Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impose Access Restriction to the Recovery Shell #361

Closed
wants to merge 2 commits into from
Closed

Impose Access Restriction to the Recovery Shell #361

wants to merge 2 commits into from

Conversation

persmule
Copy link
Contributor

@persmule persmule commented Mar 14, 2018
edited
Loading

With this commit, to use recovery shell, users should authencate
themselves by connecting their OpenPGP card to the machine, in order
to prove they hold the very same secret key used to sign the boot file
list used by Heads. If they fail to pass the authencation, the machine
will exit from init and go kernel panic.

This digital signature verification routine is grafted from another
commit of mine.

fix #356

@osresearch
Copy link
Collaborator

I like the idea of having this as an option, but not a requirement for dropping to the recovery shell.

We're starting to have enough CONFIG_FOO things that we should consider making a Kconfig menu...

@osresearch osresearch mentioned this pull request Mar 15, 2018
Merged
@persmule persmule force-pushed the rcv-auth branch 2 times, most recently from 2b10e49 to 3f1bed8 Compare March 19, 2018 09:38
@persmule
Copy link
Contributor Author

This time, the feature is controlled with an exported option
"CONFIG_RECOVERY_NEED_AUTH" in board files.

flammit
flammit suggested changes Mar 19, 2018
View reviewed changes
Impose Access Restriction to the Recovery Shell
8fc6d43 
With this commit, to use recovery shell, users should authencate
themselves by connecting their OpenPGP card to the machine, in order
to prove they hold the very same secret key used to sign the boot file
list used by Heads. If they fail to pass the authencation, the machine
will exit from init and go kernel panic.

This digital signature verification routine is grafted from another
commit of mine.

This time, the feature is controlled with an exported option
"CONFIG_RECOVERY_NEED_AUTH" in board files.
@flammit flammit mentioned this pull request Mar 31, 2018
Closed
@tlaurion tlaurion self-assigned this Apr 13, 2019
@tlaurion
Copy link
Collaborator

Todo: review die usage and probably create error and replace lots of them. Also review recovery usage by calling error instead, which should prompt user to hit enter to continue.

@tlaurion tlaurion mentioned this pull request Mar 9, 2020
Closed
@tlaurion tlaurion mentioned this pull request Nov 1, 2020
Closed
@tlaurion tlaurion mentioned this pull request Jan 11, 2021
Closed
@tlaurion tlaurion mentioned this pull request Jan 29, 2021
Closed
@tlaurion tlaurion mentioned this pull request Feb 9, 2021
Closed
tlaurion pushed a commit to tlaurion/heads that referenced this pull request Sep 7, 2021
@tlaurion
Impose Access Restriction to the Recovery Shell
35926ea 
With this commit, to use recovery shell, users should authencate
themselves by connecting their OpenPGP card to the machine, in order
to prove they hold the very same secret key used to sign the boot file
list used by Heads. If they fail to pass the authencation, the machine
will exit from init and go kernel panic.

This digital signature verification routine is grafted from another
commit of mine.

This time, the feature is controlled with an exported option
"CONFIG_RECOVERY_NEED_AUTH" in board files.

WiP adaptation of linuxboot#361
tlaurion pushed a commit to tlaurion/heads that referenced this pull request Sep 7, 2021
@tlaurion
Impose Access Restriction to the Recovery Shell
cb99803 
With this commit, to use recovery shell, users should authencate
themselves by connecting their OpenPGP card to the machine, in order
to prove they hold the very same secret key used to sign the boot file
list used by Heads. If they fail to pass the authencation, the machine
will exit from init and go kernel panic.

This digital signature verification routine is grafted from another
commit of mine.

This time, the feature is controlled with an exported option
"CONFIG_RECOVERY_NEED_AUTH" in board files.

WiP adaptation of linuxboot#361
x230-hotp-maximized board modified to take advantage of it
@tlaurion tlaurion mentioned this pull request Sep 10, 2021
Closed
@tlaurion
Copy link
Collaborator

@persmule the problem here is if the public key has expired, the user would be locked out of the recovery shell.
Discussion: #881 (comment)

@tlaurion
Copy link
Collaborator

tlaurion commented Dec 7, 2021

@persmule interesting enough, this is a plus for non fsp enabled boards. All sandy/ivy bridge can take advantage of this. Thanks a lot and looking forward to push that in with coreboot 4.15 version bump.

@tlaurion
Copy link
Collaborator

Merged as part of #1515.

@tlaurion tlaurion closed this Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flammit flammit flammit requested changes

Assignees

@tlaurion tlaurion

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Impose Access Restriction to the Recovery Shell
4 participants
@persmule @osresearch @tlaurion @flammit