ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-03 01:30:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,834 Commits 28 Branches 6 Tags
Commit Graph

2834 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonathon Hall
be49517a0d
functions: Simplify dictionary word selection 
The dice-rolls method was relatively complex and somewhat biased
(~2.4% biased toward 1-4 on each roll due to modulo bias).

Just pick a line from the dictionary at random.  Using all 32 bits of
entropy to pick a line once distributes the modulo bias so it is only
0.000003% biased toward the first 1263 words.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:38 -05:00
Jonathon Hall
98e20544ef
functions: Fix spelling of 'dictionaries' 
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:32 -05:00
Thierry Laurion
27ab17377d
hotp-verification: removed patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346 directory: waiting for https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 and https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 to be merged to change modules/hotp-verification commit 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:26 -05:00
Thierry Laurion
ebf4d1d221
oem-factory-reset+seal-hotp nk3 hotp-verification info adaptations 
- oem-factory-reset: fix strings for nk3 is from https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 is Secrets app, not Secret App singular, not App capitalized
- initrd/bin/seal-hotpkey: adapt to check nk3 Secrets App PIN counter if nk3, keep Card counters for <nk3 from https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43
  - Unattended hotp_initialize output removed since we need physical presence to seal HOTP until https://github.com/Nitrokey/nitrokey-hotp-verification/issues/41 is fixed
  - Finally make seal_hotp use logic to detect if public key <1m old, use HOTP related PIN by default if counter is not <3, warn that re-ownership needs to be ran to change it since no security offered at all otherwise with HOTP
- unify format with linting tool

Tested in local tree against https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/43.patch, removing https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/46.patch
 - will revert the change above in PR once testing is over

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:18:18 -05:00
Thierry Laurion
4fd710696e
hotp-verification patches: Use https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 instead of https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 for hotp-verification info parsing and validation of oem-factory-reset and seal-hotp 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:34 -05:00
Thierry Laurion
847b4ddbdf
WiP seal-hotp: customize message to be GPG Admin PIN or Secure App PIN 
TODO: check logic in this file because assumptions on PINs retry count are wrong and will depend on https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 not tested here

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:28 -05:00
Thierry Laurion
95473d6c89
kexec-sign-config: mount rw, write things to /boot, mount ro after 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:22 -05:00
Thierry Laurion
e25fb595b6
oem-factory-reset: reset nk3 secure app PIN early since we need physical presence, put nk3 secure APP PIN after TPM but before GPG PINS in output for consistency 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:17 -05:00
Thierry Laurion
c372370210
oem-factory-reset: set title_text accordingly to mode, either 'OEM Factory Reset Mode', 'Re-Ownership Mode' or 'OEM Factory Reset / Re-Ownership' 
TODO: further specialize warning prompt to tell what is going to happen (randomized PIN, signle custom randomized PIN etc)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:11 -05:00
Thierry Laurion
789231fac3
oem-factory-reset: fix Secure App wording, prevent word globbing, warn that physical presence is needed 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:15:05 -05:00
Thierry Laurion
03e5ec0ddf
oem-factory-reset: if nk3, also display Secure App PIN = GPG Admin PIN as text and in Qr code 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:59 -05:00
Thierry Laurion
e01d346fe8
oem-factory-reset: don't set user re-ownership by default for now: use current defaults being DEF pins (12345678 and 123456 as master) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:53 -05:00
Thierry Laurion
7f9f84b830
modules/hotp-verification: 1.6, removing patch pr43, only keeping 46 for this PR (43 conflicts when applied atop 46. 46 is needed here) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:47 -05:00
Thierry Laurion
fd136cd957
oem-factory-reset: add reset secure app PIN = ADMIN_PIN at reownership, make sure defaults are set for all modes, including default which uses current defaults being DEF pins (12345678 and 123456 as master) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:41 -05:00
Thierry Laurion
351a2e2130
modules/hotp-verification: revert to 1.6, add patches tested instead 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:35 -05:00
Thierry Laurion
814f4fabd9
WiP: add nk3 secret app reset function and call it following security dongle reset logic 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:30 -05:00
Thierry Laurion
223e5041bc
WiP: bump to hotp-verification version supporting reset of secret app 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:24 -05:00
Thierry Laurion
a6df16ec3c
WiP initrd/bin/oem-factory-reset: add qrcode+secet output loop until user press y (end of reownership wizard secret output) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>

works:
- oem and user mode passphrase generation
- qrcode

missing:
- unattended
  - luks reencryption + passphrase change for OEM mode (only input to be provided) with SINGLE passphrase when in unattended mode
    - same for user reownership when previously OEM reset unattended

