/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Antievilmaid: PNG secret broken with new plymouth theme #893

Closed
marmarek opened this Issue Mar 8, 2015 · 1 comment

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 2
1 participant
@marmarek
@marmarek
Member

marmarek commented Mar 8, 2015

Reported by marmarek on 4 Sep 2014 21:48 UTC
https://groups.google.com/d/topic/qubes-users/-J5gYwmRP8k/discussion

I've managed to take ownership of my TPM, set a SRK password, build a new USB stick for /boot and set it up, boot to an AEM boot, and allegedly seal a secret.
I first tried a png file as my secret, including "rd.antievilmaid.png_secret" as one of the flags in GRUB_CMDLINE_AEM_FLAGS in /etc/default/grub.
When I booted it just displayed the normal Qubes logo and a small loading bar. When I press escape it says: "Attempting to unseal the secret passphrase from the TPM...", some blank space, and then "Continue the boot process only if the secret above is correct!"
I figured it might be some issue with using a png file. So I booted and re-sealed my TPM, this time with a string instead of a png file. But when I boot from my USB stick I still have the same problem. It shows the normal Qubes logo boot, and when I press escape it says the same thing, but still not displaying my secret phrase.
It asks for my SRK password when I seal a secret, but not when I boot. Is this expected?
Something that could be the cause:
When I first edited /etc/default/grub, I added the line:

export GRUB_CMDLINE_AEM_FLAG="rd.antievilmaid.asksrkpass rd.antievilmaid.png_secret"

Not realizing that I had a typo, and it should be GRUB_CMDLINE_AEM_FLAGS. After rebooting, I edited that to be GRUB_CMDLINE_AEM_FLAGS and then ran:

sudo grub2-install /dev/sdb

to reinstall grub onto my USB stick. Is it possible that I reinstalled grub incorrectly, and that flag isn't set like it should be?

And additional (related?) problem:

While running /usr/lib/antievilmaid/antievilmaid_install, this was part of the output for each initramfs it generated:

dracut-install: ERROR: installing '/usr/lib64/plymouth//label.so'

Migrated-From: https://wiki.qubes-os.org/ticket/893

@marmarek marmarek added this to the Release 2 milestone Mar 8, 2015

@marmarek marmarek added bug C: other P: minor labels Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by marmarek on 11 Sep 2014 04:12 UTC
http://git.qubes-os.org/?p=marmarek/antievilmaid.git;a=commit;h=20746e5f5824ff9b7cb78a572cf96228afc08789
Member

marmarek commented Mar 8, 2015

Comment by marmarek on 11 Sep 2014 04:12 UTC
http://git.qubes-os.org/?p=marmarek/antievilmaid.git;a=commit;h=20746e5f5824ff9b7cb78a572cf96228afc08789

@marmarek marmarek closed this Mar 8, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment