Additional 0.5h for applying changes linked to code review under https://github.com/linuxboot/heads/pull/1875
Linked to Nitrokey unacknowledged RfP https://github.com/linuxboot/heads/issues/1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
So that export CONFIG_TPM2_CAPTURE_PCAP=n across all boards doesn't break and so that its easy for auditors to just toggle on in board configs
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
with exception of
- qemu boards not being *quiet: quiet=n
- qemu boards not being *prod* having pcap=y
- qemy boards not being *prod* have debug+tracing=y
- qemu tpm1 boards have '#pcap=n'
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
These two settings are exclusive, so they would disable each other if
enabled. Present them as one setting with three output levels.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Don't print the URL and then explain how to get the secret out of it,
just print the secret.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
If a TPM reset step fails, don't blindly continue onto the other
steps. Use DO_WITH_DEBUG to trace failures, so they're visible in the
log but we still exit due to set -e.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Use SINK_LOG to capture tpm2 unseal rather than a temp file.
Don't double up output from tpm "$@" to log; DO_WITH_DEBUG already
captures it.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Add examples for capturing stderr or both stdout+stderr.
Trace blank lines with LOG like non-blank lines.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This is equivalent of passing debug on kernel command line from coreboot config, even is enabled through config options and saved back in CBFS.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
I give up trying to make Nitrokey do the right thing. They will propose PR to Heads next to fix their own fixes for their own caused regressions and security vulns.
I just stopped caring for sanity reasons, i'm making quiet+eom/user-reownership fixes for feature freeze. If nitrokey pays, there is gonna be future collaboration, if they don't, they will do Heads related stuff themselves.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Insights:
- We should use oem generated pubkey naming to distinguish between oem/user generated keys and try to use default PINs also for GPG User to sign with default PIN and warn even if it works/doesn't, urging users to do reownership
- Point is that oem factory reset does in the direction of using randomized PINs, while continuing to use those for a user should be strongly discouraged
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
(PR 43 not in which fixes hotp_verification info, needed to reuse default PINs under seal-hotp if pubkey age <1 month and if Secret app PIN/GPG Admin PIN count >=3 )
Repro:
mkdir patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346
wget https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/46.patch -O patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346/46.patch
sudo rm -rf build/x86/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346/
./docker_repro.sh make BOARD=qemu-coreboot-whiptail-tpm2-hotp USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=pubkey.asc inject_gpg run
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
We're adding leading blank lines, which makes the prompt look odd and
now have to be removed later. Just stop adding the leading blank
lines.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
The dice-rolls method was relatively complex and somewhat biased
(~2.4% biased toward 1-4 on each roll due to modulo bias).
Just pick a line from the dictionary at random. Using all 32 bits of
entropy to pick a line once distributes the modulo bias so it is only
0.000003% biased toward the first 1263 words.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
