OEM reownership required changes for QubesOS certification of the X230

.gitlab-ci.yml

@@ -0,0 +1,25 @@
+image: insurgotech/fedora-29_heads-ci
+
+stages:
+  - build
+
+build:
+  stage: build
+  cache:
+    paths:
+      - ./
+  cache:
+    untracked: true
+    paths:
+      - ./git
+  script:
+    - make BOARD=x230-flash
+    - make BOARD=x230
+    - echo "x230-flash hashes:"
+    - cat ./build/x230-flash/hashes.txt
+    - echo "x230 hashes:"
+    - cat ./build/x230/hashes.txt
+  artifacts:
+    paths:
+      - ./build/x230-flash/x230-flash.rom
+      - ./build/x230/coreboot.rom

boards/x230/x230.config

@@ -17,8 +17,11 @@ CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
 CONFIG_DROPBEAR=y
 
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
+CONFIG_LIBREMKEY=y
 
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y
@@ -28,7 +31,7 @@ export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
-export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230 Heads Boot Menu"
 export CONFIG_USB_BOOT_DEV="/dev/sdb1"

config/coreboot-x230.config

@@ -19,6 +19,6 @@ CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/x230/bzImage"
 CONFIG_PAYLOAD_OPTIONS=""
 # CONFIG_PXE is not set
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3"
 CONFIG_LINUX_INITRD="../../build/x230/initrd.cpio.xz"
 CONFIG_DEBUG_SMM_RELOCATION=y

config/linux-x230.config

@@ -56,7 +56,6 @@ CONFIG_KEXEC_FILE=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
 # CONFIG_MODIFY_LDT_SYSCALL is not set
 # CONFIG_SUSPEND is not set
-CONFIG_ACPI_VIDEO=y
 CONFIG_PCI_MSI=y
 # CONFIG_HT_IRQ is not set
 CONFIG_PCI_IOV=y
@@ -184,9 +183,7 @@ CONFIG_MFD_SYSCON=y
 CONFIG_DRM=y
 CONFIG_DRM_I915=y
 CONFIG_FB_VESA=y
-CONFIG_BACKLIGHT_LCD_SUPPORT=y
 # CONFIG_LCD_CLASS_DEVICE is not set
-CONFIG_BACKLIGHT_CLASS_DEVICE=y
 # CONFIG_BACKLIGHT_GENERIC is not set
 CONFIG_FRAMEBUFFER_CONSOLE=y
 CONFIG_USB=y
@@ -218,7 +215,6 @@ CONFIG_MSDOS_FS=y
 CONFIG_VFAT_FS=y
 # CONFIG_PROC_SYSCTL is not set
 # CONFIG_PROC_PAGE_MONITOR is not set
-CONFIG_TMPFS=y
 # CONFIG_MISC_FILESYSTEMS is not set
 CONFIG_NLS_DEFAULT="utf8"
 CONFIG_NLS_CODEPAGE_437=y

