-
-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OEM-> User transfer of devices ownership wizard, triggered by the presence of an empty /boot/oem file #507
Commits on Jan 5, 2018
-
Configuration menu - View commit details
-
Copy full SHA for df4438a - Browse repository at this point
Copy the full SHA df4438aView commit details
Commits on Sep 18, 2018
-
Configuration menu - View commit details
-
Copy full SHA for d740fe4 - Browse repository at this point
Copy the full SHA d740fe4View commit details -
Configuration menu - View commit details
-
Copy full SHA for df8462a - Browse repository at this point
Copy the full SHA df8462aView commit details -
Configuration menu - View commit details
-
Copy full SHA for aa2d3cd - Browse repository at this point
Copy the full SHA aa2d3cdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 533f18a - Browse repository at this point
Copy the full SHA 533f18aView commit details
Commits on Sep 19, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 921010f - Browse repository at this point
Copy the full SHA 921010fView commit details -
Configuration menu - View commit details
-
Copy full SHA for cb418ca - Browse repository at this point
Copy the full SHA cb418caView commit details -
Configuration menu - View commit details
-
Copy full SHA for cc062bd - Browse repository at this point
Copy the full SHA cc062bdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8fbe910 - Browse repository at this point
Copy the full SHA 8fbe910View commit details
Commits on Oct 5, 2018
-
required changes to apply on top of osresearch/gpg2 for gpg2 to actua…
…lly work, tools and libs updated to latest versions
Configuration menu - View commit details
-
Copy full SHA for 87c85ca - Browse repository at this point
Copy the full SHA 87c85caView commit details
Commits on Oct 17, 2018
-
Configuration menu - View commit details
-
Copy full SHA for d9220f5 - Browse repository at this point
Copy the full SHA d9220f5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0978cb4 - Browse repository at this point
Copy the full SHA 0978cb4View commit details
Commits on Nov 15, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 42a13bc - Browse repository at this point
Copy the full SHA 42a13bcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 91886bb - Browse repository at this point
Copy the full SHA 91886bbView commit details -
gpg needs to be called with --no-tty at that point, since pintentry-t…
…ty is used to enter passphrase. Else, gpg complaints of not being able to open /dev/tty, even though GPG_TTY environmenent variable is forced in init
Configuration menu - View commit details
-
Copy full SHA for cc89d68 - Browse repository at this point
Copy the full SHA cc89d68View commit details -
GPG_TTY is forced to /dev/console under init. Ash console is never ca…
…lled; trying to get console tty from the tty returns "no console". NEEDs BETTER FIX.
Configuration menu - View commit details
-
Copy full SHA for 6623374 - Browse repository at this point
Copy the full SHA 6623374View commit details -
Configuration menu - View commit details
-
Copy full SHA for a2e9e4c - Browse repository at this point
Copy the full SHA a2e9e4cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5d3ac09 - Browse repository at this point
Copy the full SHA 5d3ac09View commit details
Commits on Nov 23, 2018
-
Merge branch 'gpg2-clean-working_atop-osresearch_gpg2' of https://git…
…hub.com/tlaurion/heads into gpg2
Configuration menu - View commit details
-
Copy full SHA for 478af24 - Browse repository at this point
Copy the full SHA 478af24View commit details
Commits on Jan 18, 2019
-
Configuration menu - View commit details
-
Copy full SHA for af5d59d - Browse repository at this point
Copy the full SHA af5d59dView commit details -
Configuration menu - View commit details
-
Copy full SHA for de724c4 - Browse repository at this point
Copy the full SHA de724c4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7ab0b60 - Browse repository at this point
Copy the full SHA 7ab0b60View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2710a25 - Browse repository at this point
Copy the full SHA 2710a25View commit details -
Configuration menu - View commit details
-
Copy full SHA for 45018c4 - Browse repository at this point
Copy the full SHA 45018c4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 420d5de - Browse repository at this point
Copy the full SHA 420d5deView commit details -
Configuration menu - View commit details
-
Copy full SHA for 89b7896 - Browse repository at this point
Copy the full SHA 89b7896View commit details -
Configuration menu - View commit details
-
Copy full SHA for b70c9f8 - Browse repository at this point
Copy the full SHA b70c9f8View commit details -
required changes to apply on top of osresearch/gpg2 for gpg2 to actua…
…lly work, tools and libs updated to latest versions
Configuration menu - View commit details
-
Copy full SHA for dfa7043 - Browse repository at this point
Copy the full SHA dfa7043View commit details -
Configuration menu - View commit details
-
Copy full SHA for bb7a1ec - Browse repository at this point
Copy the full SHA bb7a1ecView commit details -
Configuration menu - View commit details
-
Copy full SHA for e07bbfb - Browse repository at this point
Copy the full SHA e07bbfbView commit details -
Configuration menu - View commit details
-
Copy full SHA for dbef0de - Browse repository at this point
Copy the full SHA dbef0deView commit details -
gpg needs to be called with --no-tty at that point, since pintentry-t…
…ty is used to enter passphrase. Else, gpg complaints of not being able to open /dev/tty, even though GPG_TTY environmenent variable is forced in init
Configuration menu - View commit details
-
Copy full SHA for 5f6f050 - Browse repository at this point
Copy the full SHA 5f6f050View commit details -
GPG_TTY is forced to /dev/console under init. Ash console is never ca…
…lled; trying to get console tty from the tty returns "no console". NEEDs BETTER FIX.
