1. 23 Jun, 2021 2 commits
    • Matt Devillier's avatar
      etc/functions: Filter boot device options with '/dev/' · 03e10d75
      Matt Devillier authored
      Grepping on just 'Disk' can lead to disk UUID identifier strings
      being added to /tmp/disklist, which then fail to parse later on.
      Avoid this by grepping on 'Disk /dev' instead.
      Signed-off-by: Matt Devillier's avatarMatt DeVillier <matt.devillier@puri.sm>
    • Kyle Rankin's avatar
      Use the Librem Key as a TPM work-alike in the absence of a TPM · 1f739942
      Kyle Rankin authored and Matt Devillier's avatar Matt Devillier committed
      On machines without a TPM, we'd still like some way for the BIOS to
      attest that it has not been modified. With a Librem Key, we can have the
      BIOS use its own ROM measurement converted to a SHA256sum and truncated
      so it fits within an HOTP secret. Like with a TPM, a malicious BIOS with
      access to the correct measurements can send pre-known good measurements
      to the Librem Key.
      This approach provides one big drawback in that we have to truncate the
      SHA256sum to 20 characters so that it fits within the limitations of
      HOTP secrets. This means the possibility of collisions is much higher
      but again, an attacker could also capture and spoof an existing ROM's
      measurements if they have prior access to it, either with this approach
      or with a TPM.
      Signed-off-by: Kyle Rankin's avatarKyle Rankin <kyle.rankin@puri.sm>
  2. 18 Oct, 2020 1 commit
  3. 15 Oct, 2020 1 commit
    • alex-nitrokey's avatar
      Change hash files only if gpg card is present · 7baeebe9
      alex-nitrokey authored
      Update_checksum was already changing files in /boot, befor checking for
      gpg card. If no card is present, the user will end up in the recovery
      next time instead of getting the same dialog again. Therefore, the
      confirm_gpg_card should be checked before altering files.
      The dead -u flag/$update_counter is used to mark the necessisty to
      update the hash files now.
  4. 16 Sep, 2020 1 commit
  5. 03 Aug, 2020 1 commit
  6. 13 Jul, 2020 1 commit
    • Matt Devillier's avatar
      Encapsulate changes to working directory inside subshells · c2c45dae
      Matt Devillier authored
      For the handful of operations which need to be done with /boot
      as the pwd, encapsulate them in subshells to ensure the pwd
      doesn't unexpectedly change for other operations, as functions
      which need to mount/unmount /boot may fail if the pwd isn't root.
      Also, set the pwd to root at the start of detect_boot_device as an
      added safety measure.
      Test: run oem-factory-reset function, ensure it doesn't fail to
      detect boot device due to incorrect working directory.
      Signed-off-by: Matt Devillier's avatarMatt DeVillier <matt.devillier@puri.sm>
  7. 18 Nov, 2019 2 commits
  8. 21 Aug, 2019 1 commit
  9. 05 Aug, 2019 1 commit
  10. 12 Jul, 2019 1 commit
  11. 24 Feb, 2019 2 commits
  12. 08 Feb, 2019 1 commit
  13. 07 Dec, 2018 3 commits
  14. 06 Dec, 2018 2 commits
    • Kyle Rankin's avatar
      Just load usb-storage module, not mount, bugfix in replace_config · dd3f650b
      Kyle Rankin authored
      We need to handle the case where the specific config file doesn't exist,
      or else grep fails, so we touch the file ahead of time. Mounting the usb
      storage caused problems when you re-enter the menu a second time, so we
      will just load the storage module.
    • Kyle Rankin's avatar
      Use global /tmp/config that combines multiple config files · 3eb62eed
      Kyle Rankin authored
      As part of the config gui we want to be able to have the system define
      new config options without them being lost if the user makes their own
      changes in CBFS. To allow that this change creates a function initiated
      in init that combines all /etc/config* files into /tmp/config. All
      existing scripts have been changed to source /tmp/config instead of
      /etc/config. The config-gui.sh script now uses /etc/config.user to hold
      user configuration options but the combine_configs function will allow
      that to expand as others want to split configuration out further.
