GPG User Authentication: In-memory gpg keygen + keytocard and GPG key material backup enabling (plus a lot of code cleanup and UX improvements) #1515

Signed-off-by: Thierry Laurion <[email protected]>

…up exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead. Signed-off-by: Thierry Laurion <[email protected]>

…s linked to detach signing errors Signed-off-by: Thierry Laurion <[email protected]>

…not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…used with GPG key material thumb drive backup Signed-off-by: Thierry Laurion <[email protected]>

…should be written to file and reused since not all in same functions/files for TPM2 Signed-off-by: Thierry Laurion <[email protected]>

…o to recovery shell instead of rebooting Signed-off-by: Thierry Laurion <[email protected]>

…ly to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot TODO: Why two functions prompt_tpm_password and prompt_new_owner_password Signed-off-by: Thierry Laurion <[email protected]>

…ise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails Signed-off-by: Thierry Laurion <[email protected]>

…_password into tpm_owner_password and reusing correctly i TODO: fix all TODO in PR prior of review + squash Signed-off-by: Thierry Laurion <[email protected]>

… rebooting Signed-off-by: Thierry Laurion <[email protected]>

…y validation Signed-off-by: Thierry Laurion <[email protected]>

…rtitions to loop0pX and mount them to get public key Signed-off-by: Thierry Laurion <[email protected]>

…-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot. Signed-off-by: Thierry Laurion <[email protected]>

… and validate things more solidly Signed-off-by: Thierry Laurion <[email protected]>

…s output on screen without context Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…ad-shutdown.sh (otherwise output error on console for improper condition in ash Signed-off-by: Thierry Laurion <[email protected]>

… consistency checks for passphrases. Also skip flashing code on qemu boards with short explanation Signed-off-by: Thierry Laurion <[email protected]>

oem-factory-reset: bugfix, keytocard inverts prompts. First is keyring then smartcard. Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…d, including GPG key material output passphrase (uses strings+=string) Signed-off-by: Thierry Laurion <[email protected]>

…to card missing pieces Signed-off-by: Thierry Laurion <[email protected]>

…ty dongle's usage Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

… encrypted disk without copy to card from questionnaire. Can be tested out of the box on Qemu without modification from end of wizard's reboot call, prompting for gpg_auth when in debug mode. Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…op to force successful authentication Signed-off-by: Thierry Laurion <[email protected]>

…ers when no backup/when having only in-memory keygen backup without smartcard. Signed-off-by: Thierry Laurion <[email protected]>

…ot cut in the middle Signed-off-by: Thierry Laurion <[email protected]>

…ped when recovery shell is accessed. If you want to see those, use qemu and have main console launching qemu under recovery shell prior of doing ops you want to see /tmp/secret/ artifacts before being deleted. We still have pcap under /tmp which is as expected Signed-off-by: Thierry Laurion <[email protected]>

…r_password if already created by seal functions or itself. Sealing ops not being able to reuse the file shred it (kexec-seal-key and seal-totp) Signed-off-by: Thierry Laurion <[email protected]>

…> USB Security Dongle's smartcard Signed-off-by: Thierry Laurion <[email protected]>

…y material backup and enable GPG Authentication Signed-off-by: Thierry Laurion <[email protected]>

…increment fails. Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…rd if creating counter fails with cached tpm owner password so prompt_tpm_owner_password asks for it again on next run Signed-off-by: Thierry Laurion <[email protected]>

…_seal/tpm2_seal or check_tpm_counter fails to seal as first step to possible refactor Signed-off-by: Thierry Laurion <[email protected]>

…sword to tpmr calls directly Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

… of wiping /tmp/secret/tpm_owner_password if invalid Signed-off-by: Thierry Laurion <[email protected]>

…with configuring keywords. Tweak oem-factory-reset flow and questionnaire. Now first prompt is to ask if user wants to go advanced or use defaults. Signed-off-by: Thierry Laurion <[email protected]>

…lean_boot_check Signed-off-by: Thierry Laurion <[email protected]>

…ctory-reset can be called early at boot without /boot previously mounted. Also fix logic so that GPG User PIN is showed as configured when keytocard or smartcard only is configured. Signed-off-by: Thierry Laurion <[email protected]>

… for OEM provisioning of secret prior of shipping products, once OS is installed and after MRC training happened on first boot. Signed-off-by: Thierry Laurion <[email protected]>

…CR 4 is extended Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…mpty Signed-off-by: Thierry Laurion <[email protected]>

…m_owner_password (done when sealing fails under tpmr) - document why shred is still called under functions:check_tpm_counter for safety and add TODO there Signed-off-by: Thierry Laurion <[email protected]>

…S=y and checks for it; the default of oem-factory-reset is now to propose user to use defaults first for simplicity of most common use case without allianating advanced users which can simply not accept the default and answer questionnaire Signed-off-by: Thierry Laurion <[email protected]>

Prompt for TPM owner password internally within tpm2_counter_create. Add tpm1_counter_create to prompt for password internally. Wipe the cache in either if the operation fails, in case the password was incorrect. Signed-off-by: Jonathon Hall <[email protected]>

…DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements. Signed-off-by: Thierry Laurion <[email protected]>

Signed-off-by: Thierry Laurion <[email protected]>

…nerating keys on smartcard without backup, not a wanring anymore Signed-off-by: Thierry Laurion <[email protected]>

…logic. Also move USB Security dongle capability detection under code already checking for USB Security Dongle's smartcard presence. Signed-off-by: Thierry Laurion <[email protected]>

config/linux-librem_common-6.1.8.config: passed to oldconfig format through 'make BOARD=librem_14 linux.modify_and_save_oldconfig_in_place' Signed-off-by: Thierry Laurion <[email protected]>

…storage size and loop until none is connected to exit loop. Warn user if connected usb block device is less then 128mb, since creating LUKS container of less then 8mb might cause issues. Signed-off-by: Thierry Laurion <[email protected]>

Combine prompt to disconnect other devices with prompt to connect the desired device. Show block device sizes in MB/GB when selecting device so it is easier to select. file_selector now supports --show-size to include block device sizes in menu. Rework file_selector so menu options can contain spaces (use bash array) and to simplify logic. Prompt to select flash drive and LUKS percentage in OEM reset before actually taking any actions, so aborting doesn't half-reset the system. Abort OEM reset if user aborts the flash drive selection instead of looping forever. (Canceling the confirmation still loops to retry but it is possible to exit by aborting the repeated menu.) Signed-off-by: Jonathon Hall <[email protected]>

Move confirmation of formatting flash drive with LUKS percentage selection before any reset actions have been taken, so aborting does not result in a half-reset system. Combine with the more basic "confirm" prompt that existed after selecting the device (but did not include the LUKS size information). Split up prepare_flash_drive into interactive_prepare_flash_drive (both prompts and formats as before), confirm_thumb_drive_format (just confirms the selections), and prepare_thumb_drive (now noninteractive). Signed-off-by: Jonathon Hall <[email protected]>

Don't repeat this message if the user says "no" to the confirmation prompt. Go directly to the menu. Signed-off-by: Jonathon Hall <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GPG User Authentication: In-memory gpg keygen + keytocard and GPG key material backup enabling (plus a lot of code cleanup and UX improvements) #1515

GPG User Authentication: In-memory gpg keygen + keytocard and GPG key material backup enabling (plus a lot of code cleanup and UX improvements) #1515

Commits on Nov 1, 2023

Commits on Nov 2, 2023

Commits on Nov 3, 2023

Commits on Nov 6, 2023

Commits on Nov 7, 2023

Commits on Nov 9, 2023

Commits on Nov 13, 2023