initrd/.ash_history

@@ -1,17 +1,22 @@
-#remove invalid kexec_* signed files
-mount /dev/sda1 /boot && mount -o remount,rw /boot && rm /boot/kexec* && mount -o remount,ro /boot
+#To activate OEM reownership wizard, under Heads recovery console, do:
+mount /boot
+mount -o remount,rw /boot && echo "oem_name=COMPANY NAME" > /boot/oem && mount -o remount,ro /boot && reboot
+#remove invalid kexec.sig signed checksum file
+mount /dev/sda1 /boot && mount -o remount,rw /boot && rm /boot/kexec.sig && mount -o remount,ro /boot
 #Generate keys from GPG smartcard: 
-mount-usb && gpg --home=/.gnupg/ --card-edit
+usb-init && gpg --home=/.gnupg/ --card-edit
 #Copy generated public key, private_subkey, trustdb and artifacts to external media for backup: 
-mount -o remount,rw /media && mkdir -p /media/gpg_keys; gpg --export-secret-keys --armor email@address.com > /media/gpg_keys/private.key && gpg --export --armor email@address.com  > /media/gpg_keys/public.key && gpg --export-ownertrust > /media/gpg_keys/otrust.txt && cp -r ./.gnupg/* /media/gpg_keys/ 2> /dev/null
+mount -o remount,rw /media && mkdir -p /media/gpg_keys; gpg --export-secret-keys --armor email@address.com > /media/gpg_keys/private.key && gpg --export --armor email@address.com  > /media/gpg_keys/public.key && cp -r ./.gnupg/* /media/gpg_keys/ 2> /dev/null
 #Insert public key and trustdb export into reproducible rom:
-cbfs -o /media/coreboot.rom -a "heads/initrd/.gnupg/keys/public.key" -f /media/gpg_keys/public.key && cbfs -o /media/coreboot.rom -a "heads/initrd/.gnupg/keys/otrust.txt" -f /media/gpg_keys/otrust.txt
+cbfs -o /media/coreboot.rom -a "heads/initrd/.gnupg/keys/public.key" -f /media/gpg_keys/public.key
 #Flush changes to external media: 
 mount -o,remount ro /media
 #Flash modified reproducible rom with inserted public key and trustdb export from precedent step. Flushes actual rom's keys (-c: clean):
 flash.sh -c /media/coreboot.rom
 #Attest integrity of firmware as it is
 seal-totp
+#Sign a manually verified ISO with your GPG key so you can boot it from Heads
+mount-usb && gpg --card-status && gpg --detach-sig /media/some.iso
 #Verify Intel ME state:
 cbmem --console | grep '^ME'
 cbmem --console | less

