WiP: Fix TPM DUK retries/vocabilary (again) and CapsLock warning #1592
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Move function on top of file, first pass to replace strings with array and deal with arrays only. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
… for both LUKSv1 and LUKSv2 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…+passphrase, justifying choosing N in most cases. Display key_devices for confirmation as well. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…uggested_devices. Otherwise presented order is /dev/sdb1 /dev/sda2 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
…(pipefail prevented retries) + cleanup. Apply workaround stating that capslock might be on, TPM might be in locked state: poweroff/poweron to retry cleanly. Output pcrs only in debug mode, otherwise disclosing unauthenticated final PCRs values to possible attacker. Should be available from authenticated Recovery console and from Debug only. Unify LUKS/TPM Disk Unlock Key output to end user for clarity Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
force-pushed
the
fix_tpm_duk_retry_and_workflow
branch
2 times, most recently
from
da42675
to
2b255dd
Compare
…xt output to usb thumb drive Really handy btw. Would be nice to add that into sysrq magic to output to usb thumb drive and have ctrl-alt-delete output dmesg to external storage when in debug mode. Would work also for headless debug when porting TODO: squash allrelated commits together. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
force-pushed
the
fix_tpm_duk_retry_and_workflow
branch
from
2b255dd
to
e33af25
Compare
|
This contains WiP where #1595 will be more consensual for now. Leaving this one as draft and will rework when I have a fix for Capslock |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses partly #1588 until proper CapsLock detection code is created.
TODO:
Putting as draft upon creation.
@UndeadDevel : comments can be added either in issue or here if you have code comments(here) or other requirements(in issue).