heads

mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00

Author	SHA1	Message	Date
Thierry Laurion	923b4e1fe9	ash_functions:confirm_gpg_card: loop gpg_admin_pin prompt until non-empty Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-06 10:06:19 -05:00
Thierry Laurion	8d7efa021d	media-scan: die if gpg_auth fails (should loop and never exit anyway) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-06 10:04:51 -05:00
Thierry Laurion	bfc877c49c	kexec-select-boot/kexec-insert-key: add info message explaining why PCR 4 is extended Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-06 10:03:14 -05:00
Thierry Laurion	504f0336ac	init: add early boot 'o' option to jump directly to oem-factory-reset for OEM provisioning of secret prior of shipping products, once OS is installed and after MRC training happened on first boot. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 16:41:36 -04:00
Thierry Laurion	eee913d8d2	oem-factory-reset: add rudimentary mount_boot function so that oem-factory-reset can be called early at boot without /boot previously mounted. Also fix logic so that GPG User PIN is showed as configured when keytocard or smartcard only is configured. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 16:41:33 -04:00
Thierry Laurion	c064b78ef6	gui-init: fix TRACE: clean_check_boot stating mount_boot instead of clean_boot_check Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 16:41:30 -04:00
Thierry Laurion	4e10740453	oem-factory-reset/ash_functions/luks-functions: replace provisioning with configuring keywords. Tweak oem-factory-reset flow and questionnaire. Now first prompt is to ask if user wants to go advanced or use defaults. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 16:41:27 -04:00
Thierry Laurion	cd3ce6999c	tpmr/kexec-seal-key/functions: end refactoring of tpmr being in carge of wiping /tmp/secret/tpm_owner_password if invalid Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 13:53:47 -04:00
Thierry Laurion	afb817ca48	tpmr: give users better error/DEBUG messages in regard of TPM errors Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 11:07:36 -04:00
Thierry Laurion	84374dfbcd	kexec-seal-key/seal-totp/tpmr/functions: move wiping of tpm_owner_password to tpmr calls directly Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 10:54:16 -04:00
Thierry Laurion	e2985d386e	seal-totp/tpmr: differenciate die messages to show which between tpm1_seal/tpm2_seal or check_tpm_counter fails to seal as first step to possible refactor Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 10:15:52 -04:00
Thierry Laurion	51caab8ea4	functions: check_tpm_counter; add shred call to wipe tpm_owner_password if creating counter fails with cached tpm owner password so prompt_tpm_owner_password asks for it again on next run Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 10:10:05 -04:00
Thierry Laurion	9523b4fee2	unseal-totp: fix indentation Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-03 09:31:44 -04:00
Thierry Laurion	6d7f9be414	TPM2: add DEBUG and fix path for TPM2 primary key handle hash. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-02 14:17:52 -04:00
Thierry Laurion	19c5d16e40	functions: guide user torward resetting TPM more directly if counter_increment fails. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-02 12:58:19 -04:00
Thierry Laurion	644a59ab60	oem-factory-reset: simplify first question for users to have a GPG key material backup and enable GPG Authentication Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-02 12:55:05 -04:00
Thierry Laurion	85266452fa	oem-factory-reset ash_functions: fix USB Security Dongle' smartcard -> USB Security Dongle's smartcard Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-02 12:54:39 -04:00
Thierry Laurion	48c446cd7d	functions: prompt_tpm_owner_password only reuses /tmp/secret/tpm_owner_password if already created by seal functions or itself. Sealing ops not being able to reuse the file shred it (kexec-seal-key and seal-totp) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-02 11:45:05 -04:00
Thierry Laurion	921acd0f6f	tpmr: move TPM2 related secrets artifacts to /tmp/secret to be autowiped when recovery shell is accessed. If you want to see those, use qemu and have main console launching qemu under recovery shell prior of doing ops you want to see /tmp/secret/ artifacts before being deleted. We still have pcap under /tmp which is as expected Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-02 11:45:02 -04:00
Thierry Laurion	af3287c001	luks_functions: fix width of whiptail messages with newlines so its not cut in the middle Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 15:07:36 -04:00
Thierry Laurion	2942d660de	oem-factory-reset: prmompt only for GPG User PIN when needed, warn users when no backup/when having only in-memory keygen backup without smartcard. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 14:27:22 -04:00
Thierry Laurion	c2c32c425b	ash_functions: have gpg_auth calls to confirm_gpg_card in subshell loop to force successful authentication Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 14:27:19 -04:00
tlaurion	bd0ebc4975	Create FUNDING.yml Refer tlaurion for github sponsor and Insurgo for Insurgo Initiative at OpenCollective	2023-11-01 10:48:34 -04:00
