Commit Graph

1175 Commits

Author SHA1 Message Date
Thierry Laurion
2740317d67
shred TOTP_SECRET also when generation is successful 2019-02-24 11:11:00 -05:00
Thierry Laurion
8310a3d62e
also shred LUKS sealed secret when done instead of rm it 2019-02-24 10:29:09 -05:00
Thierry Laurion
b3a6c285c8
also shred LUKS key when done instead of rm it 2019-02-24 10:29:07 -05:00
Thierry Laurion
9fbfb41a71
reverting shred on a file that is not a secret to be shredded 2019-02-24 10:29:05 -05:00
Thierry Laurion
14c76d062c
supress errors on console when files don't exist (equivalent of rm -f) 2019-02-24 10:28:57 -05:00
Thierry Laurion
0722d42d65
using shred instead of rm on secret related files. 2019-02-24 10:27:20 -05:00
tlaurion
c341609488
Merge pull request #530 from cawilliamson/master
Add support for EXT2 (via the EXT4 driver)
2019-02-21 17:58:08 -05:00
tlaurion
405f4dd00c
Merge pull request #528 from tlaurion/qemu-gui-init_optional
qemu-coreboot board: switch back to generic init in non-FBWhiptail mode

This is following a dev request. Not waiting for approval since it's a commented revert.
2019-02-20 12:02:00 -05:00
tlaurion
c6619818ff
Merge pull request #522 from kylerankin/add_gpg_gui
It makes more logical sense for GPG functions to be split out into their
own menu instead of being part of the "Flash" menu. This creates a
gpg-gui.sh script and moves GPG options there while adding a few
additional features (like listing keys and initial smartcard key
generation support).
2019-02-20 10:40:23 -05:00
Christopher A. Williamson
70f809187b Disable EXT2 standard driver (replaced by EXT4 driver) 2019-02-19 21:16:52 +00:00
Kyle Rankin
ccdef58982
Merge branch 'add_gpg_gui' of github.com:kylerankin/heads into add_gpg_gui 2019-02-19 06:49:46 -08:00
Kyle Rankin
07cf7d7577
Revert "Remove "pipefail" so unmatched greps don't cause script to exit"
This reverts commit 9279d60a1a.
2019-02-19 06:48:35 -08:00
Kyle Rankin
9279d60a1a
Remove "pipefail" so unmatched greps don't cause script to exit 2019-02-19 06:48:17 -08:00
Kyle Rankin
cfddb4ed2e
Add GPG GUI
It makes more logical sense for GPG functions to be split out into their
own menu instead of being part of the "Flash" menu. This creates a
gpg-gui.sh script and moves GPG options there while adding a few
additional features (like listing keys and initial smartcard key
generation support).
2019-02-19 06:48:08 -08:00
Christopher A. Williamson
6794e9cdb5 Add support for EXT2 (via the EXT4 driver) 2019-02-19 13:49:06 +00:00
Thierry Laurion
1bb8184143
qemu-coreboot board: switch back to generic init in non-FBWhiptail mode 2019-02-18 21:10:45 -05:00
tlaurion
50172f21e5
Merge pull request #527 from flammit/qemu-gui-init
qemu-coreboot: change configs to enable gui-init testing
2019-02-17 08:50:14 -05:00
tlaurion
ee3d96b4b0
Merge pull request #525 from MrChromebox/librem_iommu
Fix Purism Librem IOMMU support
2019-02-15 19:27:28 -05:00
Kyle Rankin
cd5d0a0c4b
Remove "pipefail" so unmatched greps don't cause script to exit 2019-02-15 10:16:43 -08:00
Matt DeVillier
90ec5e9e2a boards/librem*: replace iommu=pt with intel_iommu=on
With addition of IOMMU/RMRR patches, passthru is no longer needed
for proper IOMMU functionality

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 17:09:56 -06:00
Matt DeVillier
988724c39d configs/coreboot/librem*: remove iommu=pt from linux cmd line
No longer needed with addition of IOMMU/RMRR patches

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 17:09:56 -06:00
Matt DeVillier
f5355815d9 patches/coreboot: add proper IOMMU/RMRR support
These two patches add the capability for coreboot to generate
the RMRR ACPI tables needed for proper IOMMU support. These
patches allow us to use 'intel_iommu=on' vs 'iommu=pt'

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 17:09:56 -06:00
Kyle Rankin
a6e978911a
Merge pull request #524 from MrChromebox/librem_v4
Add Purism Librem v4 support
2019-02-12 15:05:24 -08:00
Matt DeVillier
398f75f19f heads/config: add librem 13v4/15v4 as clones of 13v2/15v3
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 16:46:50 -06:00
Matt DeVillier
9aaa25c882 coreboot/config: add librem 13v4/15v4 as clones of 13v2/15v3
Adjust blobs paths for kbl vs skl, adjust board names

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 16:32:04 -06:00
Matt DeVillier
da2d267220 patches/coreboot: add support for librem 13v4/15v4 boards
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 16:32:04 -06:00
Matt DeVillier
81bf58d96d blobs/librem_kbl: clone from librem_skl, adjust for v4
Librem 13v4/15v4 use Kabylake SoC, have different set of blobs
required from Skylake-based v3 boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 16:32:04 -06:00
Matt DeVillier
428561c11e librem_skl/readme: remove reference to 15v4
15v4 isn't a skylake-based device

