-
-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG User Authentication: In-memory gpg keygen + keytocard and GPG key material backup enabling (plus a lot of code cleanup and UX improvements) #1515
GPG User Authentication: In-memory gpg keygen + keytocard and GPG key material backup enabling (plus a lot of code cleanup and UX improvements) #1515
Commits on Nov 1, 2023
-
Configuration menu - View commit details
-
Copy full SHA for b1e5c63 - Browse repository at this point
Copy the full SHA b1e5c63View commit details -
Wip: now supports both backup and copy to card and gpg_auth when back…
…up exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2c55338 - Browse repository at this point
Copy the full SHA 2c55338View commit details -
WiP: provide proper info/warn/die messages explaining causes of error…
…s linked to detach signing errors Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for eceb97a - Browse repository at this point
Copy the full SHA eceb97aView commit details -
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or …
…not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1f28c71 - Browse repository at this point
Copy the full SHA 1f28c71View commit details -
WiP: further removal of unecessary debug messages
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2697a6a - Browse repository at this point
Copy the full SHA 2697a6aView commit details -
scripts: unify luks in text/prompts/messages to LUKS
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 88d00df - Browse repository at this point
Copy the full SHA 88d00dfView commit details -
WiP: add export CONFIG_HAVE_GPG_KEY_BACKUP=y so whiptail-tpm2 can be …
…used with GPG key material thumb drive backup Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2ae9440 - Browse repository at this point
Copy the full SHA 2ae9440View commit details -
/etc/functions: add missing TRACE traces to get where TPM passphrase …
…should be written to file and reused since not all in same functions/files for TPM2 Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2ea62ff - Browse repository at this point
Copy the full SHA 2ea62ffView commit details -
bin/reboot: intercept reboot call when in DEBUG mode to type 'r' to g…
…o to recovery shell instead of rebooting Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 754e3c9 - Browse repository at this point
Copy the full SHA 754e3c9View commit details -
TPM1/TPM2: unify wording for TPM Owner Password and cache it external…
…ly to /tmp/secret/tpm_password to be reused in a boot session until recovery shell access or reboot TODO: Why two functions prompt_tpm_password and prompt_new_owner_password Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 911eb07 - Browse repository at this point
Copy the full SHA 911eb07View commit details -
WiP: Clean cached /tmp/secret/tpm_password when sealing fails, otherw…
…ise reuse it on TPM Reset/TOTP+HOTP Sealing once for TPM1/TPM2+TPM Disk Unlock Key gui-init: make sure that reseal_tpm_disk_decryption_key happens only on successful TOTP/HOTP sealing, reusing cached TPM Owner password Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3fb84f0 - Browse repository at this point
Copy the full SHA 3fb84f0View commit details -
To Squash: changes to reboot were not ash compliant
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 15f1d0b - Browse repository at this point
Copy the full SHA 15f1d0bView commit details -
WiP to be squashed: we need to refactor prompt_tpm_password which is …
…used both for TPM Owner Password prompt and caching reused for TPM disk unlock key passphrase which of course fails Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 729f2b1 - Browse repository at this point
Copy the full SHA 729f2b1View commit details -
TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm…
…_password into tpm_owner_password and reusing correctly i TODO: fix all TODO in PR prior of review + squash Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 27c457f - Browse repository at this point
Copy the full SHA 27c457fView commit details -
bin/reboot: fix parameter order so that we pause when in DEBUG before…
… rebooting Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cf065ee - Browse repository at this point
Copy the full SHA cf065eeView commit details -
.ash_history: add history command for manual detached signed integrit…
…y validation Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b2cb9b4 - Browse repository at this point
Copy the full SHA b2cb9b4View commit details -
qemu doc: add modify list/mount instructions to use losetup to map pa…
…rtitions to loop0pX and mount them to get public key Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2b21623 - Browse repository at this point
Copy the full SHA 2b21623View commit details -
WiP: NK3 with p256 ECC algo supported for in-memory keygen and key-to…
…-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 56b6029 - Browse repository at this point
Copy the full SHA 56b6029View commit details -
oem-factory-reset: make passphrases variables able to contain strings…
… and validate things more solidly Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9e838ad - Browse repository at this point
Copy the full SHA 9e838adView commit details -
PCR extend ops inform users on what happens, otherwise we tpm command…
…s output on screen without context Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 05fc4c1 - Browse repository at this point
Copy the full SHA 05fc4c1View commit details -
gpg_auth function was not failing properly on failing, die instead
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7f5d970 - Browse repository at this point
Copy the full SHA 7f5d970View commit details -
initrd/bin/reboot: BugFix in nv41/ns50 condition check to call nitrop…
