only print the battery manufacturer in case there is more than one battery, otherwise omit it
make the code more readable for non-bash developers
extract common functions
Signed-off-by: gaspar-ilom <gasparilom@riseup.net>
Repro:
On QEMU (no battery, debug + tracing on):
[ 41.792342] TRACE: /bin/gui-init(383): show_main_menu
[ 44.722784] TRACE: /etc/gui_functions(167): show_system_info
[ 44.765643] TRACE: /etc/functions(1241): print_battery_charge
[ 44.846725] DEBUG: No battery found in /sys/class/power_supply/
[ 44.899241] TRACE: /etc/functions(1224): print_battery_health
[ 45.009917] DEBUG: No battery found in /sys/class/power_supply/
Battery info not provided under whiptail output.
Info for battery depends on linux kernel enablement. Maybe something missing for t480.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
nk3 was not tested on non-hotp boards. Make sure both htop_verification and nk3 is present before resetting Secrets App
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
There are many flows through oem-factory-reset that use passwords
provided by the user or basic defaults to be changed later. We don't
need to badger the user to record those passwords.
Still do this if we generated diceware passwords though, as the user
does not know them yet.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Quiet mode introduced output reduction to console to limit technical info provided to end users.
Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log
Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log
This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Additional 0.5h for applying changes linked to code review under https://github.com/linuxboot/heads/pull/1875
Linked to Nitrokey unacknowledged RfP https://github.com/linuxboot/heads/issues/1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
So that export CONFIG_TPM2_CAPTURE_PCAP=n across all boards doesn't break and so that its easy for auditors to just toggle on in board configs
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
These two settings are exclusive, so they would disable each other if
enabled. Present them as one setting with three output levels.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Don't print the URL and then explain how to get the secret out of it,
just print the secret.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
If a TPM reset step fails, don't blindly continue onto the other
steps. Use DO_WITH_DEBUG to trace failures, so they're visible in the
log but we still exit due to set -e.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Use SINK_LOG to capture tpm2 unseal rather than a temp file.
Don't double up output from tpm "$@" to log; DO_WITH_DEBUG already
captures it.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Add examples for capturing stderr or both stdout+stderr.
Trace blank lines with LOG like non-blank lines.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This is equivalent of passing debug on kernel command line from coreboot config, even is enabled through config options and saved back in CBFS.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Insights:
- We should use oem generated pubkey naming to distinguish between oem/user generated keys and try to use default PINs also for GPG User to sign with default PIN and warn even if it works/doesn't, urging users to do reownership
- Point is that oem factory reset does in the direction of using randomized PINs, while continuing to use those for a user should be strongly discouraged
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
We're adding leading blank lines, which makes the prompt look odd and
now have to be removed later. Just stop adding the leading blank
lines.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
The dice-rolls method was relatively complex and somewhat biased
(~2.4% biased toward 1-4 on each roll due to modulo bias).
Just pick a line from the dictionary at random. Using all 32 bits of
entropy to pick a line once distributes the modulo bias so it is only
0.000003% biased toward the first 1263 words.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
