Impose Access Restriction to the Recovery Shell #361
Conversation
|
I like the idea of having this as an option, but not a requirement for dropping to the recovery shell. We're starting to have enough |
persmule
force-pushed
the
rcv-auth
branch
2 times, most recently
from
2b10e49
to
3f1bed8
Compare
|
This time, the feature is controlled with an exported option |
With this commit, to use recovery shell, users should authencate themselves by connecting their OpenPGP card to the machine, in order to prove they hold the very same secret key used to sign the boot file list used by Heads. If they fail to pass the authencation, the machine will exit from init and go kernel panic. This digital signature verification routine is grafted from another commit of mine. This time, the feature is controlled with an exported option "CONFIG_RECOVERY_NEED_AUTH" in board files.
|
Todo: review die usage and probably create error and replace lots of them. Also review recovery usage by calling error instead, which should prompt user to hit enter to continue. |
With this commit, to use recovery shell, users should authencate themselves by connecting their OpenPGP card to the machine, in order to prove they hold the very same secret key used to sign the boot file list used by Heads. If they fail to pass the authencation, the machine will exit from init and go kernel panic. This digital signature verification routine is grafted from another commit of mine. This time, the feature is controlled with an exported option "CONFIG_RECOVERY_NEED_AUTH" in board files. WiP adaptation of linuxboot#361
With this commit, to use recovery shell, users should authencate themselves by connecting their OpenPGP card to the machine, in order to prove they hold the very same secret key used to sign the boot file list used by Heads. If they fail to pass the authencation, the machine will exit from init and go kernel panic. This digital signature verification routine is grafted from another commit of mine. This time, the feature is controlled with an exported option "CONFIG_RECOVERY_NEED_AUTH" in board files. WiP adaptation of linuxboot#361 x230-hotp-maximized board modified to take advantage of it
|
@persmule the problem here is if the public key has expired, the user would be locked out of the recovery shell. |
|
@persmule interesting enough, this is a plus for non fsp enabled boards. All sandy/ivy bridge can take advantage of this. Thanks a lot and looking forward to push that in with coreboot 4.15 version bump. |
|
Merged as part of #1515. |
With this commit, to use recovery shell, users should authencate
themselves by connecting their OpenPGP card to the machine, in order
to prove they hold the very same secret key used to sign the boot file
list used by Heads. If they fail to pass the authencation, the machine
will exit from init and go kernel panic.
This digital signature verification routine is grafted from another
commit of mine.
fix #356