From ba20d98bdd8c39ad506ef4a2a3e1f51bc84db9f8 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Sun, 21 Apr 2024 18:31:43 +0200 Subject: [PATCH 1/8] UX improvements PIN questions Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 6b597fc08..308483960 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -989,11 +989,11 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then luks_new_Disk_Recovery_Key_passphrase=${CUSTOM_SINGLE_PASS} fi else - echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [y/N]: " + echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [Y/n]: " read -n 1 prompt_output echo - if [ "$prompt_output" == "y" \ - -o "$prompt_output" == "Y" ]; then + if [ "$prompt_output" != "n" \ + -a "$prompt_output" != "N" ]; then echo -e "\nThey must be each at least 8 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then @@ -1011,7 +1011,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # That is, if keys were NOT generated in memory (on smartcard only) or # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then - while [[ ${#USER_PIN} -lt 8 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN From be65c4be5b5fbeca9cdb97268135507252efe171 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Sun, 21 Apr 2024 18:42:52 +0200 Subject: [PATCH 2/8] fix small incongruency with previous commit Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 308483960..d12b0c624 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1012,7 +1012,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN done From cc70e772f8a0dcdb319d4d06e27af227a5cae51e Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Sun, 21 Apr 2024 19:00:29 +0200 Subject: [PATCH 3/8] fix another small incongruency with previous commit Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index d12b0c624..54f129dc2 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -994,7 +994,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo if [ "$prompt_output" != "n" \ -a "$prompt_output" != "N" ]; then - echo -e "\nThey must be each at least 8 characters in length.\n" + echo -e "\nThe TPM Owner Password and Admin PIN must be at least 8, the User PIN at least 6 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then while [[ ${#TPM_PASS} -lt 8 ]]; do From 2828e2ca60a698c69749dd4b0b37a1593b73601b Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:50:34 +0200 Subject: [PATCH 4/8] Revert "fix another small incongruency with previous commit" This reverts commit cc70e772f8a0dcdb319d4d06e27af227a5cae51e. Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 54f129dc2..d12b0c624 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -994,7 +994,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo if [ "$prompt_output" != "n" \ -a "$prompt_output" != "N" ]; then - echo -e "\nThe TPM Owner Password and Admin PIN must be at least 8, the User PIN at least 6 characters in length.\n" + echo -e "\nThey must be each at least 8 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then while [[ ${#TPM_PASS} -lt 8 ]]; do From 0854f2ce802d8a3891318f4b807d4c57e677ae24 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:51:17 +0200 Subject: [PATCH 5/8] Revert "fix small incongruency with previous commit" This reverts commit be65c4be5b5fbeca9cdb97268135507252efe171. Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index d12b0c624..308483960 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1012,7 +1012,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN done From 408524fb31d26e4c65d02bfaa744aed4617e4400 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:51:25 +0200 Subject: [PATCH 6/8] Revert "UX improvements PIN questions" This reverts commit ba20d98bdd8c39ad506ef4a2a3e1f51bc84db9f8. Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 308483960..6b597fc08 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -989,11 +989,11 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then luks_new_Disk_Recovery_Key_passphrase=${CUSTOM_SINGLE_PASS} fi else - echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [Y/n]: " + echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [y/N]: " read -n 1 prompt_output echo - if [ "$prompt_output" != "n" \ - -a "$prompt_output" != "N" ]; then + if [ "$prompt_output" == "y" \ + -o "$prompt_output" == "Y" ]; then echo -e "\nThey must be each at least 8 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then @@ -1011,7 +1011,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # That is, if keys were NOT generated in memory (on smartcard only) or # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then - while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + while [[ ${#USER_PIN} -lt 8 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN From 70e9c663bcca20a41b29353828ce217302ada7cc Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:56:13 +0200 Subject: [PATCH 7/8] only change user PIN minimum requirement to 6 Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 6b597fc08..67318a1db 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -994,7 +994,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo if [ "$prompt_output" == "y" \ -o "$prompt_output" == "Y" ]; then - echo -e "\nThey must be each at least 8 characters in length.\n" + echo -e "\nThe TPM Owner Password and Admin PIN must be at least 8, the User PIN at least 6 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then while [[ ${#TPM_PASS} -lt 8 ]]; do @@ -1002,8 +1002,8 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then read TPM_PASS done fi - while [[ ${#ADMIN_PIN} -lt 8 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + while [[ ${#ADMIN_PIN} -lt 6 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG Admin PIN: " read ADMIN_PIN done From cb03ec5584edddcdf3e4a5701bcee80ab72ef951 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Tue, 23 Apr 2024 01:10:53 +0200 Subject: [PATCH 8/8] change correct PIN minimum Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 67318a1db..cbff40d04 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1002,8 +1002,8 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then read TPM_PASS done fi - while [[ ${#ADMIN_PIN} -lt 6 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + while [[ ${#ADMIN_PIN} -lt 8 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG Admin PIN: " read ADMIN_PIN done @@ -1011,8 +1011,8 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # That is, if keys were NOT generated in memory (on smartcard only) or # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then - while [[ ${#USER_PIN} -lt 8 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN done