heads
heads copied to clipboard
Impose Access Restriction to the Recovery Shell
With this commit, to use recovery shell, users should authencate themselves by connecting their OpenPGP card to the machine, in order to prove they hold the very same secret key used to sign the boot file list used by Heads. If they fail to pass the authencation, the machine will exit from init and go kernel panic.
This digital signature verification routine is grafted from another commit of mine.
fix #356
I like the idea of having this as an option, but not a requirement for dropping to the recovery shell.
We're starting to have enough CONFIG_FOO
things that we should consider making a Kconfig menu...
This time, the feature is controlled with an exported option "CONFIG_RECOVERY_NEED_AUTH" in board files.
Todo: review die usage and probably create error and replace lots of them. Also review recovery usage by calling error instead, which should prompt user to hit enter to continue.
@persmule the problem here is if the public key has expired, the user would be locked out of the recovery shell. Discussion: https://github.com/osresearch/heads/issues/881#issuecomment-917095442
@persmule interesting enough, this is a plus for non fsp enabled boards. All sandy/ivy bridge can take advantage of this. Thanks a lot and looking forward to push that in with coreboot 4.15 version bump.
Merged as part of #1515.