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 16:32:04 -06:00
Kyle Rankin
c31421218a
Add GPG GUI
It makes more logical sense for GPG functions to be split out into their
own menu instead of being part of the "Flash" menu. This creates a
gpg-gui.sh script and moves GPG options there while adding a few
additional features (like listing keys and initial smartcard key
generation support).
2019-02-11 14:29:13 -08:00
tlaurion
f0067d4b5c
Merge pull request #518 from tlaurion/gpg2_missing_sed
GPG2 branch required sed
2019-02-10 10:19:02 -05:00
Thierry Laurion
be12506d7c
GPG2 branch required sed
sed is required to import owner trust information in trustdb when keys are imported into pubkey.kbx/pubkey.gpg
2019-02-09 12:15:20 -05:00
tlaurion
564f3ee201
Merge pull request #490 from kylerankin/add_empty_keyring_detection
Add empty keyring detection, clean up main menu
2019-02-08 15:01:28 -05:00
tlaurion
98598e7f2f
Merge pull request #465 from merge/x230-gui
x230: use fbwhiptail and gui-init instead of generic-init
2019-02-08 13:32:22 -05:00
tlaurion
eafb47065f
Merge pull request #510 from tlaurion/gpg2
Gpg2 with all fixes included
2019-02-08 13:31:21 -05:00
tlaurion
695993b593
Merge branch 'master' into gpg2 2019-02-08 13:29:02 -05:00
tlaurion
aef5753373
Merge pull request #494 from kylerankin/add_config_gui
Add GUI to change /etc/config configuration options
2019-02-08 13:28:06 -05:00
Kyle Rankin
181c621c84
Touch /tmp/config when entering recovery mode 2019-02-08 10:25:12 -08:00
tlaurion
0cc827cea4
Merge pull request #424 from merge/master
x230: remove 4M and 8M split-images from the build
2019-02-08 13:12:07 -05:00
tlaurion
71b919cc06
Merge pull request #486 from flammit/cairo-repro
cairo: restore build reproducibility
2019-02-08 13:09:35 -05:00
Thierry Laurion
005a19eeda
properly deal with trusting keys to supress UX confusion about trusted keys
key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability.
flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump.
2019-02-08 12:38:38 -05:00
Martin Kepplinger
ae40892205 x230: use fbwhiptail and gui-init instead of generic-init
This changes Heads' bootscript for the x230 to gui-init and adds config
options needed for it. The config is very similar to the librem13v2 config.

My comparison of startup-time from a power-button press shows 2.5 seconds
more with these changes applied.

That said, the experience is smooth, the GUI is beautiful and easier to use
than the shell and text menu, especially during setup. That's what we
buy with startup time here.
2019-02-07 21:06:44 +01:00
Thierry Laurion
8dd1082808
module/pinentry: disable-pinentry-qt instead of qt5
else:
make[4]: Entering directory '/home/user/heads/build/pinentry-1.1.0/qt'
g++ -DHAVE_CONFIG_H -I. -I..  -I//include -I//include  -I.. -I../secmem  -I../pinentry -Wall -I/home/user/heads/install/usr/include -I/home/user/heads/install/usr/include/QtCore -I/home/user/heads/install/usr/include/QtGui -DQT_SHARED  -g -O2 -MT pinentrydialog.o -MD -MP -MF .deps/pinentrydialog.Tpo -c -o pinentrydialog.o pinentrydialog.cpp
In file included from pinentrydialog.cpp:24:
pinentrydialog.h:27:10: fatal error: QDialog: No such file or directory
2019-01-29 11:18:14 -05:00
Thierry Laurion
5eee5aa296
GPG2 required changes for key and trustdb generation and inclusion in rom
.ash_history: add examples to generate keys and otrust in rom
flash-gui: export otrust and import it in rom
key-init: import otrust.txt if present to supress warning about user public key being untrusted
2019-01-29 11:18:11 -05:00
Thierry Laurion
4f75da7ea7
Removing CONFIG_GPG in librem boards 2019-01-29 11:18:07 -05:00
Itay Grudev
3bc79495bb
Disabled libsecret support in the pinentry module 2019-01-29 11:16:26 -05:00
Itay Grudev
92c547c0d4
Enabled GPG2 in the Librem board config 2019-01-29 11:16:23 -05:00
Jason Andryuk
ca3a5fd2eb
Set GPG_TTY before calling gpg in key-init
gpg2 needs GPG_TTY set to function properly.  We set it in /init so it
is inherited by all children.  The call to $(tty) must be after /dev and
(preferably) /dev/pts are mounted.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
2019-01-29 11:16:19 -05:00
Thierry Laurion
75c11481f6
Port gpg1 patch to gpg2 to force crosscompiling and output to stderr. 2019-01-29 11:16:16 -05:00
Thierry Laurion
46ddc20f74
instruct gpg to use gpg-agent. 2019-01-29 11:16:13 -05:00
Thierry Laurion
fb3e2066b8
GPG_TTY is forced to /dev/console under init. Ash console is never called; trying to get console tty from the tty returns "no console". NEEDs BETTER FIX. 2019-01-29 11:15:48 -05:00