset: Stop adding leading blank lines in 'passphrases' msg 
We're adding leading blank lines, which makes the prompt look odd and
now have to be removed later.  Just stop adding the leading blank
lines.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:43 -05:00
Jonathon Hall
be49517a0d
functions: Simplify dictionary word selection 
The dice-rolls method was relatively complex and somewhat biased
(~2.4% biased toward 1-4 on each roll due to modulo bias).

Just pick a line from the dictionary at random.  Using all 32 bits of
entropy to pick a line once distributes the modulo bias so it is only
0.000003% biased toward the first 1263 words.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:38 -05:00
Jonathon Hall
98e20544ef
functions: Fix spelling of 'dictionaries' 
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:32 -05:00
Thierry Laurion
27ab17377d
hotp-verification: removed patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346 directory: waiting for https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 and https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 to be merged to change modules/hotp-verification commit 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:26 -05:00
Thierry Laurion
ebf4d1d221
oem-factory-reset+seal-hotp nk3 hotp-verification info adaptations 
- oem-factory-reset: fix strings for nk3 is from https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 is Secrets app, not Secret App singular, not App capitalized
- initrd/bin/seal-hotpkey: adapt to check nk3 Secrets App PIN counter if nk3, keep Card counters for <nk3 from https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43
  - Unattended hotp_initialize output removed since we need physical presence to seal HOTP until https://github.com/Nitrokey/nitrokey-hotp-verification/issues/41 is fixed
  - Finally make seal_hotp use logic to detect if public key <1m old, use HOTP related PIN by default if counter is not <3, warn that re-ownership needs to be ran to change it since no security offered at all otherwise with HOTP
- unify format with linting tool

Tested in local tree against https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/43.patch, removing https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/46.patch
 - will revert the change above in PR once testing is over

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:18 -05:00
Thierry Laurion
4fd710696e
hotp-verification patches: Use https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 instead of https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 for hotp-verification info parsing and validation of oem-factory-reset and seal-hotp 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:34 -05:00
Thierry Laurion
847b4ddbdf
WiP seal-hotp: customize message to be GPG Admin PIN or Secure App PIN 
TODO: check logic in this file because assumptions on PINs retry count are wrong and will depend on https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 not tested here

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:28 -05:00
Thierry Laurion
95473d6c89
kexec-sign-config: mount rw, write things to /boot, mount ro after 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:22 -05:00
Thierry Laurion
e25fb595b6
oem-factory-reset: reset nk3 secure app PIN early since we need physical presence, put nk3 secure APP PIN after TPM but before GPG PINS in output for consistency 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:17 -05:00
Thierry Laurion
c372370210
oem-factory-reset: set title_text accordingly to mode, either 'OEM Factory Reset Mode', 'Re-Ownership Mode' or 'OEM Factory Reset / Re-Ownership' 
TODO: further specialize warning prompt to tell what is going to happen (randomized PIN, signle custom randomized PIN etc)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:11 -05:00
Thierry Laurion
789231fac3
oem-factory-reset: fix Secure App wording, prevent word globbing, warn that physical presence is needed 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:05 -05:00
Thierry Laurion
03e5ec0ddf
oem-factory-reset: if nk3, also display Secure App PIN = GPG Admin PIN as text and in Qr code 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:59 -05:00
Thierry Laurion
e01d346fe8
oem-factory-reset: don't set user re-ownership by default for now: use current defaults being DEF pins (12345678 and 123456 as master) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:53 -05:00
Thierry Laurion
7f9f84b830
modules/hotp-verification: 1.6, removing patch pr43, only keeping 46 for this PR (43 conflicts when applied atop 46. 46 is needed here) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:47 -05:00
Thierry Laurion
fd136cd957
oem-factory-reset: add reset secure app PIN = ADMIN_PIN at reownership, make sure defaults are set for all modes, including default which uses current defaults being DEF pins (12345678 and 123456 as master) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:41 -05:00
Thierry Laurion
351a2e2130
modules/hotp-verification: revert to 1.6, add patches tested instead 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:35 -05:00
Thierry Laurion
814f4fabd9
WiP: add nk3 secret app reset function and call it following security dongle reset logic 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:30 -05:00
Thierry Laurion
223e5041bc
WiP: bump to hotp-verification version supporting reset of secret app 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:24 -05:00
Thierry Laurion
a6df16ec3c
WiP initrd/bin/oem-factory-reset: add qrcode+secet output loop until user press y (end of reownership wizard secret output) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>

