ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 12:46:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Commit Graph

  • d0950dc48d
         Merge d8bde03ba3 into fa0f90cbec #1606 TrustExecutor 2024-12-17 13:35:44 -0500
  • f39bbc244f
         Merge 7bf492e777 into fa0f90cbec #1683 Thierry Laurion 2024-12-17 13:35:44 -0500
  • a28f6379b9
         Merge de5cc49366 into fa0f90cbec #1804 Thierry Laurion 2024-12-17 13:35:44 -0500
  • de7c8c2129
         Merge a9a1b208d4 into fa0f90cbec #1816 Antoine Luciani 2024-12-17 13:35:44 -0500
  • 91c98d2a10
         Merge 4b4ac60240 into fa0f90cbec #1850 Thierry Laurion 2024-12-17 13:35:44 -0500
  • 434f2521f2
         Merge ef30271618 into fa0f90cbec #1863 Thierry Laurion 2024-12-17 13:35:44 -0500
  • 4f31a25997
         Merge eee1d53b1b into fa0f90cbec #1870 Thierry Laurion 2024-12-17 13:35:44 -0500
  • efa05f2d57
         Merge ace2947f25 into fa0f90cbec #1019 Siproqu 2024-12-17 13:35:43 -0500
  • e2cbf8848c
         Merge 15b5be6c9d into fa0f90cbec #1191 Cody Ho 2024-12-17 13:35:43 -0500
  • a266b2f6df
         Merge 1d83f7bdce into fa0f90cbec #521 Francis Lam 2024-12-17 13:35:43 -0500
  • b83bbaab37
         Merge bd0871b683 into fa0f90cbec #1875 Thierry Laurion 2024-12-17 13:35:33 -0500
  • e85f96cef3
         Merge 602e281f2f into fa0f90cbec #1846 Michał Kopeć 2024-12-17 11:32:55 -0500
  • ca25dbcc9a
         Merge fe23df6ae3 into fa0f90cbec #1876 Thierry Laurion 2024-12-17 11:31:56 -0500
  • fa0f90cbec
         Put usage of ./docker_repro.sh (docker images with docker-ce) first master Thierry Laurion 2024-12-17 11:23:30 -0500
  • bd0871b683
         kexec-select-boot+kexec-save-default: Quiet mode; remove last rollback counters printed to console #1875 Thierry Laurion 2024-12-16 17:47:25 -0500
  • 81c6b00e9b
         seal-totp: contextualize qr code output for manual input of those without qr scanner app in mobile phone Thierry Laurion 2024-12-16 16:47:06 -0500
  • ce9da989b4
         init: some more comments in code per review Thierry Laurion 2024-12-16 16:39:12 -0500
  • 82059b896e
         DEBUG: inform that output will be both in dmesg and on console from where that measure is enforced in code Thierry Laurion 2024-12-16 16:27:49 -0500
  • f2d801ef01
         init+cbfs-init: refactor and explain why quiet mode cannot suppress measurements of cbfs-init extracted+measured TPM stuff if not in board config Thierry Laurion 2024-12-16 13:28:34 -0500
  • c7986fdc2f
         Deprecate ash in favor of bash shell; /etc/ash_functions: move /etc/ash_functions under /etc/functions, replace TRACE calls by TRACE_FUNC, remove xx30-flash.init Thierry Laurion 2024-12-16 11:46:37 -0500
  • 72fbf94523
         config-gui.sh: Add quiet mode toggle, which turns off debug+tracing if enabled, and where enabling debug+tracing disables Quiet mode Thierry Laurion 2024-12-15 20:41:08 -0500
  • 3a04195b40
         hot-verification: bump to 1.7+ unrelease patchset https://github.com/Nitrokey/nitrokey-hotp-verification/pull/51 Thierry Laurion 2024-12-13 17:20:52 -0500
  • f5184d6810
         WiP: staging changes, refusing to fight against tools helping me, formatting changed. sign after tpm-reset now to work around primary handle issue. Thierry Laurion 2024-12-13 16:56:05 -0500
  • 2fe7cd095e
         WiP: staging changes, warn loud and clear of weak security posture by using weak OEM defaults provisioned secrets Thierry Laurion 2024-12-13 15:50:05 -0500
  • b8fcddc730
         WiP: staging changes, no more tpm output. Next warn /boot changed because htop counter and primary handle until removed outside of this PR Thierry Laurion 2024-12-13 14:50:24 -0500
  • 89349dbea0
         Turn some info on default boot into LOGged info, LOG might go out forever if not pertinent to most? Thierry Laurion 2024-12-12 18:44:51 -0500
  • 23462aa59d
         WiP: staging changes Thierry Laurion 2024-12-12 17:03:47 -0500
  • 68923b91b1
         Bump hotp-verification to version 1.7, remove patches: contains info fixes and reset fixes so that oem-factory-reset can reset secrets app PIN Thierry Laurion 2024-12-12 16:34:21 -0500