initrd/bin/factory-reset-nitrokey-libremkey.sh

@@ -0,0 +1,232 @@
+#!/bin/sh
+#
+set -e -o pipefail
+. /etc/functions
+. /tmp/config
+
+mount_usb(){
+# Mount the USB boot device
+  if ! grep -q /media /proc/mounts ; then
+    mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1
+    if [ $USB_FAILED -ne 0 ]; then
+      if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then
+        whiptail --title 'USB Drive Missing' \
+          --msgbox "Insert your USB drive and press Enter to continue." 16 60 USB_FAILED=0
+        mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1
+      fi
+      if [ $USB_FAILED -ne 0 ]; then
+        whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \
+          --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60
+      fi
+    fi
+  fi
+}
+
+if (whiptail $CONFIG_WARNING_BG_COLOR --clear --title 'Factory Reset and reownership of GPG card' \
+  --yesno "You are about to factory reset your GPG card!\n\nThis will:\n 1-Wipe all PRIVATE keys that were previously kept inside GPG card\n 2-Set default key size to 4096 bits (maximum)\n 3-Ask you to choose two passwords to interact with the card:\n  3.1: An administrative passphrase used to manage the card\n  3.2: A user passphrase (PIN) used everytime you sign\n   encrypt/decrypt content\n4-Generate new Encryption, Signing and Authentication keys\n  inside your GPG card\n5-Export associated public key, replace the one being\n  present and trusted inside running BIOS, and reflash\n  the SPI flash with resulting rom image.\n\nAs a result, the running BIOS will be modified. Would you like to continue?" 30 90) then
+
+  whiptail $CONFIG_WARNING_BG_COLOR --clear --title 'WARNING: Please Insert A USB Disk' --msgbox \
+  "Please insert a USB disk on which you want to store your GPG public key\n and trustdb.\n\nThose will be backuped under the 'gpg_keys' directory.\n\nHit Enter to continue." 30 90
+
+  mount_usb || die "Unable to mount USB device."
+  #Copy generated public key, private_subkey, trustdb and artifacts to external media for backup:
+  mount -o remount,rw /media || die "Unable to remount /media into Read Write mode. Is the device write protected?"
+
+  #TODO: Circumvent permission bug with mkdir and chmod permitting to use gpg --home=/media/gpg_keys directly. 
+  #Cannot create a new gpg homedir with right permissions nor chmod 700 that directory.
+  #Meanwhile, we reuse /.gnupg by temporarely deleting it's existing content.
+  rm -rf .gnupg/* 2> /dev/null || true 2> /dev/null
+  killall gpg-agent gpg scdaemon 2> /dev/null || true 2> /dev/null
+
+  if [ -z "$oem_gpg_Admin_PIN" ] || [ -z "$oem_gpg_User_PIN" ]; then
+    #Setting new passwords
+    gpgcard_user_pass1=1
+    gpgcard_user_pass2=2
+    gpgcard_admin_pass1=3
+    gpgcard_admin_pass2=4
+  else
+    gpgcard_user_pass1=$(echo -n "$oem_gpg_User_PIN")
+    gpgcard_user_pass2=$(echo -n "$oem_gpg_User_PIN")
+    gpgcard_admin_pass1=$(echo -n "$oem_gpg_Admin_PIN")
+    gpgcard_admin_pass2=$(echo -n "$oem_gpg_Admin_PIN")
+  fi
+
+  while [[ "$gpgcard_user_pass1" != "$gpgcard_user_pass2" ]] || [[ ${#gpgcard_user_pass1} -lt 6 || ${#gpgcard_user_pass1} -gt 20 ]];do
+  {
+    echo -e "\nChoose your new GPG card user password (PIN) that will be typed when using GPG smartcard (Sign files, encrypt emails and files).\nIt needs to be a least 6 but not more then 20 characters:"
+    read -s gpgcard_user_pass1
+    echo -e "\nRetype user passphrase:"
+    read -s gpgcard_user_pass2
+    if [[ "$gpgcard_user_pass1" != "$gpgcard_user_pass2" ]]; then echo "Passwords typed were different."; fi
+  };done
+  gpgcard_user_pass=$gpgcard_user_pass1
+
+  while [[ "$gpgcard_admin_pass1" != "$gpgcard_admin_pass2" ]] || [[ ${#gpgcard_admin_pass1} -lt 8 || ${#gpgcard_admin_pass1} -gt 20 ]] || [ "$gpgcard_admin_pass1" != "${gpgcard_admin_pass1% *}" ]; do
+  {
+    echo -e "\nChoose your new GPG card admin password that will be typed when managing GPG smartcard (HOTP sealing, managing key, etc).\nIt needs to be a least 8 but not more then 20 characters WHILE NOT CONTAINING SPACES:"
+    read -s gpgcard_admin_pass1
+    echo -e "\nRetype admin password:"
+    read -s gpgcard_admin_pass2
+
+    if [[ "$gpgcard_admin_pass1" != "$gpgcard_admin_pass2" ]] || [ "$gpgcard_admin_pass1" != "${gpgcard_admin_pass1% *}" ]; then echo "Passwords typed were different or contained spaces."; fi
+  };done
+  gpgcard_admin_pass=$gpgcard_admin_pass1
+
+  echo -e "\n\n"
+  echo -e "We will generate a GnuPG (GPG) keypair identifiable with the following text form:"
+  echo -e "Real Name (Comment) email@address.org"
+
+  gpgcard_real_name=$(echo -n "$oem_gpg_real_name")
+  while [[ ${#gpgcard_real_name} -lt 5 ]]; do
+  {
+    echo -e "\nEnter your Real Name (At least 5 characters long):"
+    read -r gpgcard_real_name
+  };done
+
+  gpgcard_email_address=$(echo -n "$oem_gpg_email")
+  while ! $(expr "$gpgcard_email_address" : '.*@' >/dev/null); do
+  {
+    echo -e "\nEnter your email@adress.org:"
+    read -r gpgcard_email_address
+  };done
+
+  gpgcard_comment=$(echo -n "$oem_gpg_comment")
+  while [[ ${#gpgcard_comment} -gt 60 ]] || [[ -z "$gpgcard_comment" ]]; do
+  {
+    echo -e "\nEnter Comment (To distinguish this key from others with same previous attributes. Must be smaller then 60 characters):"
+    read -r gpgcard_comment
+  };done
+
+  #Copy generated public key, private_subkey, trustdb and artifacts to external media for backup:
+  mount -o remount,rw /media || die "Unable to remount /media into Read Write mode. Is the device write protected?" 
+
+  #backup existing /media/gpg_keys directory
+  if [ -d /media/gpg_keys ];then
+    newdir="/media/gpg_keys-$(date '+%Y-%m-%d-%H_%M_%S')"
+    echo "Backing up /media/gpg_keys into $newdir"
+    mv /media/gpg_keys "$newdir" || die "Moving old gpg_keys directory into $newdir failed."
+  fi
+
+  mkdir -p /media/gpg_keys
