ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,192 Commits 27 Branches 6 Tags 21 MiB
f5dc5ef5cd
Commit Graph

2192 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thierry Laurion
f5dc5ef5cd
qemu boards: Put back DEBUG and TRACE on 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:35 -04:00
Thierry Laurion
584c964064
oem-factory-reset: now permits to generate in-memory key, backuped to encrypted disk without copy to card from questionnaire. Can be tested out of the box on Qemu without modification from end of wizard's reboot call, prompting for gpg_auth when in debug mode. 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:32 -04:00
Thierry Laurion
2aa9cfafb5
luks-functions: cleanup code of luks containers reported 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:29 -04:00
Thierry Laurion
4d72eb3120
oem-factory-reset: typo correction past tense 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:26 -04:00
Thierry Laurion
2a04fb5650
oem-factory-reset: RSA default should be 3072, not 3076. squash 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:22 -04:00
Thierry Laurion
a3086e9a1c
Remove TODO in code that were not relevant prior of first review 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:19 -04:00
Thierry Laurion
ad1bff6b23
oem-factory-reset: make initial questionnaire more concise 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:16 -04:00
Thierry Laurion
38fc097976
Squash: revert testing changes for RSA and unify once more USB Security dongle's usage 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:13 -04:00
Thierry Laurion
867fb8d023
RSA keygen adaptation testing with rsa 2048 in memory keygen and key to card missing pieces 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:09 -04:00
Thierry Laurion
e6eeb571b0
oem-factory-reset: simplify provisioned secret output at end of wizard, including GPG key material output passphrase (uses strings+=string) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:06 -04:00
Thierry Laurion
c3a5359a85
Squash: remove DEBUG that were TODO for removal 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:03 -04:00
Thierry Laurion
8a8634f6a3
oem-factory-reset seal-hotpkey: unify prompts and vocabulary 
oem-factory-reset: bugfix, keytocard inverts prompts. First is keyring then smartcard.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:08:00 -04:00
Thierry Laurion
7cd44b6dc4
oem-factory-reset: further cleaning of code for proper validation and consistency checks for passphrases. Also skip flashing code on qemu boards with short explanation 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:56 -04:00
Thierry Laurion
9c3fb35358
initrd/bin/reboot: BugFix in nv41/ns50 condition check to call nitropad-shutdown.sh (otherwise output error on console for improper condition in ash 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:53 -04:00
Thierry Laurion
7f5d9700b7
gpg_auth function was not failing properly on failing, die instead 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:50 -04:00
Thierry Laurion
05fc4c1747
PCR extend ops inform users on what happens, otherwise we tpm commands output on screen without context 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:47 -04:00
Thierry Laurion
9e838ad615
oem-factory-reset: make passphrases variables able to contain strings and validate things more solidly 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:43 -04:00
Thierry Laurion
56b602974b
WiP: NK3 with p256 ECC algo supported for in-memory keygen and key-to-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot. 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:40 -04:00
Thierry Laurion
2b21623bc6
qemu doc: add modify list/mount instructions to use losetup to map partitions to loop0pX and mount them to get public key 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:37 -04:00
Thierry Laurion
b2cb9b4997
.ash_history: add history command for manual detached signed integrity validation 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:34 -04:00
Thierry Laurion
cf065eeba2
bin/reboot: fix parameter order so that we pause when in DEBUG before rebooting 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:30 -04:00
Thierry Laurion
27c457f04b
TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm_password into tpm_owner_password and reusing correctly 
i
TODO: fix all TODO in PR prior of review + squash

