Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WiP: Generate diceware passphrases in oem-factory-reset, output qr code of configured secrets prior of reboot #1850

Draft
wants to merge 25 commits into
base: master
Choose a base branch
from
Draft

WiP: Generate diceware passphrases in oem-factory-reset, output qr code of configured secrets prior of reboot #1850

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
c5bc76d
diceware: add short list v2, requiring 4 dices and providing longer w…
tlaurion Nov 15, 2024
81293c9
initrd/etc/functions: add generate_passphrase logic
tlaurion Nov 15, 2024
6eac70a
WiP initrd/bin/oem-factory-reset: format unification
tlaurion Nov 17, 2024
439f3ec
WiP initrd/bin/oem-factory-reset: add --mode (oem/user) skeleton
tlaurion Nov 17, 2024
18c066f
/etc/functions:: reuse detect_boot_device instead of trying only to m…
tlaurion Nov 17, 2024
89d15fb
WiP initrd/bin/oem-factory-reset: add qrcode+secet output loop until …
tlaurion Nov 17, 2024
1e0df1f
WiP: bump to hotp-verification version supporting reset of secret app
tlaurion Nov 28, 2024
c4832ee
WiP: add nk3 secret app reset function and call it following security…
tlaurion Nov 28, 2024
a9d3d96
modules/hotp-verification: revert to 1.6, add patches tested instead
tlaurion Dec 5, 2024
b550151
oem-factory-reset: add reset secure app PIN = ADMIN_PIN at reownershi…
tlaurion Dec 5, 2024
9623053
modules/hotp-verification: 1.6, removing patch pr43, only keeping 46 …
tlaurion Dec 5, 2024
b760e63
oem-factory-reset: don't set user re-ownership by default for now: us…
tlaurion Dec 5, 2024
85dfaf9
oem-factory-reset: if nk3, also display Secure App PIN = GPG Admin PI…
tlaurion Dec 5, 2024
91704d0
oem-factory-reset: fix Secure App wording, prevent word globbing, war…
tlaurion Dec 5, 2024
e436260
oem-factory-reset: set title_text accordingly to mode, either 'OEM Fa…
tlaurion Dec 5, 2024
444ff3e
oem-factory-reset: reset nk3 secure app PIN early since we need physi…
tlaurion Dec 5, 2024
835b7ac
kexec-sign-config: mount rw, write things to /boot, mount ro after
tlaurion Dec 5, 2024
295935f
WiP seal-hotp: customize message to be GPG Admin PIN or Secure App PIN
tlaurion Dec 5, 2024
e73bb05
hotp-verification patches: Use https://github.com/Nitrokey/nitrokey-h…
tlaurion Dec 6, 2024
d142f76
oem-factory-reset+seal-hotp nk3 hotp-verification info adaptations
tlaurion Dec 6, 2024
6591f26
hotp-verification: removed patches/hotp-verification-e9050e0c914e7a8f…
tlaurion Dec 6, 2024
7051fc8
functions: Fix spelling of 'dictionaries'
JonathonHall-Purism Dec 6, 2024
c00c036
functions: Simplify dictionary word selection
JonathonHall-Purism Dec 6, 2024
86a6158
oem-factory-reset: Stop adding leading blank lines in 'passphrases' msg
JonathonHall-Purism Dec 6, 2024
4b4ac60
patches/hotp-verification-*/46.patch : readd https://github.com/Nitro…
tlaurion Dec 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions initrd/bin/kexec-sign-config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ assert_signable

confirm_gpg_card

# remount /boot as rw
mount -o remount,rw /boot

# update hashes in /boot before signing
if [ "$update" = "y" ]; then
(
Expand Down Expand Up @@ -81,8 +84,15 @@ for tries in 1 2 3; do
; then
# successful - update the validated params
check_config $paramsdir

# remount /boot as ro
mount -o remount,ro /boot

exit 0
fi
done

# remount /boot as ro
mount -o remount,ro /boot

die "$paramsdir: Unable to sign kexec hashes"
Loading