Novacustom nv4x adl heads v0.9.2 rc2 #14
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TODO: check logic in this file because assumptions on PINs retry count are wrong and will depend on Nitrokey/nitrokey-hotp-verification#43 not tested here Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…instead of Nitrokey/nitrokey-hotp-verification#46 for hotp-verification info parsing and validation of oem-factory-reset and seal-hotp Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- oem-factory-reset: fix strings for nk3 is from Nitrokey/nitrokey-hotp-verification#43 is Secrets app, not Secret App singular, not App capitalized - initrd/bin/seal-hotpkey: adapt to check nk3 Secrets App PIN counter if nk3, keep Card counters for <nk3 from Nitrokey/nitrokey-hotp-verification#43 - Unattended hotp_initialize output removed since we need physical presence to seal HOTP until Nitrokey/nitrokey-hotp-verification#41 is fixed - Finally make seal_hotp use logic to detect if public key <1m old, use HOTP related PIN by default if counter is not <3, warn that re-ownership needs to be ran to change it since no security offered at all otherwise with HOTP - unify format with linting tool Tested in local tree against https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/43.patch, removing https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/46.patch - will revert the change above in PR once testing is over Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…fef5d1c82a014e0e2bf79346 directory: waiting for Nitrokey/nitrokey-hotp-verification#43 and Nitrokey/nitrokey-hotp-verification#46 to be merged to change modules/hotp-verification commit Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
The dice-rolls method was relatively complex and somewhat biased (~2.4% biased toward 1-4 on each roll due to modulo bias). Just pick a line from the dictionary at random. Using all 32 bits of entropy to pick a line once distributes the modulo bias so it is only 0.000003% biased toward the first 1263 words. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
We're adding leading blank lines, which makes the prompt look odd and now have to be removed later. Just stop adding the leading blank lines. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…erification#46 so that this PR can be tested and reviewed from OEM Factory Reset/User Re-Ownership perspective (PR 43 not in which fixes hotp_verification info, needed to reuse default PINs under seal-hotp if pubkey age <1 month and if Secret app PIN/GPG Admin PIN count >=3 ) Repro: mkdir patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346 wget https://patch-diff.githubusercontent.com/raw/Nitrokey/nitrokey-hotp-verification/pull/46.patch -O patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346/46.patch sudo rm -rf build/x86/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346/ ./docker_repro.sh make BOARD=qemu-coreboot-whiptail-tpm2-hotp USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=pubkey.asc inject_gpg run Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…verification#43 and Nitrokey/nitrokey-hotp-verification#46 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Insights: - We should use oem generated pubkey naming to distinguish between oem/user generated keys and try to use default PINs also for GPG User to sign with default PIN and warn even if it works/doesn't, urging users to do reownership - Point is that oem factory reset does in the direction of using randomized PINs, while continuing to use those for a user should be strongly discouraged Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…fixes and reset fixes so that oem-factory-reset can reset secrets app PIN Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Attacking nv index next for TPM nvram read in prod_quiet testing Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…ever if not pertinent to most? Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…ause htop counter and primary handle until removed outside of this PR Signed-off-by: Thierry Laurion <insurgo@riseup.net>
… using weak OEM defaults provisioned secrets Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…matting changed. sign after tpm-reset now to work around primary handle issue. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…otp-verification#51 I give up trying to make Nitrokey do the right thing. They will propose PR to Heads next to fix their own fixes for their own caused regressions and security vulns. I just stopped caring for sanity reasons, i'm making quiet+eom/user-reownership fixes for feature freeze. If nitrokey pays, there is gonna be future collaboration, if they don't, they will do Heads related stuff themselves. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…f enabled, and where enabling debug+tracing disables Quiet mode Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…sh_functions under /etc/functions, replace TRACE calls by TRACE_FUNC, remove xx30-flash.init Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…easurements of cbfs-init extracted+measured TPM stuff if not in board config Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…here that measure is enforced in code This is equivalent of passing debug on kernel command line from coreboot config, even is enabled through config options and saved back in CBFS. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…hout qr scanner app in mobile phone Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…k counters printed to console Signed-off-by: Thierry Laurion <insurgo@riseup.net>