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:27 -04:00
Thierry Laurion
729f2b17b8
WiP to be squashed: we need to refactor prompt_tpm_password which is used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:24 -04:00
Thierry Laurion
15f1d0b77a
To Squash: changes to reboot were not ash compliant 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:21 -04:00
Thierry Laurion
3fb84f0b42
WiP: Clean cached /tmp/secret/tpm_password when sealing fails, otherwise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key 
gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:17 -04:00
Thierry Laurion
911eb07565
TPM1/TPM2: unify wording for TPM Owner Password and cache it externally to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot 
TODO: Why two functions prompt_tpm_password and prompt_new_owner_password
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:14 -04:00
Thierry Laurion
754e3c9165
bin/reboot: intercept reboot call when in DEBUG mode to type 'r' to go to recovery shell instead of rebooting 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:11 -04:00
Thierry Laurion
2ea62ff17e
/etc/functions: add missing TRACE traces to get where TPM passphrase should be written to file and reused since not all in same functions/files for TPM2 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:08 -04:00
Thierry Laurion
2ae94405ad
WiP: add export CONFIG_HAVE_GPG_KEY_BACKUP=y so whiptail-tpm2 can be used with GPG key material thumb drive backup 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:04 -04:00
Thierry Laurion
88d00dfcb2
scripts: unify luks in text/prompts/messages to LUKS 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:07:01 -04:00
Thierry Laurion
2697a6ad1f
WiP: further removal of unecessary debug messages 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:58 -04:00
Thierry Laurion
1f28c71447
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:55 -04:00
Thierry Laurion
eceb97aa4d
WiP: provide proper info/warn/die messages explaining causes of errors linked to detach signing errors 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:51 -04:00
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead. 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:48 -04:00
Thierry Laurion
b1e5c638cd
WiP 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2023-11-01 10:06:45 -04:00
tlaurion
e1d972be37
Merge pull request #1517 from tlaurion/pass_debug_call_output_to_kmsg_one_line_at_a_time 
BugFix: Pass debug call output to kmsg one line at a time
 2023-10-21 14:39:08 -04:00
Thierry Laurion
139f77113c
ash_functions: make DEBUG call pass multiline messages one at a time to /tmp/debug.log and kmsg 2023-10-21 14:37:31 -04:00
tlaurion
9e55e08ac0
Merge pull request #1512 from tlaurion/update_qubes_release_signing_keys 
qubes release signing keys: move qubes-4.key to qubes-4.1.key, add qubes-4.2.key
 2023-10-18 14:11:54 -04:00
Thierry Laurion
576e2a8fff
qubes release signing keys: move qubes-4.key to qubes-4.1.key, add qubes-4.2.key 2023-10-18 13:37:22 -04:00
tlaurion
5002198bb1
Merge pull request #1510 from tlaurion/debian-11_dependencies_fix_for_openssl_module_build 
CircleCI: fix debian-11 packages dependencies (#1507)
 2023-10-17 17:56:52 -04:00
tlaurion
f78786705e
Merge pull request #1509 from tlaurion/whiptail_respect_lowercase_uppercase_choices 
newt(whiptail): fix code that was doing toupper of input
 2023-10-17 13:30:47 -04:00
Thierry Laurion
44fa663d60
CircleCI: fix debian-11 packages dependencies (#1507) 2023-10-17 09:40:57 -04:00
Thierry Laurion
498a78af57
newt(whiptail): fix code that was doing toupper of input 2023-10-11 15:47:53 -04:00
tlaurion
bd2a8eb96e
Merge pull request #1478 from tlaurion/stenghten_entropy_sources_with_jitter_and_TPM 
Have CRNG avail early on boot and maximize ligcrypt entropy sources/efficiency
 2023-10-10 14:23:47 -04:00
Thierry Laurion
9addb3b6b0
qemu board doc: add Nitrokey3NFC in md doc 2023-10-10 12:30:41 -04:00
Thierry Laurion
65e5286b5a
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console. 2023-10-10 12:28:52 -04:00
Thierry Laurion
0416896b82
etc/ash_function's warn/die/TRACE/DEBUG now output also under /dev/kmsg when DEBUG is enabled 2023-10-10 12:28:15 -04:00
Thierry Laurion
4ff955918f
x230-maximized board configs: add DEBUG/TRACE board config in comment 
Enabling DEBUG/TRACE options from board config vs from configuration menu is different.