Configuration menu - View commit details
-
Copy full SHA for abe7f38 - Browse repository at this point
Copy the full SHA abe7f38View commit details -
Configuration menu - View commit details
-
Copy full SHA for d1364e4 - Browse repository at this point
Copy the full SHA d1364e4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 947d9a1 - Browse repository at this point
Copy the full SHA 947d9a1View commit details -
Configuration menu - View commit details
-
Copy full SHA for c1603af - Browse repository at this point
Copy the full SHA c1603afView commit details -
Configuration menu - View commit details
-
Copy full SHA for c8f3122 - Browse repository at this point
Copy the full SHA c8f3122View commit details -
Add empty keyring detection, clean up main menu
To help with onboarding new users to Heads, this change will detect when Heads does not have any keys in its keyring and will guide the user through adding a key to the running BIOS. It's important that this happen *before* guiding them through setting up an initial TOTP/HOTP secret because adding a GPG key changes the BIOS, so the user would have to generate TOTP/HOTP secrets 2x unless we handle the keyring case first. In addition to this change I've simplified the main menu so that the majority of the options appear under an 'advanced' menu.
Configuration menu - View commit details
-
Copy full SHA for 38b67fb - Browse repository at this point
Copy the full SHA 38b67fbView commit details -
Set GPG_TTY before calling gpg in key-init
gpg2 needs GPG_TTY set to function properly. We set it in /init so it is inherited by all children. The call to $(tty) must be after /dev and (preferably) /dev/pts are mounted. Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5530d7e - Browse repository at this point
Copy the full SHA 5530d7eView commit details -
Move GPG check outside TPM failure
We want to catch the missing GPG keyring error regardless of TPM failure or even in the case of a system without a TPM at all so we need to move that section up above the TPM check.
Configuration menu - View commit details
-
Copy full SHA for 4c19a87 - Browse repository at this point
Copy the full SHA 4c19a87View commit details -
Update version #s for Librem coreboot, add Librem Key detection dialog
The Librem coreboot is labeled with the current version and is visible from dmidecode and is supposed to reflect the current version of coreboot, however it was out of date and reflected 4.7 when Heads has moved on to 4.8.1. I've also added a simple change to further simplify onboarding by warning users who have Librem Key configured when they boot without it being inserted.
Configuration menu - View commit details
-
Copy full SHA for 85dd856 - Browse repository at this point
Copy the full SHA 85dd856View commit details -
Configuration menu - View commit details
-
Copy full SHA for ec0378d - Browse repository at this point
Copy the full SHA ec0378dView commit details -
Configuration menu - View commit details
-
Copy full SHA for b02910b - Browse repository at this point
Copy the full SHA b02910bView commit details -
Configuration menu - View commit details
-
Copy full SHA for fcefa03 - Browse repository at this point
Copy the full SHA fcefa03View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3fb4395 - Browse repository at this point
Copy the full SHA 3fb4395View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8a2db7a - Browse repository at this point
Copy the full SHA 8a2db7aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5065b6f - Browse repository at this point
Copy the full SHA 5065b6fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 18c59dc - Browse repository at this point
Copy the full SHA 18c59dcView commit details -
Moving reencrypt code into gui-init
file selection code duplicated into gui-init
Configuration menu - View commit details
-
Copy full SHA for 3d0e929 - Browse repository at this point
Copy the full SHA 3d0e929View commit details -
Adding public keyword to the file list to be removed from rom prior t…
…o adding key and otrust output after GPG card key generation.
Configuration menu - View commit details
-
Copy full SHA for fffd515 - Browse repository at this point
Copy the full SHA fffd515View commit details -
reencrypt: Validate that partitions contain LUKS header through isLuk…
…s instead of luksDump.
Configuration menu - View commit details
-
Copy full SHA for c0b8ca6 - Browse repository at this point
Copy the full SHA c0b8ca6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 03fb857 - Browse repository at this point
Copy the full SHA 03fb857View commit details -
Configuration menu - View commit details
-
Copy full SHA for 54ad232 - Browse repository at this point
Copy the full SHA 54ad232View commit details -
/initrd/etc/functions: removal of cryptsetup-reencrypt
/initrd/bin/gui-init: -inclusion of cryptsetup-reencrypt code -WiP: Onboarding menu enforced by /boot/oem file being present --State of onboarding progress is appended in that file.