  • 41082716ee
         WiP: staging changes Thierry Laurion 2024-12-10 17:12:47 -0500
  • fe23df6ae3
         CircleCI v560tu/v540tu: build atop x230-hotp-maximized workspace cache to reuse 24.02.01 coreboot buildstack, no point waiting for novacustom_nv4x_adl to be built. Gonna clear cache for next run and build clean #1876 Thierry Laurion 2024-12-11 15:55:09 -0500
  • 133d1cdd5c
         nv4x_adl/ns50 coreboot config bumped to 24.02.01 with save in old config helper Thierry Laurion 2024-12-11 13:50:41 -0500
  • 11a118d6c1
         patches/coreboot-dasharo-unreleased: add back JPEG patches Michał Kopeć 2024-12-11 18:31:11 +0100
  • 602e281f2f
         config/coreboot-novacustom-v5.0tu.config: add bootsplash #1846 Michał Kopeć 2024-12-11 18:43:36 +0100
  • c516918fac
         patches/coreboot-dasharo-unreleased: add back JPEG patches Michał Kopeć 2024-12-11 18:31:11 +0100
  • 44871a483d
         v560tu/v540tu coreboot configs: add bootsplash, remove ME HAP bit to be applied by IFDTOOL to https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-11 11:05:43 -0500
  • b65b45a2f7
         v560tu/v540tu board configs: adapt FLASH_OPTIONS to not overwrite GBE region, document S3/S01x/Hibernation limitation which is lackking from https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 19:24:56 -0500
  • 294c4d5096
         config/coreboot-novacustom-v560tu.config: reuse changes proposed under https://github.com/linuxboot/heads/pull/1871 but not yet taken under https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:57:06 -0500
  • 698222cae3
         v540tu/v560tu: remove MSRTOOL, reuse proposed changes not taken from https://github.com/linuxboot/heads/pull/1871 for https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:55:46 -0500
  • 30951a7934
         CircleCI: Add v560tu missing into https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:46:58 -0500
  • 4199bd8e25
         WiP: staging changes (TPM1 regression fixes for LOG/DEBUG on quiet mode) Thierry Laurion 2024-12-10 14:50:52 -0500
  • c14a3ad4db
         WiP: staging changes including https://github.com/linuxboot/heads/pull/1850 https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 and https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 Thierry Laurion 2024-12-09 12:48:16 -0500
  • 7323fef604
         modules/coreboot: bump for MTL S3 Michał Kopeć 2024-12-10 18:24:47 +0100
  • b5fe89903d
         config/coreboot-novacustom-v5*: set ME HAP, prefer S3 sleep Michał Kopeć 2024-12-10 18:22:00 +0100
  • ac43d5e78b
         config/coreboot-novacustom-v5*: bump version to rc2 Michał Kopeć 2024-12-10 13:10:06 +0100
  • 1d7b442668
         novacustom-v560tu: sync to v540tu Michał Kopeć 2024-12-10 12:41:39 +0100
  • ef30271618
         initrd/bin/oem-factory-reset: fix tpmr counter output on screen, output of gpg on screen and safeguard PIN that would be word splitted #1863 Thierry Laurion 2024-12-09 13:44:57 -0500
  • 4ec37e7bbb
         initrd/bin/kexec-sign-config: safeguard ops between remounting /boot rw/ro Thierry Laurion 2024-12-09 13:42:58 -0500
  • 38b3db451f
         initrd/bin/tmpr: silence unneeded output for tpm related operations Thierry Laurion 2024-12-09 13:40:17 -0500
  • 385c99f2fc
         SQUASH codebase: silence dd output while capturing output in variables when needed Thierry Laurion 2024-12-09 13:38:28 -0500
  • 5b444119ca
         config/coreboot-novacustom-v540tu.config: disable serial console Michał Kopeć 2024-12-09 16:30:16 +0100
  • 6174b63a12
         novacustom-v540tu: enable PR0 lockdown in SMM Michał Kopeć 2024-12-09 16:21:45 +0100
  • 0166533b47
         Merge remote-tracking branch 'tlaurion-github/generate_passphrase-reownership_qr_code' into introduce_quiet_mode-diceware_STAGING Thierry Laurion 2024-12-07 12:46:44 -0500
  • 4b4ac60240
