Daily driver test fo x230-hotp-maximized on coreboot 4.19, with debug…

…, yubikey test regression for oem-factory-reset, optimized for space (03-O2->Os) and fix for sh: argument expected, with local CONFIG_DEBUG_OUTPUT enabled and fused in ROM. Includes linuxboot#1317, linuxboot#1121, linuxboot#1312, linuxboot#1305 for test on daily driver
tlaurion · Feb 19, 2023 · 5605b76 · 5605b76
2 parents 002fa9a + e900d20
commit 5605b76
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset
@@ -90,6 +90,19 @@ gpg_key_reset()
  if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then
  /bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
  fi
+ # Toggle forced sig (good security practice, forcing PIN request for each signature request)
+ if gpg --card-status | grep "Signature PIN" | grep -q "not forced"; then
+ {
+ echo admin
+ echo forcesig
+ echo ${ADMIN_PIN_DEF}
+ } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
+ > /tmp/gpg_card_edit_output 2>/dev/null
+ if [ $? -ne 0 ]; then
+ ERROR=`cat /tmp/gpg_card_edit_output`
+ whiptail_error_die "GPG Key forcesig toggle on failed!\n\n$ERROR"
+ fi
+ fi
  # Set RSA key length
  {
  echo admin