-
-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ease TPM Disk Unlock Key sealing/resealing after TOTP mismatch (firmware upgrade) + warn and die changes #1482
Merged
tlaurion
merged 13 commits into
linuxboot:master
from
tlaurion:ease_tpm_disk_unlock_key_resealing_after_totp_mismatch-warn_and_die_changes
Sep 5, 2023
Merged
Changes from all commits
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
4910c11
TPM Disk Unlock Key sealing/renewal cleanup (Triggered automatically …
tlaurion 67c865d
TPM DISK Unlock Key : add cryptroot/crypttab to fix #1474
tlaurion 03d8f93
modules/zstd: now included by default. Deactivated under legacy-flash…
tlaurion 64ad01f
WiP: Staging commit to facilitate review, will squash into previous c…
tlaurion 4a7e23b
Address review for: first set up of TPM DUK and renewal after firmwar…
tlaurion a2a3002
TPM Disk Unlock Key setup: use unpack_initrd.sh, replace none with /s…
tlaurion 0ba10e5
path substitution still not working. This is PoC to be tested. Had to go
tlaurion e9dbce2
bin/unpack_initramfs.sh: Add TRACE and DEBUG traces
tlaurion 52947e2
WiP TPM DUK cleanup
tlaurion 51b1ad3
sbin/insmod wrapper: Add TRACE and DEBUG traces
tlaurion 8b0fc0f
kexec-seal/save-key /etc/functions : some more uniformisation of TPM …
tlaurion e291797
kexec-save-default : Finally fix #1474 under #1482
tlaurion 47eba7d
kexec-save-default: Fix multiple LUKS/LVM+LUKS suggestion + other wor…
tlaurion File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the 'something else' you want is initrd/bin/unpack_initramfs.sh 😉
That's designed to unpack concatenated initrds like Linux does, it works for the early microcode initrd followed by the real initrd, details in the documentation comment at the top of the file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm. ZSTD would now be a new requirement. Will switch that as being default for all boards and see if things break for legacy boards and if it does, bye bye legacy boards #1421
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JonathonHall-Purism Applied change at 03d8f93. Will now use that in code thanks for the tip!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JonathonHall-Purism works under e291797
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good in 47eba7d 👍