heads

mirror of https://github.com/linuxboot/heads.git synced 2025-03-14 16:26:51 +00:00

Author	SHA1	Message	Date
Thierry Laurion	351a2e2130	modules/hotp-verification: revert to 1.6, add patches tested instead Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:14:35 -05:00
Thierry Laurion	814f4fabd9	WiP: add nk3 secret app reset function and call it following security dongle reset logic Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:14:30 -05:00
Thierry Laurion	223e5041bc	WiP: bump to hotp-verification version supporting reset of secret app Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:14:24 -05:00
Thierry Laurion	a6df16ec3c	WiP initrd/bin/oem-factory-reset: add qrcode+secet output loop until user press y (end of reownership wizard secret output) Signed-off-by: Thierry Laurion <insurgo@riseup.net> works: - oem and user mode passphrase generation - qrcode missing: - unattended - luks reencryption + passphrase change for OEM mode (only input to be provided) with SINGLE passphrase when in unattended mode - same for user reownership when previously OEM reset unattended Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:14:18 -05:00
Thierry Laurion	40df08ecbc	/etc/functions:: reuse detect_boot_device instead of trying only to mount /etc/fstab existing /boot partition (otherwise early 'o' to enter oem mode of oem-factory-reset Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:14:12 -05:00
Thierry Laurion	108e6ed0b1	WiP initrd/bin/oem-factory-reset: add --mode (oem/user) skeleton Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:14:06 -05:00
Thierry Laurion	f8fdfc7b8d	WiP initrd/bin/oem-factory-reset: format unification Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:14:00 -05:00
Thierry Laurion	1da5119584	initrd/etc/functions: add generate_passphrase logic Nothing uses it for the moment, needs to be called from recovery shell: bash, source /etc/functions. generate_passphrase - parses dictionary to check how many dice rolls needed on first entry, defaults to EFF short list v2 (bigger words easier to remember, 4 dices roll instead of 5) - defaults to using initrd/etc/diceware_dictionnaries/eff_short_wordlist_2_0.txt, parametrable - make sure format of dictionary is 'digit word' and fail early otherwise: we expect EFF diceware format dictionaries - enforces max length of 256 chars, parametrable, reduces number of words to fit if not override - enforces default 3 words passphrase, parametrable - enforces captialization of first letter, lowercase parametrable - read multiple bytes from /dev/urandom to fit number of dice rolls Unrelated: uniformize format of file Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:54 -05:00
Thierry Laurion	befef09b7f	diceware: add short list v2, requiring 4 dices and providing longer words then short list v1 for easier to remember passphrases This lists comes from https://www.eff.org/files/2016/09/08/eff_short_wordlist_2_0.txt Refered in article: https://www.eff.org/dice Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:49 -05:00
Thierry Laurion	d57a120912	initrd/etc/ash_functions: add GPG Admin/User PIN output grabbing on confirm_gpg_card presence call, echo for now, warn to input GPG User PIN when asked to unlock GPG card Mitigate misunderstands and show GPG User/Admin PIN counts until proper output exists under hotp_verification info to reduce global confusion Add TODO under initrd/bin/seal-hotpkey to not foget to fix output since now outputting counter of 8 for Admin PIN which makes no sense at all under hotp_verification 1.6 https://github.com/Nitrokey/nitrokey-hotp-verification/issues/38 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:43 -05:00
Thierry Laurion	3726e9083f	initrd/bin/tmpr: silence tpm reset console output, LOG instead Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:37 -05:00
Thierry Laurion	48807de222	codebase: silence dd output while capturing output in variables when needed Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:31 -05:00
Thierry Laurion	e03a790649	init: inform user that running in quiet mode, tell user that technical information can be seen running 'cat /tmp/debug.log' from Recovery Shell Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:25 -05:00
Thierry Laurion	9cd4757e4a	init: suppress /etc/config.user not existing on grep calls Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:19 -05:00
Thierry Laurion	1f029123e9	initrd bin/* sbin/insmod + /etc/ash_functions: TPM extend operations now all passed to LOG (quiet mode doesn't show them and logs them to /tmp/debug.log) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:13 -05:00
Thierry Laurion	496d93031e	qemu-coreboot-fbwhiptail-tpm2-hotp-prod_quiet board: addition of board containing 'export CONFIG_QUIET_MODE=y' for output comparison between debug, prod and quiet mode Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:13:07 -05:00
Michał Kopeć	3f8a0df028	modules/coreboot: bump dasharo fork for FSP submodule fix Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-19 13:09:24 +01:00
Michał Kopeć	f1299c1ce7	modules/coreboot: update for HAP disable fix Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-18 14:10:30 +01:00
Thierry Laurion	1dba3e932f	CircleCI v560tu/v540tu: build atop x230-hotp-maximized workspace cache to reuse 24.02.01 coreboot buildstack, no point waiting for novacustom_nv4x_adl to be built. Gonna clear cache for next run and build clean Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-18 14:10:30 +01:00