…ad-shutdown.sh (otherwise output error on console for improper condition in ash Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9c3fb35 - Browse repository at this point
Copy the full SHA 9c3fb35View commit details -
oem-factory-reset: further cleaning of code for proper validation and…
… consistency checks for passphrases. Also skip flashing code on qemu boards with short explanation Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7cd44b6 - Browse repository at this point
Copy the full SHA 7cd44b6View commit details -
oem-factory-reset seal-hotpkey: unify prompts and vocabulary
oem-factory-reset: bugfix, keytocard inverts prompts. First is keyring then smartcard. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8a8634f - Browse repository at this point
Copy the full SHA 8a8634fView commit details -
Squash: remove DEBUG that were TODO for removal
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c3a5359 - Browse repository at this point
Copy the full SHA c3a5359View commit details -
oem-factory-reset: simplify provisioned secret output at end of wizar…
…d, including GPG key material output passphrase (uses strings+=string) Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e6eeb57 - Browse repository at this point
Copy the full SHA e6eeb57View commit details -
RSA keygen adaptation testing with rsa 2048 in memory keygen and key …
…to card missing pieces Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 867fb8d - Browse repository at this point
Copy the full SHA 867fb8dView commit details -
Squash: revert testing changes for RSA and unify once more USB Securi…
…ty dongle's usage Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 38fc097 - Browse repository at this point
Copy the full SHA 38fc097View commit details -
oem-factory-reset: make initial questionnaire more concise
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ad1bff6 - Browse repository at this point
Copy the full SHA ad1bff6View commit details -
Remove TODO in code that were not relevant prior of first review
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a3086e9 - Browse repository at this point
Copy the full SHA a3086e9View commit details -
oem-factory-reset: RSA default should be 3072, not 3076. squash
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2a04fb5 - Browse repository at this point
Copy the full SHA 2a04fb5View commit details -
oem-factory-reset: typo correction past tense
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4d72eb3 - Browse repository at this point
Copy the full SHA 4d72eb3View commit details -
luks-functions: cleanup code of luks containers reported
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2aa9cfa - Browse repository at this point
Copy the full SHA 2aa9cfaView commit details -
oem-factory-reset: now permits to generate in-memory key, backuped to…
… encrypted disk without copy to card from questionnaire. Can be tested out of the box on Qemu without modification from end of wizard's reboot call, prompting for gpg_auth when in debug mode. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 584c964 - Browse repository at this point
Copy the full SHA 584c964View commit details -
qemu boards: Put back DEBUG and TRACE on
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f5dc5ef - Browse repository at this point
Copy the full SHA f5dc5efView commit details -
ash_functions: have gpg_auth calls to confirm_gpg_card in subshell lo…
…op to force successful authentication Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c2c32c4 - Browse repository at this point
Copy the full SHA c2c32c4View commit details -
oem-factory-reset: prmompt only for GPG User PIN when needed, warn us…
…ers when no backup/when having only in-memory keygen backup without smartcard. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2942d66 - Browse repository at this point
Copy the full SHA 2942d66View commit details -
luks_functions: fix width of whiptail messages with newlines so its n…
…ot cut in the middle Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for af3287c - Browse repository at this point
Copy the full SHA af3287cView commit details
Commits on Nov 2, 2023
-
tpmr: move TPM2 related secrets artifacts to /tmp/secret to be autowi…
…ped when recovery shell is accessed. If you want to see those, use qemu and have main console launching qemu under recovery shell prior of doing ops you want to see /tmp/secret/ artifacts before being deleted. We still have pcap under /tmp which is as expected Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 921acd0 - Browse repository at this point
Copy the full SHA 921acd0View commit details -
functions: prompt_tpm_owner_password only reuses /tmp/secret/tpm_owne…
…r_password if already created by seal functions or itself. Sealing ops not being able to reuse the file shred it (kexec-seal-key and seal-totp) Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 48c446c - Browse repository at this point
Copy the full SHA 48c446cView commit details -
oem-factory-reset ash_functions: fix USB Security Dongle' smartcard -…
…> USB Security Dongle's smartcard Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8526645 - Browse repository at this point
Copy the full SHA 8526645View commit details -
oem-factory-reset: simplify first question for users to have a GPG ke…
…y material backup and enable GPG Authentication Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 644a59a - Browse repository at this point
Copy the full SHA 644a59aView commit details -
functions: guide user torward resetting TPM more directly if counter_…
…increment fails. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 19c5d16 - Browse repository at this point
Copy the full SHA 19c5d16View commit details -
TPM2: add DEBUG and fix path for TPM2 primary key handle hash.
