Skip to content

Commit 133da0e

Browse files
tlauriontlaurion
authored
Merge pull request #1515 from tlaurion/inmemory_keygen-gpg_backup_usable_for_RSA_only-copy_to_card_working_for_RSA_only-gpg_auth_for_recovery_and_sub_boot
GPG User Authentication: In-memory gpg keygen + keytocard and GPG key material backup enabling (plus a lot of code cleanup and UX improvements)
2 parents bd0ebc4 + 97d903f commit 133da0e

40 files changed

+4899
-1060
lines changed

boards/librem_13v2/librem_13v2.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@ CONFIG_LINUX_USB=y
3030
export CONFIG_TPM=y
3131
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3232
export CONFIG_TOTP_SKIP_QRCODE=y
33-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3433
export CONFIG_BOOTSCRIPT=/bin/gui-init
3534
export CONFIG_BOOT_REQ_HASH=n
3635
export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem_13v4/librem_13v4.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@ CONFIG_LINUX_USB=y
3030
export CONFIG_TPM=y
3131
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3232
export CONFIG_TOTP_SKIP_QRCODE=y
33-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3433
export CONFIG_BOOTSCRIPT=/bin/gui-init
3534
export CONFIG_BOOT_REQ_HASH=n
3635
export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem_14/librem_14.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ CONFIG_LINUX_USB=y
2828
export CONFIG_TPM=y
2929
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3030
export CONFIG_TOTP_SKIP_QRCODE=y
31-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3231

3332
export CONFIG_BOOTSCRIPT=/bin/gui-init
3433
export CONFIG_BOOT_REQ_HASH=n

boards/librem_15v3/librem_15v3.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@ CONFIG_LINUX_USB=y
3030
export CONFIG_TPM=y
3131
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3232
export CONFIG_TOTP_SKIP_QRCODE=y
33-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3433
export CONFIG_BOOTSCRIPT=/bin/gui-init
3534
export CONFIG_BOOT_REQ_HASH=n
3635
export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem_15v4/librem_15v4.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,6 @@ CONFIG_LINUX_USB=y
3131
export CONFIG_TPM=y
3232
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3333
export CONFIG_TOTP_SKIP_QRCODE=y
34-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3534
export CONFIG_BOOTSCRIPT=/bin/gui-init
3635
export CONFIG_BOOT_REQ_HASH=n
3736
export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem_l1um/librem_l1um.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,6 @@ CONFIG_LINUX_USB=y
2929
export CONFIG_TPM=y
3030
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3131
export CONFIG_TOTP_SKIP_QRCODE=y
32-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3332

3433
export CONFIG_BOOTSCRIPT=/bin/gui-init
3534
export CONFIG_BOOT_REQ_HASH=n

boards/librem_l1um_v2/librem_l1um_v2.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ CONFIG_OPENSSL=y
3232
CONFIG_PRIMARY_KEY_TYPE=ecc
3333
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3434
export CONFIG_TOTP_SKIP_QRCODE=y
35-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3635

3736
export CONFIG_BOOTSCRIPT=/bin/gui-init
3837
export CONFIG_BOOT_REQ_HASH=n

boards/librem_mini/librem_mini.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@ CONFIG_LINUX_USB=y
3030
export CONFIG_TPM=n
3131
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3232
export CONFIG_TOTP_SKIP_QRCODE=y
33-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3433

3534
export CONFIG_BOOTSCRIPT=/bin/gui-init
3635
export CONFIG_BOOT_REQ_HASH=n

boards/librem_mini_v2/librem_mini_v2.config

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@ CONFIG_LINUX_USB=y
3030
export CONFIG_TPM=n
3131
export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
3232
export CONFIG_TOTP_SKIP_QRCODE=y
33-
export CONFIG_OEMRESET_OFFER_DEFAULTS=y
3433

3534
export CONFIG_BOOTSCRIPT=/bin/gui-init
3635
export CONFIG_BOOT_REQ_HASH=n

boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,9 +41,11 @@ Bootstrapping a working system
4141
* Then Heads will indicate that there is no TOTP code yet, at this point shut down (Continue to main menu -> Power off)
4242
5. Get the public key that was saved to the virtual USB flash drive
4343
* `sudo mkdir /media/fd_heads_gpg`
44-
* `sudo mount ./build/x86/qemu-coreboot-fbwhiptail-tpm1-hotp/usb_fd.raw /media/fd_heads_gpg`
44+
* `sudo losetup --find --partscan ./build/x86/qemu-coreboot-fbwhiptail-tpm1-hotp/usb_fd.raw`
45+
* `sudo mount /dev/loop0p2 /media/fd_heads_gpg` to mount the second partition (public) or if only one partition, /dev/loop0p1
4546
* Look in `/media/fd_heads_gpg` and copy the most recent public key
4647
* `sudo umount /media/fd_heads_gpg`
48+
* `sudo losetup --detach /dev/loop0`
4749
6. Inject the GPG key into the Heads image and run again
4850
* `make BOARD=qemu-coreboot-fbwhiptail-tpm1-hotp PUBKEY_ASC=<path_to_key.asc> inject_gpg`
4951
* `make BOARD=qemu-coreboot-fbwhiptail-tpm1-hotp USB_TOKEN=LibremKey PUBKEY_ASC=<path_to_key.asc> run`

0 commit comments

Comments
 (0)