works:
- oem and user mode passphrase generation
- qrcode

missing:
- unattended
  - luks reencryption + passphrase change for OEM mode (only input to be provided) with SINGLE passphrase when in unattended mode
    - same for user reownership when previously OEM reset unattended

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:18 -05:00
Thierry Laurion
40df08ecbc
/etc/functions:: reuse detect_boot_device instead of trying only to mount /etc/fstab existing /boot partition (otherwise early 'o' to enter oem mode of oem-factory-reset 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:12 -05:00
Thierry Laurion
108e6ed0b1
WiP initrd/bin/oem-factory-reset: add --mode (oem/user) skeleton 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:06 -05:00
Thierry Laurion
f8fdfc7b8d
WiP initrd/bin/oem-factory-reset: format unification 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:00 -05:00
Thierry Laurion
1da5119584
initrd/etc/functions: add generate_passphrase logic 
Nothing uses it for the moment, needs to be called from recovery shell: bash, source /etc/functions. generate_passphrase

- parses dictionary to check how many dice rolls needed on first entry, defaults to EFF short list v2 (bigger words easier to remember, 4 dices roll instead of 5)
  - defaults to using initrd/etc/diceware_dictionnaries/eff_short_wordlist_2_0.txt, parametrable
  - make sure format of dictionary is 'digit word' and fail early otherwise: we expect EFF diceware format dictionaries
- enforces max length of 256 chars, parametrable, reduces number of words to fit if not override
- enforces default 3 words passphrase, parametrable
- enforces captialization of first letter, lowercase parametrable
- read multiple bytes from /dev/urandom to fit number of dice rolls

Unrelated: uniformize format of file

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:54 -05:00
Thierry Laurion
befef09b7f
diceware: add short list v2, requiring 4 dices and providing longer words then short list v1 for easier to remember passphrases 
This lists comes from https://www.eff.org/files/2016/09/08/eff_short_wordlist_2_0.txt
Refered in article: https://www.eff.org/dice

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:49 -05:00
Thierry Laurion
d57a120912
initrd/etc/ash_functions: add GPG Admin/User PIN output grabbing on confirm_gpg_card presence call, echo for now, warn to input GPG User PIN when asked to unlock GPG card 
Mitigate misunderstands and show GPG User/Admin PIN counts until proper output exists under hotp_verification info to reduce global confusion

Add TODO under initrd/bin/seal-hotpkey to not foget to fix output since now outputting counter of 8 for Admin PIN which makes no sense at all under hotp_verification 1.6 https://github.com/Nitrokey/nitrokey-hotp-verification/issues/38