         patches/hotp-verification-*/46.patch : readd https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 so that this PR can be tested and reviewed from OEM Factory Reset/User Re-Ownership perspective (PR 43 not in which fixes hotp_verification info, needed to reuse default PINs under seal-hotp if pubkey age <1 month and if Secret app PIN/GPG Admin PIN count >=3 ) #1850 Thierry Laurion 2024-12-07 11:12:38 -0500
  • 86a61586b5
         oem-factory-reset: Stop adding leading blank lines in 'passphrases' msg Jonathon Hall 2024-12-06 16:26:41 -0500
  • c00c036c01
         functions: Simplify dictionary word selection Jonathon Hall 2024-12-06 16:24:20 -0500
  • 7051fc8785
         functions: Fix spelling of 'dictionaries' Jonathon Hall 2024-12-06 16:22:52 -0500
  • 6591f267e6
         hotp-verification: removed patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346 directory: waiting for https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 and https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 to be merged to change modules/hotp-verification commit Thierry Laurion 2024-12-06 11:36:50 -0500
  • d142f76202
         oem-factory-reset+seal-hotp nk3 hotp-verification info adaptations Thierry Laurion 2024-12-06 09:48:28 -0500
  • e73bb05557
         hotp-verification patches: Use https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 instead of https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 for hotp-verification info parsing and validation of oem-factory-reset and seal-hotp Thierry Laurion 2024-12-06 10:50:59 -0500
  • 295935f311
         WiP seal-hotp: customize message to be GPG Admin PIN or Secure App PIN Thierry Laurion 2024-12-05 16:48:32 -0500
  • 835b7acfcb
         kexec-sign-config: mount rw, write things to /boot, mount ro after Thierry Laurion 2024-12-05 16:08:34 -0500
  • 444ff3ee37
         oem-factory-reset: reset nk3 secure app PIN early since we need physical presence, put nk3 secure APP PIN after TPM but before GPG PINS in output for consistency Thierry Laurion 2024-12-05 14:37:48 -0500
  • e43626016a
         oem-factory-reset: set title_text accordingly to mode, either 'OEM Factory Reset Mode', 'Re-Ownership Mode' or 'OEM Factory Reset / Re-Ownership' Thierry Laurion 2024-12-05 14:25:22 -0500
  • 91704d0c0a
         oem-factory-reset: fix Secure App wording, prevent word globbing, warn that physical presence is needed Thierry Laurion 2024-12-05 13:55:39 -0500
  • 85dfaf9ac2
         oem-factory-reset: if nk3, also display Secure App PIN = GPG Admin PIN as text and in Qr code Thierry Laurion 2024-12-05 13:46:25 -0500
  • b760e636fd
         oem-factory-reset: don't set user re-ownership by default for now: use current defaults being DEF pins (12345678 and 123456 as master) Thierry Laurion 2024-12-05 13:42:11 -0500
  • 9623053da5
         modules/hotp-verification: 1.6, removing patch pr43, only keeping 46 for this PR (43 conflicts when applied atop 46. 46 is needed here) Thierry Laurion 2024-12-05 13:32:23 -0500
  • b550151d54
         oem-factory-reset: add reset secure app PIN = ADMIN_PIN at reownership, make sure defaults are set for all modes, including default which uses current defaults being DEF pins (12345678 and 123456 as master) Thierry Laurion 2024-12-05 13:23:37 -0500
  • a9d3d96ec1
         modules/hotp-verification: revert to 1.6, add patches tested instead Thierry Laurion 2024-12-05 13:21:34 -0500
  • c4832eed0e
         WiP: add nk3 secret app reset function and call it following security dongle reset logic Thierry Laurion 2024-11-28 16:57:26 -0500
  • 1e0df1f597
         WiP: bump to hotp-verification version supporting reset of secret app Thierry Laurion 2024-11-28 16:39:02 -0500
  • 89d15fb57c
         WiP initrd/bin/oem-factory-reset: add qrcode+secet output loop until user press y (end of reownership wizard secret output) Thierry Laurion 2024-11-17 17:37:30 -0500
  • 18c066f697
         /etc/functions:: reuse detect_boot_device instead of trying only to mount /etc/fstab existing /boot partition (otherwise early 'o' to enter oem mode of oem-factory-reset Thierry Laurion 2024-11-17 17:36:21 -0500
  • 439f3eceb9