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6d7f9be - Browse repository at this point
Copy the full SHA 6d7f9beView commit details
Commits on Nov 3, 2023
-
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9523b4f - Browse repository at this point
Copy the full SHA 9523b4fView commit details -
functions: check_tpm_counter; add shred call to wipe tpm_owner_passwo…
…rd if creating counter fails with cached tpm owner password so prompt_tpm_owner_password asks for it again on next run Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 51caab8 - Browse repository at this point
Copy the full SHA 51caab8View commit details -
seal-totp/tpmr: differenciate die messages to show which between tpm1…
…_seal/tpm2_seal or check_tpm_counter fails to seal as first step to possible refactor Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e2985d3 - Browse repository at this point
Copy the full SHA e2985d3View commit details -
kexec-seal-key/seal-totp/tpmr/functions: move wiping of tpm_owner_pas…
…sword to tpmr calls directly Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 84374df - Browse repository at this point
Copy the full SHA 84374dfView commit details -
tpmr: give users better error/DEBUG messages in regard of TPM errors
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for afb817c - Browse repository at this point
Copy the full SHA afb817cView commit details -
tpmr/kexec-seal-key/functions: end refactoring of tpmr being in carge…
… of wiping /tmp/secret/tpm_owner_password if invalid Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cd3ce69 - Browse repository at this point
Copy the full SHA cd3ce69View commit details -
oem-factory-reset/ash_functions/luks-functions: replace provisioning …
…with configuring keywords. Tweak oem-factory-reset flow and questionnaire. Now first prompt is to ask if user wants to go advanced or use defaults. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4e10740 - Browse repository at this point
Copy the full SHA 4e10740View commit details -
gui-init: fix TRACE: clean_check_boot stating mount_boot instead of c…
…lean_boot_check Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c064b78 - Browse repository at this point
Copy the full SHA c064b78View commit details -
oem-factory-reset: add rudimentary mount_boot function so that oem-fa…
…ctory-reset can be called early at boot without /boot previously mounted. Also fix logic so that GPG User PIN is showed as configured when keytocard or smartcard only is configured. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for eee913d - Browse repository at this point
Copy the full SHA eee913dView commit details -
init: add early boot 'o' option to jump directly to oem-factory-reset…
… for OEM provisioning of secret prior of shipping products, once OS is installed and after MRC training happened on first boot. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 504f033 - Browse repository at this point
Copy the full SHA 504f033View commit details
Commits on Nov 6, 2023
-
kexec-select-boot/kexec-insert-key: add info message explaining why P…
…CR 4 is extended Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bfc877c - Browse repository at this point
Copy the full SHA bfc877cView commit details -
media-scan: die if gpg_auth fails (should loop and never exit anyway)
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8d7efa0 - Browse repository at this point
Copy the full SHA 8d7efa0View commit details -
ash_functions:confirm_gpg_card: loop gpg_admin_pin prompt until non-e…
…mpty Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 923b4e1 - Browse repository at this point
Copy the full SHA 923b4e1View commit details -
kexec-seal-key: remove non-needed shred of file cached /tmp/secret/tp…
…m_owner_password (done when sealing fails under tpmr) - document why shred is still called under functions:check_tpm_counter for safety and add TODO there Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0042163 - Browse repository at this point
Copy the full SHA 0042163View commit details -
oem-factory-reset/librem boards: remove CONFIG_OEMRESET_OFFER_DEFAULT…
…S=y and checks for it; the default of oem-factory-reset is now to propose user to use defaults first for simplicity of most common use case without allianating advanced users which can simply not accept the default and answer questionnaire Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9e0491e - Browse repository at this point