+
+  #Generate Encryption, Signing and Authentication keys
+  whiptail --clear --title 'GPG card key generation' --msgbox \
+  "BE PATIENT! Generating 4096 bits Encryption, Signing and Authentication\n keys take around 5 minutes each! Be prepared to patient around 15 minutes!\n\nHit Enter to continue" 30 90
+
+  confirm_gpg_card
+
+  #Factory reset GPG card
+  {
+    echo admin
+    echo factory-reset
+    echo y
+    echo yes
+  } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit --home=/.gnupg/ || die "Factory resetting the GPG card failed."
+
+  #Setting new admin and user passwords in GPG card
+  {
+    echo admin
+    echo passwd
+    echo 1
+    echo 123456 #Default user password after factory reset of card
+    echo "$gpgcard_user_pass"
+    echo "$gpgcard_user_pass"
+    echo 3
+    echo 12345678 #Default administrator password after factory reset of card
+    echo "$gpgcard_admin_pass"
+    echo "$gpgcard_admin_pass"
+    echo Q
+  } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit --home=/.gnupg/ || die "Setting new admin and user PINs in GPG card failed."
+
+  #Set GPG card key attributes key sizes to 4096 bits
+  {
+    echo admin
+    echo key-attr
+    echo 1 # RSA
+    echo 4096 #Signing key size set to maximum supported by SmartCard
+    echo "$gpgcard_admin_pass"
+    echo 1 # RSA
+    echo 4096 #Encryption key size set to maximum supported by SmartCard
+    echo "$gpgcard_admin_pass"
+    echo 1 # RSA
+    echo 4096 #Authentication key size set to maximum supported by SmartCard
+    echo "$gpgcard_admin_pass"
+  } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit --home=/.gnupg/ || die "Setting key attributed to RSA 4096 bits in GPG card failed."
+
+  {
+    echo admin
+    echo generate
+    echo n
+    echo "$gpgcard_admin_pass"
+    echo "$gpgcard_user_pass"
+    echo 1y
+    echo "$gpgcard_real_name"
+    echo "$gpgcard_email_address"
+    echo "$gpgcard_comment"
+  } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit --home=/.gnupg/ || die "Setting real name, e-mail address and comment in GPG failed."
+
+  #Export and inject public key and trustdb export into extracted rom with current user keys being wiped
+  rom=/tmp/gpg-gui.rom
+  #remove invalid signsignature file
+  mount -o remount,rw /boot
+  rm -f /boot/kexec.sig
+  mount -o remount,ro /boot
+
+  gpg --home=/.gnupg/ --export --armor "$gpgcard_email_address"  > /media/gpg_keys/public.key || die "Exporting public key to /media/gpg_keys/public.key failed."
+  cp -rf /.gnupg/openpgp-revocs.d/* /media/gpg_keys/ 2> /dev/null || die "Copying revocation certificated into /media/gpg_keys/ failed."
+  cp -rf /.gnupg/private-keys-v1.d/* /media/gpg_keys/ 2> /dev/null || die "Copying secring exported keys to /media/gpg_keys/ failed." 
+  cp -rf /.gnupg/pubring.* /.gnupg/trustdb.gpg /media/gpg_keys/ 2> /dev/null || die "Copying public keyring into /media/gpg_keys/ failed."
+
+  #Flush changes to external media
+  mount -o remount,ro /media
+
+  #Read rom
+  /bin/flash.sh -r $rom || die "Flashing back $rom including your newly genereated and exported public key failed."
+
+  #delete previously injected public.key
+  if (cbfs -o $rom -l | grep -q "heads/initrd/.gnupg/keys/public.key"); then
+    cbfs -o $rom -d "heads/initrd/.gnupg/keys/public.key" || die "Deleting old public key from running rom backup failed."
+  fi
+
+  #delete previously injected GPG1 and GPG2 pubrings
+  if (cbfs -o $rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
+    cbfs -o $rom -d "heads/initrd/.gnupg/pubring.kbx" || die "Deleting old public keyring from running rom backup failed."
+    if (cbfs -o $rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
+      cbfs -o $rom -d "heads/initrd/.gnupg/pubring.gpg" || die "Deleting old and deprecated public keyring from running rom backup failed."
+      if [ -e /.gnupg/pubring.gpg ];then
+        rm /.gnupg/pubring.gpg
+      fi
+    fi
+  fi
+  #delete previously injected trustdb
+  if (cbfs -o $rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
+    cbfs -o $rom -d "heads/initrd/.gnupg/trustdb.gpg" || die "Deleting old trust database from running rom backup failed."
+  fi
+  #Remove old method of exporting/importing owner trust exported file
+  if (cbfs -o $rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
+    cbfs -o $rom -d "heads/initrd/.gnupg/otrust.txt" || die "Deleting old and depracated trust database export failed."
+  fi
+
+  #Insert public key in armored form and trustdb ultimately trusting user's key into reproducible rom:
+  cbfs -o "$rom" -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx || die "Inserting public keyring in runnning rom backup failed."
+  cbfs -o "$rom" -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg || die "Inserting trust databse in running rom backup failed."
+
+  if (whiptail --title 'Flash ROM?' \
+    --yesno "This will replace your old ROM with $rom\n\nDo you want to proceed?" 16 90) then
+    /bin/flash.sh $rom
+    whiptail --title 'ROM Flashed Successfully' \
+      --msgbox "New $rom flashed successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to continue" 16 60
+    if [ -s /boot/oem ];then
+      mount -o remount,rw /boot
+      echo "gpg_factory_resetted" >> /boot/oem
+      mount -o remount,ro /boot
+    fi
+    mount -o remount,ro /media
+  else
+      exit 0
+  fi
+
+  whiptail $CONFIG_WARNING_BG_COLOR --clear --title 'WARNING: Reboot required' --msgbox \
+    "A reboot is required.\n\n Your firmware has been reflashed with your own public key and trust\n database included.\n\n Heads will detect the firmware change and react accordingly:\n It will ask you to reseal TOTP/HOTP (seal BIOS integrity),\n take /boot integrity measures and sign them with your freshly\n factory resetted GPG card and it's associated user password (PIN).\n\nHit Enter to reboot." 30 90
+  /bin/reboot
+fi

