initrd/etc/gpg_functions.sh: check flash.sh exit status before reboot#2114
Merged
tlaurion merged 4 commits intoMay 14, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Improves the GPG-key-injection-and-reflash flow so that a successful reflash now displays a confirmation dialog and automatically reboots, and adjusts the "Reset the TPM" recovery paths in gui-init.sh to show the integrity report informationally and to reboot at the end of reset_tpm(). This addresses issue #2113, where after reflashing with a new GPG key on a TPM 1.2 maximized board the user was not forced to reboot before regenerating TOTP, leaving the TPM passphrase out of sync.
Changes:
- After
/bin/flash.shingpg_flash_rom, show a "ROM Flashed Successfully" message box and call/bin/reboot.sh. - Replace the
gate_reseal_with_integrity_report || tpm_reset_requiredgate on the two "Reset the TPM" menu paths with an unconditionalreport_integrity_measurementscall, and update the surrounding comments. - Append
/bin/reboot.shat the end of a successfulreset_tpm()flow, and source/etc/gpg_functions.shfromgui-init.sh.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| initrd/etc/gpg_functions.sh | Adds post-flash success dialog and automatic reboot in gpg_flash_rom. |
| initrd/bin/gui-init.sh | Sources gpg_functions.sh; removes the integrity-gate guard from the two "Reset the TPM" menu paths in favor of an informational integrity report; forces a reboot at the end of reset_tpm. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- All three GPG key management paths (gpg_post_gen_mgmt, gpg_add_key_reflash, gpg_add_key_to_standalone_rom) call gpg_flash_rom() to write the ROM but never call reboot.sh, leaving the user in the menu with firmware changes in flash that have not taken effect. - Check /bin/flash.sh exit status: on success show a message box and call /bin/reboot.sh; on failure show an error dialog. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- gui-init.sh calls report_integrity_measurements() from gui_functions.sh, which at line 488 calls gpg_replace_key_reflash() defined in gpg_functions.sh, but gui-init.sh never sourced gpg_functions.sh. - Selecting 'r' (Replace GPG key in current ROM and reflash) from the integrity report would fail with an undefined function error. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- The reset_tpm() function clears the TPM owner hierarchy, creates new counters, generates new TOTP/HOTP secrets, and reseals the disk decryption key, but never reboots after completing these changes. - Add /bin/reboot.sh at the end of the function so the system boots into a fresh state with the newly initialized TPM. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- When TOTP unseal fails and the user selects 'p' (Reset TPM), the condition ran gate_reseal_with_integrity_report before reset_tpm. The gate forces through update_checksums which needs TPM counter operations, requiring the current TPM owner password. Since the TPM has not yet been reset, this password is unknown — creating a catch-22: the counter op fails, DIE restarts the boot script, and reset_tpm is never reached. - Same issue in the main menu 'r' (Reset TPM from TPM/TOTP/HOTP Options): the gate runs update_checksums before reset_tpm. - Fix both paths to call report_integrity_measurements directly (shows the report without forcing investigation/signing) before proceeding to reset_tpm. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
force-pushed
the
gpg_inject_on_clean_firmware_flash
branch
from
4a1bed6 to
e0f0fea
Compare
Collaborator
Author
|
will remove hotp fix and split it in #2115 |
tlaurion
force-pushed
the
gpg_inject_on_clean_firmware_flash
branch
from
2548d38 to
e0f0fea
Compare
tlaurion
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2113
Changes
initrd/etc/gpg_functions.sh
Check flash.sh exit status in gpg_flash_rom(). On success show a
confirmation dialog and reboot automatically; on failure show an
error dialog instead of rebooting unconditionally.
initrd/bin/gui-init.sh
so the user sees current integrity state before deciding to reset
completes with a clean reboot