When enabled in board config, /etc/config is from ROM, and sourced early and make TRACE/DEBUG calls appear early.
If added through configuration menu, those are /etc/config.user overrides extracted from CBFS and then sourced after combine_configs call

If for whatever reason early DEBUG is needed on a platform, enabling in board config is needed.
For runtime debugging, enabling Debug output from configuration menu is enough
 2023-10-10 12:14:36 -04:00
Thierry Laurion
84899cf631
libgcrypt module: remove disable-asm 
As on master otherwise with --disable-asm:

    config.status: executing gcrypt-conf commands

            Libgcrypt v1.10.1 has been configured as follows:

            Platform:                  GNU/Linux (x86_64-pc-linux-musl)
            Hardware detection module: none
            Enabled cipher algorithms: arcfour blowfish cast5 des aes twofish
                                       serpent rfc2268 seed camellia idea salsa20
                                       gost28147 chacha20 sm4
            Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
                                       sha256 sha512 sha3 tiger whirlpool stribog
                                       blake2 sm3
            Enabled kdf algorithms:    s2k pkdf2 scrypt
            Enabled pubkey algorithms: dsa elgamal rsa ecc
            Random number generator:   default
            Try using jitter entropy:  yes
            Using linux capabilities:  no
            FIPS module version:
            Try using Padlock crypto:  n/a
            Try using AES-NI crypto:   n/a
            Try using Intel SHAEXT:    n/a
            Try using Intel PCLMUL:    n/a
            Try using Intel SSE4.1:    n/a
            Try using DRNG (RDRAND):   n/a
            Try using Intel AVX:       n/a
            Try using Intel AVX2:      n/a
            Try using ARM NEON:        n/a
            Try using ARMv8 crypto:    n/a
            Try using PPC crypto:      n/a

By disabling --disable-asm in libgcrypt 1.10.1:

    config.status: executing gcrypt-conf commands

            Libgcrypt v1.10.1 has been configured as follows:

            Platform:                  GNU/Linux (x86_64-pc-linux-musl)
            Hardware detection module: libgcrypt_la-hwf-x86
            Enabled cipher algorithms: arcfour blowfish cast5 des aes twofish
                                       serpent rfc2268 seed camellia idea salsa20
                                       gost28147 chacha20 sm4
            Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
                                       sha256 sha512 sha3 tiger whirlpool stribog
                                       blake2 sm3
            Enabled kdf algorithms:    s2k pkdf2 scrypt
            Enabled pubkey algorithms: dsa elgamal rsa ecc
            Random number generator:   default
            Enabled digest algorithms: crc gostr3411-94 md4 md5 rmd160 sha1
                                       sha256 sha512 sha3 tiger whirlpool stribog
                                       blake2 sm3
            Enabled kdf algorithms:    s2k pkdf2 scrypt
            Enabled pubkey algorithms: dsa elgamal rsa ecc
            Random number generator:   default
            Try using jitter entropy:  yes
            Using linux capabilities:  no
            FIPS module version:
            Try using Padlock crypto:  yes
            Try using AES-NI crypto:   yes
            Try using Intel SHAEXT:    yes
            Try using Intel PCLMUL:    yes
            Try using Intel SSE4.1:    yes
            Try using DRNG (RDRAND):   yes
            Try using Intel AVX:       yes
            Try using Intel AVX2:      yes
            Try using ARM NEON:        n/a
            Try using ARMv8 crypto:    n/a
            Try using PPC crypto:      n/a

To support PPC crypto, it seems we will need yasm.
To support linux capabilities, libcap would be required as well later on. :/ another point for rng-tools (which also depends on libcap-ng)
 2023-10-10 12:06:18 -04:00
Thierry Laurion
0100f7b970
linux configs: unify CONFIG_UNIX98_PTYS=y, CONFIG_HW_RANDOM_TPM=n, # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set, CONFIG_RANDOM_TRUST_CPU=y, CONFIG_PROC_SYSCTL is not set 2023-10-10 12:03:58 -04:00