… enabled it through Configuration Settings that earlier suppression requires enabling through board config Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…eal hardware recording in PR, will comment and generalize in next commit to all maintained boards, leaving this to be overriden by branding downstream for downstream releases exercice and choice Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…s... Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…an't wait we get rid of this... file must exist and not be empty, and hash output to console must not be silenced Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…llback/save to persist across reboots Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…it after usb drivers loaded for optional usb keyboard support Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…ib/kbd/keymaps/i386/qwerty/us.map' explicitely since qemu don't support internal flashing still Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…y/qwertz/azerty) prior of chossing, testing one, rejecting, testing one until confirming ok. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…ard keymaps) for those boards with insufficient SPI space (8MB) Signed-off-by: Thierry Laurion <insurgo@riseup.net>
there was a bug where the user was never asked to enter a new passphrase thus the luks_new_Disk_Recovery_Key_passphrase was not set and an empty file was used as the key-file apart from being a serious confidentiality issue as an empty password does not provide any protection it is also not possible to enter empty passwords from the prompts upon boot in both heads and payload OSes therefore the user would have to manually change the password once the bug hit them the bug was triggered because of a weird if else code path in which the else branch would never be taken because test_luks_current_disk_recovery_key_passphrase would always already set the current passphrase Signed-off-by: gaspar-ilom <gasparilom@riseup.net>
…ssphrase fix change passphrase
doc: Start documenting Heads logging and configuration variables
…: we add procps+psmisc in flake.nix to be able to troubleshoot processes and /proc related info from docker image Signed-off-by: Thierry Laurion <insurgo@riseup.net>
… musl-cross-make from x230 to t480 (t480 is part of save_cache, not x230...) Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…t generating error since $$$$(MAKE) was resolved to MAKE in configure.log, but was still working correctly) See: https://app.circleci.com/pipelines/github/tlaurion/heads/3314/workflows/e588480d-d13a-49e0-a1b6-78fed839b70b/jobs/67601?invite=true#step-102-1420_53 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This is the actual default keymap the kernel loads by default (it is different from any of the keymaps provided by kbd, although possibly not in any way anyone would care about). This makes loadkeys --default work. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Put a board's keymap at /etc/board_keys.map and support it in the normal logic, instead of with ad-hoc logic in the board init. Whenever loading a new keymap, reset the current keymap first, and load the board's override last (if there is one). This way, the result is always the same even if the new keymap does not define all keys, and the board's overridden keys stay overridden. Use the actual kernel default instead of us.map (which is different, but possibly not in any way anyone would care about). Remove some redundant loads of the current keymap when canceling. We already restore the current keymap any time a change was made that was rejected. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
…d_docker_proc_tools Fix CicleCI cache usage; add docker proc tools for debugging (flake.nix + docker 0.2.5 upload)
…G message where useful, add context in case linux shipped keymap not loading for DO_WITH_DEBUG Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…lusion-PoC-include_all_keymaps International keyboad keymaps support through Options-> Change configuration Settings -> Change Keyboard layout
…o .canary file but coreboot fork directory exists Improves collaboration with Makefile real.remove_canary_files-extract_patch_rebuild_what_changed helper: - if canary is not found but coreboot fork directory exists: do not attempt to git clone; git reset instead and reuse previous logic - if canary is not found and coreboot dir doesn't exist: git clone Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…_removal_helper-improve_helper Makefile: make sure coreboot forks do the right thing when there is no .canary file but coreboot fork directory exists
Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
filipleple
force-pushed
the
novacustom_nv4x_adl_heads_v0.9.2
branch
from
9488a0b to
80e8cea
Compare
|
@mkopec we recommend submitting the source for review in the dasharo fork in the standard release process, though this probably is not for merge |
Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.