Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code reorganization #47

Merged
merged 18 commits into from
Jun 28, 2023
Merged

Code reorganization #47

merged 18 commits into from
Jun 28, 2023

Conversation

SergiiDmytruk
Copy link
Contributor

This PR is on top of #46, will rebase on doing changes there.

This is a preparation of existing code for introducing TPM2 support in #42, it contains:

  • several small changes
  • a bunch of commits that extract TPM-dependent functionality to anti-evil-maid-lib as functions
  • move of TPM-related functions to anti-evil-maid-lib-tpm1 file

My tests on TPM1 without SRK password, with SRK password and with TOTP went without errors.

@SergiiDmytruk SergiiDmytruk mentioned this pull request Jun 20, 2023
Closed
marmarek
marmarek requested changes Jun 26, 2023
View reviewed changes
sbin/anti-evil-maid-install Show resolved Hide resolved
90anti-evil-maid/anti-evil-maid-unseal Outdated Show resolved Hide resolved
sbin/anti-evil-maid-lib-tpm1 Show resolved Hide resolved
@SergiiDmytruk
Use set -euo pipefail in scripts where possible
bec1954 
anti-evil-maid-check-mount-devs can't have `set -u`.

anti-evil-maid-install needed to be slightly updated for `set -u`.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Auto-unmount boot device in anti-evil-maid-unseal
994af1e 
Otherwise in case of error, it stays mounted, but you do anything about
it after leaving initrd.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Use --echo-no in waitforenter()
079060e 
It's confusing to see a proper password prompt with asterisks after a
"Press ENTER message".

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract hashfile function
07b4bbc 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract tpmowned() function
7ab893d 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract provisiontpmid() function
86b5c0f 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract checksrkpass() function
c378ea5 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract tpmpcrextend() function
90528d1 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract tpmunsealdata() function
e92578f 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Drop outdated shellcheck disable= comments
7e0d56d 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract tpmtakeownership() function
1c1fae3 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract postprovisioning() function
6964a74 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract tpmresetdalock() function
0c663de 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract tpmsealdata() function
4e98e81 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract listbadpcrs() function
af90db6 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Check system.data file existence in synctpms()
f150701 
It won't be there for TPM2.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract functions for managing tcsd service
bc04eb2 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@SergiiDmytruk
Extract anti-evil-maid-lib-tpm1
1b1b523 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
@marmarek marmarek merged commit 1b1b523 into QubesOS:main Jun 28, 2023
@SergiiDmytruk SergiiDmytruk deleted the code-reorganization branch June 28, 2023 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marmarek marmarek marmarek approved these changes

@krystian-hebel krystian-hebel krystian-hebel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SergiiDmytruk @marmarek @krystian-hebel