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:18 -05:00
Thierry Laurion
40df08ecbc
/etc/functions:: reuse detect_boot_device instead of trying only to mount /etc/fstab existing /boot partition (otherwise early 'o' to enter oem mode of oem-factory-reset 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:12 -05:00
Thierry Laurion
108e6ed0b1
WiP initrd/bin/oem-factory-reset: add --mode (oem/user) skeleton 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:06 -05:00
Thierry Laurion
f8fdfc7b8d
WiP initrd/bin/oem-factory-reset: format unification 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:14:00 -05:00
Thierry Laurion
1da5119584
initrd/etc/functions: add generate_passphrase logic 
Nothing uses it for the moment, needs to be called from recovery shell: bash, source /etc/functions. generate_passphrase

- parses dictionary to check how many dice rolls needed on first entry, defaults to EFF short list v2 (bigger words easier to remember, 4 dices roll instead of 5)
  - defaults to using initrd/etc/diceware_dictionnaries/eff_short_wordlist_2_0.txt, parametrable
  - make sure format of dictionary is 'digit word' and fail early otherwise: we expect EFF diceware format dictionaries
- enforces max length of 256 chars, parametrable, reduces number of words to fit if not override
- enforces default 3 words passphrase, parametrable
- enforces captialization of first letter, lowercase parametrable
- read multiple bytes from /dev/urandom to fit number of dice rolls

Unrelated: uniformize format of file

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:54 -05:00
Thierry Laurion
befef09b7f
diceware: add short list v2, requiring 4 dices and providing longer words then short list v1 for easier to remember passphrases 
This lists comes from https://www.eff.org/files/2016/09/08/eff_short_wordlist_2_0.txt
Refered in article: https://www.eff.org/dice

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:49 -05:00
Thierry Laurion
d57a120912
initrd/etc/ash_functions: add GPG Admin/User PIN output grabbing on confirm_gpg_card presence call, echo for now, warn to input GPG User PIN when asked to unlock GPG card 
Mitigate misunderstands and show GPG User/Admin PIN counts until proper output exists under hotp_verification info to reduce global confusion

Add TODO under initrd/bin/seal-hotpkey to not foget to fix output since now outputting counter of 8 for Admin PIN which makes no sense at all under hotp_verification 1.6 https://github.com/Nitrokey/nitrokey-hotp-verification/issues/38

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:43 -05:00
Thierry Laurion
3726e9083f
initrd/bin/tmpr: silence tpm reset console output, LOG instead 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:37 -05:00
Thierry Laurion
48807de222
codebase: silence dd output while capturing output in variables when needed 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:31 -05:00
Thierry Laurion
e03a790649
init: inform user that running in quiet mode, tell user that technical information can be seen running 'cat /tmp/debug.log' from Recovery Shell 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:25 -05:00
Thierry Laurion
9cd4757e4a
init: suppress /etc/config.user not existing on grep calls 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:19 -05:00
Thierry Laurion
1f029123e9
initrd bin/* sbin/insmod + /etc/ash_functions: TPM extend operations now all passed to LOG (quiet mode doesn't show them and logs them to /tmp/debug.log) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:13 -05:00
Thierry Laurion
496d93031e
qemu-coreboot-fbwhiptail-tpm2-hotp-prod_quiet board: addition of board containing 'export CONFIG_QUIET_MODE=y' for output comparison between debug, prod and quiet mode 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:13:07 -05:00
Thierry Laurion
fa0f90cbec
Put usage of ./docker_repro.sh (docker images with docker-ce) first 2024-12-17 11:23:30 -05:00
Thierry Laurion
99157f2291
Merge pull request #1802 from tlaurion/talos_2-kernel_version_bump_to_6.6.16 
talos-2: kernel version bump to 6.6.16
 2024-11-29 14:19:25 -05:00
Thierry Laurion
e31afc58b3
Merge pull request #1818 from tlaurion/pr0_skylake_and_more_recent 
WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other platforms/downstream forks supporting >=Skylake+
 2024-11-29 13:22:21 -05:00
Sergii Dmytruk
7ca7488474
config/linux-talos-2.config: update 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:30 -05:00
Sergii Dmytruk
e97b379796
talos2: port 2 more Linux patches to 6.6.16 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:24 -05:00
Thierry Laurion
a03857d85f
talos-2 kernel 6.6.16: review needed patches and config: cbmem missing, maybe some more patches needs porting 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:18 -05:00
Thierry Laurion
3ed0f2df35
talos-2 6.6.16 kernel config: deactivate CONFIG_COMPAT (32 bit support) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:12 -05:00
Thierry Laurion
d7ff890c78
WiP: talos-2: kernel version bump to 6.6.16 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 12:38:05 -05:00
Thierry Laurion
03ba3864db
Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent 2024-11-29 11:38:36 -05:00
Thierry Laurion
f8b03b3087
nitropad-ns50: remove PR0 until tested and readded in seperate PR 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-29 11:17:02 -05:00
Thierry Laurion
87732b71ce
Merge pull request #1865 from tlaurion/bump-flashprog_latest-meteor_lake_support 
modules/flashprog: bump to latest commit, including support for meteor lake
 2024-11-28 15:33:22 -05:00
Thierry Laurion
43b03fbe60
Revert "coreboot dasharo fork patch: bump patchset to upstream reviewed" 
This reverts commit f5fdf9a97e2d730fbaf888b33e730f51fdbdf4ed.
Unfortunately, patch doesn't apply to dasharo current fork pointed under modules/coreboot