      As it stands here are the current config files:
      /etc/config -- Compiled-in configuration options
      /etc/config.user -- User preferences that override /etc/config
      /tmp/config -- Running config referenced by the BIOS, combination
                     of existing configs
  15. 19 Jun, 2018 1 commit
    • Kyle Rankin's avatar
      Add Librem Key support to Heads · 31cf85b7
      Kyle Rankin authored
      The Librem Key is a custom device USB-based security token Nitrokey is
      producing for Purism and among other things it has custom firmware
      created for use with Heads. In particular, when a board is configured
      with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
      sealed TOTP secret to also send an HOTP authentication to the Librem
      Key. If the HOTP code is successful, the Librem Key will blink a green
      LED, if unsuccessful it will blink red, thereby informing the user that
      Heads has been tampered with without requiring them to use a phone to
      validate the TOTP secret.
      Heads will still use and show the TOTP secret, in case the user wants to
      validate both codes (in case the Librem Key was lost or is no longer
      trusted). It will also show the result of the HOTP verification (but not
      the code itself), even though the user should trust only what the Librem
      Key displays, so the user can confirm that both the device and Heads are
      in sync. If HOTP is enabled, Heads will maintain a new TPM counter
      separate from the Heads TPM counter that will increment each time HOTP
      codes are checked.
      This change also modifies the routines that update TOTP so that if
      the Librem Key executables are present it will also update HOTP codes
      and synchronize them with a Librem Key.
  16. 09 May, 2018 2 commits
    • Kyle Rankin's avatar
      Fix tabbing · fc72daa6
      Kyle Rankin authored
    • Kyle Rankin's avatar
      Make TPM counter label a variable · ec2d7dfc
      Kyle Rankin authored
      Currently the TPM counter label is hard-coded. By changing it to a
      variable in this function we can reuse all of the TPM counter functions
      to create other monotonic counters in the TPM (if the hardware supports
      it) with custom labels.
  17. 22 Apr, 2018 1 commit
  18. 20 Apr, 2018 1 commit
  19. 10 Apr, 2018 1 commit
  20. 14 Mar, 2018 2 commits
  21. 10 Mar, 2018 1 commit
  22. 25 Feb, 2018 1 commit
    • Francis Lam's avatar
      Cleanup of init to support server and desktop · e9312e19
      Francis Lam authored
      Guarded linuxboot specific init entries
      Removed Makefile entries into separate file (conflicts with srcing /etc/config)
      Added CONFIG_BOOT_LOCAL/_REMOTE to control interface setup
      Fixed CONFIG_TPM usage
  23. 24 Feb, 2018 1 commit
  24. 15 Feb, 2018 2 commits
    • persmule's avatar
      Add OHCI and UHCI drivers to initrd. · baa30a20
      persmule authored
      USB smart card readers are most full speed devices, and there is no
      "rate-matching hubs" beneath the root hub on older (e.g. GM45) plat-
      forms, which has companion OHCI or UHCI controllers and needs cor-
      responding drivers to communicate with card readers directly plugged
      into the motherboard, otherwise a discrete USB hub should be inserted
      between the motherboard and the reader.
      This time I make inserting linux modules for OHCI and UHCI controllable
      A linux config for x200 is added as an example.
      Tested on my x200s and elitebook revolve 810g1.
    • persmule's avatar
      Make TPM dependency optional and controlled by flag CONFIG_TPM · 9bf131b6
      persmule authored
      if "CONFIG_TPM=y" is not present in the config file, functionalities
      needing TPM could be disabled, while leaving other functionalities intact.
      This will make Heads a more general-usage bootloader payload atop coreboot.
  25. 02 Sep, 2017 1 commit
  26. 18 Jul, 2017 1 commit
  27. 08 Jul, 2017 1 commit
    • Francis Lam's avatar
      Added rollback protection to generic boot · d67360a2
      Francis Lam authored
      Changed the checking of required hashes or required rollback state
      to be right before boot, allowing the user to sign/set defaults
      in interactive mode.
      Also cleaned up usages of recovery and fixed iso parameter
  28. 04 Jul, 2017 1 commit
    • Francis Lam's avatar
      Added the ability to persist a default boot option · 8004b5df
      Francis Lam authored
      Similar to qubes-update, it will save then verify the hashes of
      the kexec files. Once TOTP is verified, a normal boot will verify
      that the file hashes and all the kexec params match and if
      successful, boot directly to OS.
      Also added a config option to require hash verification for
      non-recovery boots, failing to recovery not met.
  29. 29 Apr, 2017 1 commit
    • Francis Lam's avatar
      adds a USB boot option with basic parsing to kexec · efd662c6
      Francis Lam authored
      Supports booting from USB media using either the root device or
      a signed ISO as the boot device.  Boot options are parsed with
      quick/dirty shell scripts to infer kexec params.
      Closes #195 and begins to address #196
  30. 12 Apr, 2017 1 commit