Thierry Laurion	f5dc5ef5cd	qemu boards: Put back DEBUG and TRACE on Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:35 -04:00
Thierry Laurion	584c964064	oem-factory-reset: now permits to generate in-memory key, backuped to encrypted disk without copy to card from questionnaire. Can be tested out of the box on Qemu without modification from end of wizard's reboot call, prompting for gpg_auth when in debug mode. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:32 -04:00
Thierry Laurion	2aa9cfafb5	luks-functions: cleanup code of luks containers reported Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:29 -04:00
Thierry Laurion	4d72eb3120	oem-factory-reset: typo correction past tense Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:26 -04:00
Thierry Laurion	2a04fb5650	oem-factory-reset: RSA default should be 3072, not 3076. squash Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:22 -04:00
Thierry Laurion	a3086e9a1c	Remove TODO in code that were not relevant prior of first review Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:19 -04:00
Thierry Laurion	ad1bff6b23	oem-factory-reset: make initial questionnaire more concise Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:16 -04:00
Thierry Laurion	38fc097976	Squash: revert testing changes for RSA and unify once more USB Security dongle's usage Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:13 -04:00
Thierry Laurion	867fb8d023	RSA keygen adaptation testing with rsa 2048 in memory keygen and key to card missing pieces Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:09 -04:00
Thierry Laurion	e6eeb571b0	oem-factory-reset: simplify provisioned secret output at end of wizard, including GPG key material output passphrase (uses strings+=string) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:06 -04:00
Thierry Laurion	c3a5359a85	Squash: remove DEBUG that were TODO for removal Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:03 -04:00
Thierry Laurion	8a8634f6a3	oem-factory-reset seal-hotpkey: unify prompts and vocabulary oem-factory-reset: bugfix, keytocard inverts prompts. First is keyring then smartcard. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:08:00 -04:00
Thierry Laurion	7cd44b6dc4	oem-factory-reset: further cleaning of code for proper validation and consistency checks for passphrases. Also skip flashing code on qemu boards with short explanation Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:56 -04:00
Thierry Laurion	9c3fb35358	initrd/bin/reboot: BugFix in nv41/ns50 condition check to call nitropad-shutdown.sh (otherwise output error on console for improper condition in ash Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:53 -04:00
Thierry Laurion	7f5d9700b7	gpg_auth function was not failing properly on failing, die instead Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:50 -04:00
Thierry Laurion	05fc4c1747	PCR extend ops inform users on what happens, otherwise we tpm commands output on screen without context Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:47 -04:00
Thierry Laurion	9e838ad615	oem-factory-reset: make passphrases variables able to contain strings and validate things more solidly Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:43 -04:00
Thierry Laurion	56b602974b	WiP: NK3 with p256 ECC algo supported for in-memory keygen and key-to-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:40 -04:00
Thierry Laurion	2b21623bc6	qemu doc: add modify list/mount instructions to use losetup to map partitions to loop0pX and mount them to get public key Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:37 -04:00
Thierry Laurion	b2cb9b4997	.ash_history: add history command for manual detached signed integrity validation Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:34 -04:00
Thierry Laurion	cf065eeba2	bin/reboot: fix parameter order so that we pause when in DEBUG before rebooting Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:30 -04:00
Thierry Laurion	27c457f04b	TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm_password into tpm_owner_password and reusing correctly i TODO: fix all TODO in PR prior of review + squash Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:27 -04:00
Thierry Laurion	729f2b17b8	WiP to be squashed: we need to refactor prompt_tpm_password which is used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:24 -04:00
Thierry Laurion	15f1d0b77a	To Squash: changes to reboot were not ash compliant Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:21 -04:00
Thierry Laurion	3fb84f0b42	WiP: Clean cached /tmp/secret/tpm_password when sealing fails, otherwise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:17 -04:00
Thierry Laurion	911eb07565	TPM1/TPM2: unify wording for TPM Owner Password and cache it externally to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot TODO: Why two functions prompt_tpm_password and prompt_new_owner_password Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:14 -04:00
Thierry Laurion	754e3c9165	bin/reboot: intercept reboot call when in DEBUG mode to type 'r' to go to recovery shell instead of rebooting Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2023-11-01 10:07:11 -04:00

... 2 3 4 5 6 ...

2380 Commits