Waiting for Dasharo to provide a patch updated to heads used fork/dasahro bumping to newer coreboot version for which patchset applies clealy

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-28 13:24:30 -05:00
Thierry Laurion
3de473c409
modules/flashprog: bump to latest commit, including support for meteor lake 
We use eb2c04185f (2024-11-21 1.3+ bugfixes)
Where meteor lake is 5e0d9b04a0 is from 1.3 (3 weeks ago)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-28 12:06:42 -05:00
Thierry Laurion
6f2ea7c7bf
Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent 2024-11-28 11:53:48 -05:00
Thierry Laurion
f5fdf9a97e
coreboot dasharo fork patch: bump patchset to upstream reviewed 
repro:
git fetch https://review.coreboot.org/coreboot refs/changes/78/85278/3 && git format-patch -1 --stdout FETCH_HEAD > patches/coreboot-dasharo-unreleased/0002-pr0_chipset_locking-post_skylake.patch
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-28 11:52:22 -05:00
Thierry Laurion
4f1405853f
Merge pull request #1861 from tlaurion/oem-factory_reset_hide-detach-sign-user-pin 
bugfix: oem-factory-reset: debug mode; hide passphrase output on screen/debug log on gpg --detach-sign of /boot hash digest
 2024-11-25 11:02:30 -05:00
Thierry Laurion
5501cd0744
oem-factory-reset: debug mode; hide passphrase output on screen/debug.log on gpg --detach-sign of /boot hash digest 
Before:
[  155.845101] DEBUG: gpg --pinentry-mode loopback --passphrase Please Change Me --digest-algo SHA256 --detach-sign -a

After:
[  131.272954] DEBUG: gpg --pinentry-mode loopback --passphrase <hidden> --digest-algo SHA256 --detach-sign -a

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-25 10:57:44 -05:00
Thierry Laurion
45696a4c8a
Merge pull request #1860 from tlaurion/fix_initrd_unpack_for_repacking 
initrd/bin/unpack_initramfs.sh: add xz unpacking support.
 2024-11-22 17:50:23 -05:00
Thierry Laurion
95c6eb5c49
initrd/bin/unpack_initramfs.sh: add xz to unpack logic (add commented: bzip2, lzma, lzo and lz4) 
xz: tested working with tails test build and 6.8.1's initrd
latest ubuntu 24.10: switched back to zstd, works as expected (tested)

Magic numbers referred at:
- 28eb75e178/scripts/extract-vmlinux (L52C1-L58C43)
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/decompress.c#n51

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-22 17:30:17 -05:00
Thierry Laurion
71a8075125
initrd/bin/unpack_initramfs.sh: no functional change, just format with tabs 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-11-22 17:29:41 -05:00