Thierry Laurion	f45452b736	nv4x_adl/ns50 coreboot config bumped to 24.02.01 with save in old config helper Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-18 14:10:30 +01:00
Thierry Laurion	a09b64d390	v560tu/v540tu coreboot configs: add bootsplash, remove ME HAP bit to be applied by IFDTOOL to https://github.com/linuxboot/heads/pull/1846 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-18 14:10:30 +01:00
Thierry Laurion	b98492377c	v560tu/v540tu board configs: adapt FLASH_OPTIONS to not overwrite GBE region, document S3/S01x/Hibernation limitation which is lackking from https://github.com/linuxboot/heads/pull/1846 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-18 14:10:29 +01:00
Thierry Laurion	bf06be9017	config/coreboot-novacustom-v560tu.config: reuse changes proposed under https://github.com/linuxboot/heads/pull/1871 but not yet taken under https://github.com/linuxboot/heads/pull/1846 BOOTSPLASH section missing, as well as ME still enabled... Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-18 14:10:29 +01:00
Thierry Laurion	fffc3a88c4	v540tu/v560tu: remove MSRTOOL, reuse proposed changes not taken from https://github.com/linuxboot/heads/pull/1871 for https://github.com/linuxboot/heads/pull/1846 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-18 14:10:29 +01:00
Thierry Laurion	6ee05c3dce	CircleCI: Add v560tu missing into https://github.com/linuxboot/heads/pull/1846 Redoing diffs already proposed under https://github.com/linuxboot/heads/pull/1871 but not taken yet.... Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-18 14:10:29 +01:00
Thierry Laurion	fa0f90cbec	Put usage of ./docker_repro.sh (docker images with docker-ce) first	2024-12-17 11:23:30 -05:00
Michał Kopeć	602e281f2f	config/coreboot-novacustom-v5.0tu.config: add bootsplash Co-authored-by: Thierry Laurion <insurgo@riseup.net> Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-11 18:43:39 +01:00
Michał Kopeć	c516918fac	patches/coreboot-dasharo-unreleased: add back JPEG patches Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-11 18:31:30 +01:00
Michał Kopeć	7323fef604	modules/coreboot: bump for MTL S3 Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-10 18:24:47 +01:00
Michał Kopeć	b5fe89903d	config/coreboot-novacustom-v5*: set ME HAP, prefer S3 sleep Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-10 18:22:00 +01:00
Michał Kopeć	ac43d5e78b	config/coreboot-novacustom-v5*: bump version to rc2 Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-10 13:10:06 +01:00
Michał Kopeć	1d7b442668	novacustom-v560tu: sync to v540tu Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-10 12:41:39 +01:00
Michał Kopeć	5b444119ca	config/coreboot-novacustom-v540tu.config: disable serial console Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-09 16:30:16 +01:00
Michał Kopeć	6174b63a12	novacustom-v540tu: enable PR0 lockdown in SMM Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-09 16:21:45 +01:00
Michał Kopeć	bb6c83de49	modules/coreboot: add commented out patch version Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 18:13:07 +01:00
Michał Kopeć	34ee256dd2	modules/coreboot: bump dasharo fork for PRR lockdown Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 18:11:54 +01:00
Michał Kopeć	0f339496a7	Add NovaCustom V560TU as a copy of V540TU Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 13:51:55 +01:00
Michał Kopeć	ad6605d84b	config/coreboot-novacustom-v540tu.config: set version to rc1 Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 13:51:49 +01:00
Michał Kopeć	0cdba412ef	modules/coreboot: dasharo: reuse 24.02.1 toolchain Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 12:46:38 +01:00
Michał Kopeć	b6f5c6d245	modules/coreboot: update comment about Dasharo coreboot fork Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 12:46:37 +01:00
Michał Kopeć	4a3667b78c	boards/novacustom-v540tu/novacustom-v540tu.config: remove unneeded debug options Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 12:46:37 +01:00
Michał Kopeć	cf02a2914e	config/coreboot-novacustom-v540tu.config: disable debug console Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2024-12-04 12:46:37 +01:00
Thierry Laurion	059a60e43e	.circleci/config.yml nitropad-nv41 name changed -> novacustom_nv4x_adl Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-04 12:46:37 +01:00
Thierry Laurion	4394052b72	modules/linux: add Linux 6.11.9 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-04 12:46:37 +01:00
Michał Kopeć	ce2b051a48	Add NovaCustom V540TU board Co-authored-by: Michał Kopeć <michal.kopec@3mdeb.com> Co-authored-by: Thierry Laurion <insurgo@riseup.net> Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-04 12:46:35 +01:00
Thierry Laurion	99157f2291	Merge pull request #1802 from tlaurion/talos_2-kernel_version_bump_to_6.6.16 talos-2: kernel version bump to 6.6.16	2024-11-29 14:19:25 -05:00
Thierry Laurion	e31afc58b3	Merge pull request #1818 from tlaurion/pr0_skylake_and_more_recent WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other platforms/downstream forks supporting >=Skylake+	2024-11-29 13:22:21 -05:00
Sergii Dmytruk	7ca7488474	config/linux-talos-2.config: update Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-11-29 12:38:30 -05:00
Sergii Dmytruk	e97b379796	talos2: port 2 more Linux patches to 6.6.16 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-11-29 12:38:24 -05:00
Thierry Laurion	a03857d85f	talos-2 kernel 6.6.16: review needed patches and config: cbmem missing, maybe some more patches needs porting Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-11-29 12:38:18 -05:00

1 2 3 4 5 ...

2948 Commits