Configuration menu - View commit details
-
Copy full SHA for a79da5b - Browse repository at this point
Copy the full SHA a79da5bView commit details -
-tpm ownership added into ownership process -cryptsetup forced to change password on slot0. Learned my lesson: not specifying it makes cryptsetup writes the new password into slot 1, leaving slot 0 empty. As a result, the luksKillslot done by setting a new default wiped out the recovery password, making the Luks container without any key to unlock it.
Configuration menu - View commit details
-
Copy full SHA for 6b6cf5d - Browse repository at this point
Copy the full SHA 6b6cf5dView commit details -
Removing cryptsetup Whital yessno menu for a textbox. Was misleading to the user. We want the user to not have any choice but continue the onboarding process until it's done. TODO: move gpg2 code from /etc/functions to gui-init.
Configuration menu - View commit details
-
Copy full SHA for bbe8755 - Browse repository at this point
Copy the full SHA bbe8755View commit details -
O (ReOwnership menu) is called when /boot/oem file exists and file is…
… non empty. check_onboarding_progress inserts "onboarding" when it first checks checks that file. Afterward, the C (Continue Ownership) is triggered when the /boot/oem file is found unempty. check_onboarding_progress checks for status updates being inserted in /boot/oem and selects the proper menu until all unboarding is done. In successive stages, the user is invited to: Rencrypt LUKS container with a new key and Recovery passphrase Factory reset it's GPG card, own it, genrate keys and insert public and trusdb export into reflashed rom. TPM/HOTP reownership and sealing. (Might not be needed) New menus are provided: R: Reencrypt LUKS container and change it's password F: Factory reset GPG card
Configuration menu - View commit details
-
Copy full SHA for d90e297 - Browse repository at this point
Copy the full SHA d90e297View commit details -
Configuration menu - View commit details
-
Copy full SHA for 22b7e3d - Browse repository at this point
Copy the full SHA 22b7e3dView commit details -
Merge branch 'gpg2' into x230_FBWhiptail_GPG2_clean_LibremKey-empty_k…
…eyring_detection-reown_hardware
Configuration menu - View commit details
-
Copy full SHA for 5adb46b - Browse repository at this point
Copy the full SHA 5adb46bView commit details -
Configuration menu - View commit details
-
Copy full SHA for d523320 - Browse repository at this point
Copy the full SHA d523320View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9c9b301 - Browse repository at this point
Copy the full SHA 9c9b301View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3e72971 - Browse repository at this point
Copy the full SHA 3e72971View commit details
Commits on Jan 19, 2019
-
Configuration menu - View commit details
-
Copy full SHA for 54a45a1 - Browse repository at this point
Copy the full SHA 54a45a1View commit details -
lvm2: add support for thin volumes and snapshots, so that cryptsetup …
…can grow LUKS container if needed from recovery shell
Configuration menu - View commit details
-
Copy full SHA for 65cf0b3 - Browse repository at this point
Copy the full SHA 65cf0b3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 23cecdd - Browse repository at this point
Copy the full SHA 23cecddView commit details -
Merge branch 'x230_FBWhiptail_GPG2_clean_LibremKey-empty_keyring_dete…
…ction-reown_hardware' of github.com:tlaurion/heads into x230_FBWhiptail_GPG2_clean_LibremKey-empty_keyring_detection-reown_hardware
Configuration menu - View commit details
-
Copy full SHA for 0bb3214 - Browse repository at this point
Copy the full SHA 0bb3214View commit details -
Configuration menu - View commit details
-
Copy full SHA for 18806d3 - Browse repository at this point
Copy the full SHA 18806d3View commit details -
Add "Factory reset, own GPG card, generate and add key into running B…
…IOS" option when no GPG key is found into rom.
Configuration menu - View commit details
-
Copy full SHA for a34ebef - Browse repository at this point
Copy the full SHA a34ebefView commit details -
Configuration menu - View commit details
-
Copy full SHA for 70a19ce - Browse repository at this point
Copy the full SHA 70a19ceView commit details
Commits on Jan 24, 2019
-
Configuration menu - View commit details
-
Copy full SHA for ecb12c3 - Browse repository at this point
Copy the full SHA ecb12c3View commit details
Commits on Jan 26, 2019
-
For some reason, changing Whiptail height and width don't change a th…
…ing. Switching back to 30 90, which is used everywhere else.
Configuration menu - View commit details
-
Copy full SHA for 8927ca5 - Browse repository at this point
Copy the full SHA 8927ca5View commit details