Copy the full SHA 9e0491eView commit details -
tpmr: Move last TPM owner password prompt/shred into tpmr
Prompt for TPM owner password internally within tpm2_counter_create. Add tpm1_counter_create to prompt for password internally. Wipe the cache in either if the operation fails, in case the password was incorrect. Signed-off-by: Jonathon Hall <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fd6a947 - Browse repository at this point
Copy the full SHA fd6a947View commit details -
All TPM Extend additional context passed from console echo output to …
…DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 388ee51 - Browse repository at this point
Copy the full SHA 388ee51View commit details -
oem-factory-reset: fix typo : Same a GPG Admin PIN
Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 659de63 - Browse repository at this point
Copy the full SHA 659de63View commit details -
oem-factory-reset: normal output to inform user of consequences of ge…
…nerating keys on smartcard without backup, not a wanring anymore Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 160367d - Browse repository at this point
Copy the full SHA 160367dView commit details
Commits on Nov 7, 2023
-
oem-factory-reset: unify booleen y/n variable usage and double check …
…logic. Also move USB Security dongle capability detection under code already checking for USB Security Dongle's smartcard presence. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3787293 - Browse repository at this point
Copy the full SHA 3787293View commit details
Commits on Nov 9, 2023
-
nv41/ns50/librem linux: Add EXFAT fs support (mandatory).
config/linux-librem_common-6.1.8.config: passed to oldconfig format through 'make BOARD=librem_14 linux.modify_and_save_oldconfig_in_place' Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 23c967f - Browse repository at this point
Copy the full SHA 23c967fView commit details -
oem-factory-reset : Prompt user for any connected block device, give …
…storage size and loop until none is connected to exit loop. Warn user if connected usb block device is less then 128mb, since creating LUKS container of less then 8mb might cause issues. Signed-off-by: Thierry Laurion <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e924a8a - Browse repository at this point
Copy the full SHA e924a8aView commit details
Commits on Nov 13, 2023
-
oem-factory-reset: Improve prompt flow formatting flash drive
Combine prompt to disconnect other devices with prompt to connect the desired device. Show block device sizes in MB/GB when selecting device so it is easier to select. file_selector now supports --show-size to include block device sizes in menu. Rework file_selector so menu options can contain spaces (use bash array) and to simplify logic. Prompt to select flash drive and LUKS percentage in OEM reset before actually taking any actions, so aborting doesn't half-reset the system. Abort OEM reset if user aborts the flash drive selection instead of looping forever. (Canceling the confirmation still loops to retry but it is possible to exit by aborting the repeated menu.) Signed-off-by: Jonathon Hall <[email protected]>
1Configuration menu - View commit details
-
Copy full SHA for a925219 - Browse repository at this point
Copy the full SHA a925219View commit details -
oem-factory-reset: Move format confirmation before resetting anything
Move confirmation of formatting flash drive with LUKS percentage selection before any reset actions have been taken, so aborting does not result in a half-reset system. Combine with the more basic "confirm" prompt that existed after selecting the device (but did not include the LUKS size information). Split up prepare_flash_drive into interactive_prepare_flash_drive (both prompts and formats as before), confirm_thumb_drive_format (just confirms the selections), and prepare_thumb_drive (now noninteractive). Signed-off-by: Jonathon Hall <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d39fc26 - Browse repository at this point
Copy the full SHA d39fc26View commit details -
oem-factory-reset: Don't repeat "insert flash drive" message
Don't repeat this message if the user says "no" to the confirmation prompt. Go directly to the menu. Signed-off-by: Jonathon Hall <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 97d903f - Browse repository at this point
Copy the full SHA 97d903fView commit details