         WiP initrd/bin/oem-factory-reset: add --mode (oem/user) skeleton Thierry Laurion 2024-11-17 14:07:10 -0500
  • 6eac70a319
         WiP initrd/bin/oem-factory-reset: format unification Thierry Laurion 2024-11-17 14:02:35 -0500
  • 81293c9c7e
         initrd/etc/functions: add generate_passphrase logic Thierry Laurion 2024-11-15 13:25:43 -0500
  • c5bc76dd1c
         diceware: add short list v2, requiring 4 dices and providing longer words then short list v1 for easier to remember passphrases Thierry Laurion 2024-11-15 15:46:51 -0500
  • b78c1745f9
         novacustom-v540tu/novacustom-v560tu: add s3 preferred, bootsplash, disabling ME, saved in oldconfig #1871 Thierry Laurion 2024-12-04 13:41:27 -0500
  • f4175e891f
         novacustom_nvx_adl/mitropad-ns50: save coreboot configs in oldconfig with helper Thierry Laurion 2024-12-04 13:34:36 -0500
  • b70cb81809
         novacustom-v540tu/novacustom-v560tu: save coreboot configs in oldconfig with helper, adding some missing PR0 settings Thierry Laurion 2024-12-04 13:21:43 -0500
  • 341d5e4ed9
         novacustom-v540tu/novacustom-v560tu: add board and coreboot config support for PRR/PR0 Thierry Laurion 2024-12-04 13:17:00 -0500
  • a3732cb296
         .circleci/config.yml: build v560TU, reusing novacustom_nv4x_adl cache (might not show much more gain then if based on x230-hotp-maximized) Thierry Laurion 2024-12-04 09:51:56 -0500
  • f1a9f5c657
         .circleci/config.yml: have novacustom_nv4x_adl depend on x230-hotp-maximized to reuse coreboot 24.02.01 utils/crossgcc buildstack build for x230-hotp-maximized to skip rebuilding buildstack for novacustom boards Thierry Laurion 2024-12-04 09:48:36 -0500
  • bb6c83de49
         modules/coreboot: add commented out patch version Michał Kopeć 2024-12-04 18:13:07 +0100
  • 34ee256dd2
         modules/coreboot: bump dasharo fork for PRR lockdown Michał Kopeć 2024-12-04 18:11:54 +0100
  • 0f339496a7
         Add NovaCustom V560TU Michał Kopeć 2024-11-29 19:20:59 +0100
  • ad6605d84b
         config/coreboot-novacustom-v540tu.config: set version to rc1 Michał Kopeć 2024-11-29 19:20:30 +0100
  • 0cdba412ef
         modules/coreboot: dasharo: reuse 24.02.1 toolchain Michał Kopeć 2024-12-02 12:22:11 +0100
  • b6f5c6d245
         modules/coreboot: update comment about Dasharo coreboot fork Michał Kopeć 2024-11-29 18:50:45 +0100
  • 4a3667b78c
         boards/novacustom-v540tu/novacustom-v540tu.config: remove unneeded debug options Michał Kopeć 2024-11-28 17:08:33 +0100
  • cf02a2914e
         config/coreboot-novacustom-v540tu.config: disable debug console Michał Kopeć 2024-11-28 17:07:59 +0100
  • 059a60e43e
         .circleci/config.yml nitropad-nv41 name changed -> novacustom_nv4x_adl Thierry Laurion 2024-11-22 12:24:17 -0500
  • 4394052b72
         modules/linux: add Linux 6.11.9 Thierry Laurion 2024-11-22 11:36:08 -0500
  • ce2b051a48
         Add NovaCustom V540TU board Michał Kopeć 2024-11-14 12:16:36 +0100
  • ae97467de9
         initrd/etc/ash_functions: add GPG Admin/User PIN output grabbing on confirm_gpg_card presence call, echo for now, warn to input GPG User PIN when asked to unlock GPG card Thierry Laurion 2024-12-03 12:48:32 -0500
  • c8fe99466b
         initrd/bin/tmpr: silence tpm reset console output, LOG instead Thierry Laurion 2024-12-03 12:20:21 -0500
  • 69bac71954
         codebase: silence dd output while capturing output in variables when needed Thierry Laurion 2024-12-03 11:22:03 -0500
  • a450dba902
         init: inform user that running in quiet mode, tell user that technical information can be seen running 'cat /tmp/debug.log' from Recovery Shell Thierry Laurion 2024-11-27 13:27:13 -0500
  • e44c3017d3
         init: suppress /etc/config.user not existing on grep calls Thierry Laurion 2024-11-27 13:17:56 -0500
  • 8594f3af51
         initrd bin/* sbin/insmod + /etc/ash_functions: TPM extend operations now all passed to LOG (quiet mode doesn't show them and logs them to /tmp/debug.log) Thierry Laurion 2024-11-27 10:38:37 -0500