initrd/bin/flash-gui.sh

@@ -86,7 +86,7 @@ while true; do
     f|c )
       if (whiptail --title 'Flash the BIOS with a new ROM' \
           --yesno "This requires you insert a USB drive containing:\n* Your BIOS image (*.rom)\n\nAfter you select this file, this program will reflash your BIOS\n\nDo you want to proceed?" 16 90) then
-        mount_usb
+        mount_usb || die "Unable to mount USB device."
         if grep -q /media /proc/mounts ; then
           find /media -name '*.rom' > /tmp/filelist.txt
           file_selector "/tmp/filelist.txt" "Choose the ROM to flash"
@@ -104,7 +104,7 @@ while true; do
               /bin/flash.sh "$ROM"
             fi
             whiptail --title 'ROM Flashed Successfully' \
-              --msgbox "$ROM flashed successfully.\nPress Enter to reboot" 16 60
+              --msgbox "$ROM flashed successfully.\nPress Enter to reboot" 16 60 
             umount /media
             /bin/reboot
           else

initrd/bin/flash.sh

@@ -46,6 +46,15 @@ flash_rom() {
 
     flashrom $FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \
     || die "$ROM: Flash failed"
+
+    if [ -e /boot/kexec_key_devices.txt ] || [ -e /boot/kexec_key_lvm.txt ]; then
+      echo -e "\n\nBoth your TOTP/HOTP codes and TPM released Disk Unlock Key were invalidated since measured boot integrity changed."
+      echo -e "You will be requested to reseal TOTP/HOTP secrets, to set a new default boot option and define a new Disk Unlock Key passphrase.\n\n"
+      mount_boot
+      mount -o remount,rw /boot
+      touch /boot/reset_disk_unlock_key
+      mount -o remount,ro /boot
+    fi
   fi
 }