Skip to content

Set forcesig if "not forced" after reset #1305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tlaurion merged 1 commit into from
Feb 21, 2023
Merged

Set forcesig if "not forced" after reset #1305

tlaurion merged 1 commit into from
Feb 21, 2023

Conversation

@lethedata
Copy link

@lethedata lethedata commented Feb 2, 2023
edited by tlaurion
Loading

Fixes #1076 and closes heads-wiki#102

Code is from linuxboot/heads-wiki#102 (comment) but instead of making a function and call, it's incorporated into the gpg_key_reset function after the Nitrokey AES key reset.

To-Do:

  • Compile
  • Flash
  • Verify oem-factory-reset
    • Yubikey
    • Nitrokey (Don't have the hardware to verify)

@tlaurion
Copy link
Collaborator

tlaurion commented Feb 15, 2023

Will test as part of next test runs on top of #1312

@tlaurion
Copy link
Collaborator

tlaurion commented Feb 15, 2023

No regression on my side. LGTM.
@JonathonHall-Purism ?

tlaurion added a commit to tlaurion/heads that referenced this pull request Feb 19, 2023
@tlaurion
Daily driver test fo x230-hotp-maximized on coreboot 4.19, with debug…
5605b76 
…, yubikey test regression for oem-factory-reset, optimized for space (03-O2->Os) and fix for sh: argument expected, with local CONFIG_DEBUG_OUTPUT enabled and fused in ROM.

Includes linuxboot#1317, linuxboot#1121, linuxboot#1312, linuxboot#1305 for test on daily driver
tlaurion added a commit to tlaurion/heads that referenced this pull request Feb 19, 2023
@tlaurion
Merge branch 'dasharo_flashrom_test' into O3-O2-to-Os_coreboot-4.19-f…
16de2e2 
…ix-sh_argument_expected-yubikey-oem-factory-reset_dasharo-flashrom

Daily driver test fo x230-hotp-maximized on coreboot 4.19, with debug, yubikey test regression for oem-factory-reset, optimized for space (03-O2->Os) and fix for sh: argument expected, with local CONFIG_DEBUG_OUTPUT enabled and fused in ROM.
    Includes linuxboot#1317, linuxboot#1121, linuxboot#1312, linuxboot#1305, linuxboot#1251 for test on daily driver
tlaurion referenced this pull request in tlaurion/heads Feb 19, 2023
@tlaurion
Merge branch 'dasharo_flashrom_test' into O3-O2-to-Os_coreboot-4.19-f…
367675b 
…ix-sh_argument_expected-yubikey-oem-factory-reset_dasharo-flashrom

Daily driver test fo x230-hotp-maximized on coreboot 4.19, with debug, yubikey test regression for oem-factory-reset, optimized for space (03-O2->Os) and fix for sh: argument expected, with local CONFIG_DEBUG_OUTPUT enabled and fused in ROM.
    Includes osresearch#1317, osresearch#1121, osresearch#1312, osresearch#1305, osresearch#1251 for test on daily driver
@JonathonHall-Purism
Copy link
Collaborator

JonathonHall-Purism commented Feb 21, 2023

Agree, this change makes sense. OEM reset is intended to restore defaults and sign, and "forced" is the default as far as I can tell, at least for the keys I have.

Let's merge it 👍

@tlaurion tlaurion merged commit 5c7148f into linuxboot:master Feb 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Provisioning Yubikey 5 Nano for Heads configuration oem-factory-reset fails to generate PGP keys with some Yubikeys

3 participants

@lethedata @tlaurion @JonathonHall-Purism