heads icon indicating copy to clipboard operation
heads copied to clipboard

Published 20 hours ago verified publisher icon linuxboot

Impose Access Restriction to the Recovery Shell

Open persmule opened this issue 6 years ago • 5 comments

With this commit, to use recovery shell, users should authencate themselves by connecting their OpenPGP card to the machine, in order to prove they hold the very same secret key used to sign the boot file list used by Heads. If they fail to pass the authencation, the machine will exit from init and go kernel panic.

This digital signature verification routine is grafted from another commit of mine.

fix #356

persmule avatar Mar 14 '18 11:03 persmule

I like the idea of having this as an option, but not a requirement for dropping to the recovery shell.

We're starting to have enough CONFIG_FOO things that we should consider making a Kconfig menu...

osresearch avatar Mar 15 '18 18:03 osresearch

This time, the feature is controlled with an exported option "CONFIG_RECOVERY_NEED_AUTH" in board files.

persmule avatar Mar 19 '18 09:03 persmule

Todo: review die usage and probably create error and replace lots of them. Also review recovery usage by calling error instead, which should prompt user to hit enter to continue.

tlaurion avatar Apr 13 '19 05:04 tlaurion

@persmule the problem here is if the public key has expired, the user would be locked out of the recovery shell. Discussion: https://github.com/osresearch/heads/issues/881#issuecomment-917095442

tlaurion avatar Sep 10 '21 18:09 tlaurion

@persmule interesting enough, this is a plus for non fsp enabled boards. All sandy/ivy bridge can take advantage of this. Thanks a lot and looking forward to push that in with coreboot 4.15 version bump.

tlaurion avatar Dec 07 '21 03:12 tlaurion

Merged as part of #1515.

tlaurion avatar Nov 14 '23 16:11 tlaurion