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:43 -05:00
Thierry Laurion
3726e9083f
initrd/bin/tmpr: silence tpm reset console output, LOG instead 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:37 -05:00
Thierry Laurion
48807de222
codebase: silence dd output while capturing output in variables when needed 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:31 -05:00
Thierry Laurion
e03a790649
init: inform user that running in quiet mode, tell user that technical information can be seen running 'cat /tmp/debug.log' from Recovery Shell 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:25 -05:00
Thierry Laurion
9cd4757e4a
init: suppress /etc/config.user not existing on grep calls 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:19 -05:00
Thierry Laurion
1f029123e9
initrd bin/* sbin/insmod + /etc/ash_functions: TPM extend operations now all passed to LOG (quiet mode doesn't show them and logs them to /tmp/debug.log) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:13 -05:00
Thierry Laurion
496d93031e
qemu-coreboot-fbwhiptail-tpm2-hotp-prod_quiet board: addition of board containing 'export CONFIG_QUIET_MODE=y' for output comparison between debug, prod and quiet mode 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:07 -05:00
Thierry Laurion
fa0f90cbec
Put usage of ./docker_repro.sh (docker images with docker-ce) first 2024-12-17 11:23:30 -05:00
Thierry Laurion
99157f2291
Merge pull request #1802 from tlaurion/talos_2-kernel_version_bump_to_6.6.16 
talos-2: kernel version bump to 6.6.16
 2024-11-29 14:19:25 -05:00
Thierry Laurion
e31afc58b3
Merge pull request #1818 from tlaurion/pr0_skylake_and_more_recent 
WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other platforms/downstream forks supporting >=Skylake+
 2024-11-29 13:22:21 -05:00
Sergii Dmytruk
7ca7488474
config/linux-talos-2.config: update 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:30 -05:00
Sergii Dmytruk
e97b379796
talos2: port 2 more Linux patches to 6.6.16 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:24 -05:00
Thierry Laurion
a03857d85f
talos-2 kernel 6.6.16: review needed patches and config: cbmem missing, maybe some more patches needs porting 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:18 -05:00
Thierry Laurion
3ed0f2df35
talos-2 6.6.16 kernel config: deactivate CONFIG_COMPAT (32 bit support) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:12 -05:00
Thierry Laurion
d7ff890c78
WiP: talos-2: kernel version bump to 6.6.16 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:05 -05:00
Thierry Laurion
03ba3864db
Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent 2024-11-29 11:38:36 -05:00
Thierry Laurion
f8b03b3087
nitropad-ns50: remove PR0 until tested and readded in seperate PR 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 11:17:02 -05:00
Thierry Laurion
87732b71ce
Merge pull request #1865 from tlaurion/bump-flashprog_latest-meteor_lake_support 
modules/flashprog: bump to latest commit, including support for meteor lake
 2024-11-28 15:33:22 -05:00
Thierry Laurion
43b03fbe60
Revert "coreboot dasharo fork patch: bump patchset to upstream reviewed" 
This reverts commit f5fdf9a97e2d730fbaf888b33e730f51fdbdf4ed.
Unfortunately, patch doesn't apply to dasharo current fork pointed under modules/coreboot

Waiting for Dasharo to provide a patch updated to heads used fork/dasahro bumping to newer coreboot version for which patchset applies clealy

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-28 13:24:30 -05:00
Thierry Laurion
3de473c409
modules/flashprog: bump to latest commit, including support for meteor lake 
We use eb2c04185f (2024-11-21 1.3+ bugfixes)
Where meteor lake is 5e0d9b04a0 is from 1.3 (3 weeks ago)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-28 12:06:42 -05:00
Thierry Laurion
6f2ea7c7bf
Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent 2024-11-28 11:53:48 -05:00
Thierry Laurion
f5fdf9a97e
coreboot dasharo fork patch: bump patchset to upstream reviewed 
repro:
git fetch https://review.coreboot.org/coreboot refs/changes/78/85278/3 && git format-patch -1 --stdout FETCH_HEAD > patches/coreboot-dasharo-unreleased/0002-pr0_chipset_locking-post_skylake.patch
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-28 11:52:22 -05:00
Thierry Laurion
4f1405853f
Merge pull request #1861 from tlaurion/oem-factory_reset_hide-detach-sign-user-pin 
bugfix: oem-factory-reset: debug mode; hide passphrase output on screen/debug log on gpg --detach-sign of /boot hash digest
 2024-11-25 11:02:30 -05:00
Thierry Laurion
5501cd0744
oem-factory-reset: debug mode; hide passphrase output on screen/debug.log on gpg --detach-sign of /boot hash digest 
Before:
[  155.845101] DEBUG: gpg --pinentry-mode loopback --passphrase Please Change Me --digest-algo SHA256 --detach-sign -a

After:
[  131.272954] DEBUG: gpg --pinentry-mode loopback --passphrase <hidden> --digest-algo SHA256 --detach-sign -a

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-25 10:57:44 -05:00