1. 23 Jun, 2021 4 commits
    • Matt Devillier's avatar
      init: remove duplicate MOTD · b8053bc0
      Matt Devillier authored
      on Librem devices, tty0 and stdout are same device, resulting in
      the MOTD being printed to screen twice
      b8053bc0
    • Matt Devillier's avatar
      gui-init/seal-libremkey: reduce friction when generating new secret · 6351e957
      Matt Devillier authored
      
      
      Reduce friction when generating a new TOTP/HOTP secret by eliminating
      an unnecessary 'press enter to continue' prompt following QR code
      generation, and by attempting to use the default admin PIN set by
      the OEM factory reset function. Fall back to prompting the user
      if the default PIN fails.
      
      Also, ensure error messages are visible to users before being returned
      back to the GUI menu from which they came by wrapping existing calls to die()
      Signed-off-by: Matt Devillier's avatarMatt DeVillier <matt.devillier@puri.sm>
      6351e957
    • Matt Devillier's avatar
      gui-init: improve flow for non-TPM case · e6f7615c
      Matt Devillier authored
      prompt user to generate a new TOTP/HOTP secret upon
      mismatch, to avoid unnecessary failure after flashing
      and updated ROM.
      
      skip calling seal-totp since there's nothing to do in the
      non-TPM case other than an unnecessary firmware read
      e6f7615c
    • Kyle Rankin's avatar
      Use the Librem Key as a TPM work-alike in the absence of a TPM · 1f739942
      Kyle Rankin authored and Matt Devillier's avatar Matt Devillier committed
      
      
      On machines without a TPM, we'd still like some way for the BIOS to
      attest that it has not been modified. With a Librem Key, we can have the
      BIOS use its own ROM measurement converted to a SHA256sum and truncated
      so it fits within an HOTP secret. Like with a TPM, a malicious BIOS with
      access to the correct measurements can send pre-known good measurements
      to the Librem Key.
      
      This approach provides one big drawback in that we have to truncate the
      SHA256sum to 20 characters so that it fits within the limitations of
      HOTP secrets. This means the possibility of collisions is much higher
      but again, an attacker could also capture and spoof an existing ROM's
      measurements if they have prior access to it, either with this approach
      or with a TPM.
      Signed-off-by: Kyle Rankin's avatarKyle Rankin <kyle.rankin@puri.sm>
      1f739942
  2. 09 May, 2021 2 commits
  3. 27 Apr, 2021 2 commits
  4. 15 Mar, 2021 2 commits
  5. 24 Feb, 2021 1 commit
    • Thomas Clarke's avatar
      CircleCI: Overhaul with parallelisation and parameters for a cleaner config. · eb290564
      Thomas Clarke authored
      * Bump CircleCI config version to 2.1.
      * Use commands and parameters to get rid of repeated commands. New boards can be added with just 5 lines at the bottom of the config.
      * Made use of some parallelisation. Currently a single board from each Coreboot version is built. Afterwards all remaining boards are built in parallel.
      eb290564
  6. 05 Feb, 2021 2 commits
  7. 04 Feb, 2021 2 commits
  8. 03 Feb, 2021 4 commits
  9. 02 Feb, 2021 1 commit
  10. 30 Jan, 2021 1 commit
  11. 23 Jan, 2021 1 commit
  12. 17 Jan, 2021 1 commit
  13. 13 Jan, 2021 2 commits
  14. 07 Jan, 2021 4 commits
  15. 06 Jan, 2021 1 commit
  16. 05 Jan, 2021 2 commits
  17. 04 Jan, 2021 5 commits
  18. 03 Jan, 2021 1 commit
  19. 31 Dec, 2020 2 commits