Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add secure thumb drive creation premisses #1446

Merged
merged 3 commits into from
Aug 28, 2023
Merged

Add secure thumb drive creation premisses #1446

merged 3 commits into from
Aug 28, 2023

Commits on Aug 28, 2023

  1. Add external/usb disk encryption (adds exfatprogs and e2fsprogs) 

    prepare_thumb_drive: default to creating 10% LUKS container on usb drive, prompts for passphrase is not provided and scan drives if no --device specified

NOTE: qemu usb_thumb drive of 128 mb are not big enough so that 10% of it (12mb) can be used to create thumb drive.

Adds:
- e2fsprogs to support ext4 filesystem creation through mke2fs
- add /etc/mke2fs.conf so that mke2fs knows how to handle ext2/ext3/ext4
- removes mke2fs support from busybox
- bump busybox to latest version which adds cpu accelerated hash functions (not needed per se here)
- Adds exfatprogs to have mkfs.exfat and fsck.exfat
- Adds prepare_thumb_drive /etc/luks-functions to be able to prepare a thumb drive with percentage of drive assigned to LUKS, rest to exfat
- Modify most board configs to test space requirements failing
- Talos2 linux config: add staging Exfat support
- Make e2fsprogs and exfatprogs included by default unless explicitely deactivate in board configs
- Change cryptsetup calls : luksOpen to open and luksClose to close to addresss review
- etc/luks_functions: cleanup

GOAL here is to have secure thumb drive creation which Heads will be able to use to backup/restore/use generated GPG key material in the future (next PR)
    @tlaurion
    tlaurion committed Aug 28, 2023
    Configuration menu
    Copy the full SHA
    f6eed42 View commit details
    Browse the repository at this point in the history

  2. qemu boards: change default creation size of USB_FD_IMG from 128MB to… 

    … 256MB

Otherwise 10% of 128mb (12mb) is not enough to create a LUKS container
    @tlaurion
    tlaurion committed Aug 28, 2023
    Configuration menu
    Copy the full SHA
    106a9bf View commit details
    Browse the repository at this point in the history

  3. boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md was… 

    … invalid symlink
    @tlaurion
    tlaurion committed Aug 28, 2023
    Configuration menu
    Copy the full SHA
    d5aa0c8 View commit details
    Browse the repository at this point in the history