diff options
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | README-dracut.md | 15 | ||||
-rw-r--r-- | README-mkinitcpio.md | 15 | ||||
-rw-r--r-- | bin/worker.c | 2 | ||||
-rw-r--r-- | bin/ykfde-cpio.c | 2 | ||||
-rw-r--r-- | bin/ykfde.c | 4 | ||||
-rw-r--r-- | config.def.h | 2 | ||||
-rwxr-xr-x | dracut/module-setup.sh | 7 | ||||
-rw-r--r-- | mkinitcpio/ykfde | 2 | ||||
-rw-r--r-- | systemd/ykfde-2f.service | 2 | ||||
-rw-r--r-- | systemd/ykfde-worker.service | 2 | ||||
-rw-r--r-- | systemd/ykfde.service | 2 |
12 files changed, 41 insertions, 16 deletions
@@ -6,7 +6,7 @@ CP := cp SED := sed # this is just a fallback in case you do not use git but downloaded # a release tarball... -VERSION := 0.7.7 +VERSION := 0.7.9 .DELETE_ON_ERROR: diff --git a/README-dracut.md b/README-dracut.md index 108e2af..2d3a7a8 100644 --- a/README-dracut.md +++ b/README-dracut.md @@ -124,7 +124,8 @@ Build the initramfs: ### Boot loader Make sure to load the cpio archive `/boot/ykfde-challenges.img` -as an additional initramfs. +as an additional initramfs. It has to be listed *after* microcode +updates (if available), but *before* main initramfs. With `grub` you need to list `ykfde-challenges.img` in configuration variable `GRUB_EARLY_INITRD_LINUX_CUSTOM` in `/etc/default/grub`: @@ -135,4 +136,16 @@ Then update your `grub` configuration by running: > grub-mkconfig -o /boot/grub/grub.cfg +A valid configuration for `systemd-boot` should be placed in +`/boot/loader/entries/default.conf` and look something like this: + +``` +title Default +linux /vmlinuz-linux +initrd /intel-ucode.img +initrd /ykfde-challenges.img +initrd /initramfs-linux.img +options root=... rw quiet +``` + Reboot and have fun! diff --git a/README-mkinitcpio.md b/README-mkinitcpio.md index ae1d420..31a3047 100644 --- a/README-mkinitcpio.md +++ b/README-mkinitcpio.md @@ -128,7 +128,8 @@ Now rebuild your initramfs with: ### Boot loader Make sure to load the cpio archive `/boot/ykfde-challenges.img` -as an additional initramfs. +as an additional initramfs. It has to be listed *after* microcode +updates (if available), but *before* main initramfs. With `grub` you need to list `ykfde-challenges.img` in configuration variable `GRUB_EARLY_INITRD_LINUX_CUSTOM` in `/etc/default/grub`: @@ -139,4 +140,16 @@ Then update your `grub` configuration by running: > grub-mkconfig -o /boot/grub/grub.cfg +A valid configuration for `systemd-boot` should be placed in +`/boot/loader/entries/default.conf` and look something like this: + +``` +title Default +linux /vmlinuz-linux +initrd /intel-ucode.img +initrd /ykfde-challenges.img +initrd /initramfs-linux.img +options root=... rw quiet +``` + Reboot and have fun! diff --git a/bin/worker.c b/bin/worker.c index 94d9476..81dc68f 100644 --- a/bin/worker.c +++ b/bin/worker.c @@ -1,5 +1,5 @@ /* - * (C) 2014-2021 by Christian Hesse <mail@eworm.de> + * (C) 2014-2024 by Christian Hesse <mail@eworm.de> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/bin/ykfde-cpio.c b/bin/ykfde-cpio.c index b56e1e3..8154b47 100644 --- a/bin/ykfde-cpio.c +++ b/bin/ykfde-cpio.c @@ -1,5 +1,5 @@ /* - * (C) 2014-2021 by Christian Hesse <mail@eworm.de> + * (C) 2014-2024 by Christian Hesse <mail@eworm.de> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/bin/ykfde.c b/bin/ykfde.c index 27aecc3..682e05c 100644 --- a/bin/ykfde.c +++ b/bin/ykfde.c @@ -1,5 +1,5 @@ /* - * (C) 2014-2021 by Christian Hesse <mail@eworm.de> + * (C) 2014-2024 by Christian Hesse <mail@eworm.de> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -304,7 +304,7 @@ int main(int argc, char **argv) { We generate an array of unsigned int, the use modulo to limit to printable ASCII characters (32 to 127). */ if ((len = getrandom(challenge_int, CHALLENGELEN * sizeof(unsigned int), GRND_RANDOM|GRND_NONBLOCK)) != CHALLENGELEN * sizeof(unsigned int)) - getrandom((void *)((size_t)challenge_int + len), CHALLENGELEN * sizeof(unsigned int) - len, 0); + len += getrandom((void *)((size_t)challenge_int + len), CHALLENGELEN * sizeof(unsigned int) - len, 0); for (i = 0; i < CHALLENGELEN; i++) challenge_new[i] = (challenge_int[i] % (127 - 32)) + 32; diff --git a/config.def.h b/config.def.h index 46309cd..ca1c8b4 100644 --- a/config.def.h +++ b/config.def.h @@ -1,5 +1,5 @@ /* - * (C) 2014-2021 by Christian Hesse <mail@eworm.de> + * (C) 2014-2024 by Christian Hesse <mail@eworm.de> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/dracut/module-setup.sh b/dracut/module-setup.sh index a7cce66..901cd2d 100755 --- a/dracut/module-setup.sh +++ b/dracut/module-setup.sh @@ -14,18 +14,17 @@ install() { inst_rules "$moddir/20-ykfde.rules" inst_hook cmdline 30 "$moddir/parse-mod.sh" inst_simple "$moddir/ykfde.sh" /sbin/ykfde.sh - inst_simple /usr/lib/ykfde/worker + inst_binary /usr/lib/ykfde/worker inst_simple /etc/ykfde.conf inst_simple /usr/lib/systemd/system/ykfde-worker.service ln_r $systemdsystemunitdir/ykfde-worker.service $systemdsystemunitdir/sysinit.target.wants/ykfde-worker.service # this is required for second factor - if egrep -qi 'second factor = (yes|true|1)' /etc/ykfde.conf; then + if grep -E -qi 'second factor = (yes|true|1)' /etc/ykfde.conf; then inst_simple /usr/lib/systemd/system/cryptsetup-pre.target inst_simple /usr/lib/systemd/system/ykfde-2f.service ln_r $systemdsystemunitdir/ykfde-2f.service $systemdsystemunitdir/sysinit.target.wants/ykfde-2f.service - inst_simple /usr/bin/systemd-ask-password - + inst_binary /usr/bin/systemd-ask-password fi dracut_need_initqueue diff --git a/mkinitcpio/ykfde b/mkinitcpio/ykfde index 3e8e485..adb403c 100644 --- a/mkinitcpio/ykfde +++ b/mkinitcpio/ykfde @@ -9,7 +9,7 @@ build() { add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-worker.service ../ykfde-worker.service # this is required for second factor - if egrep -qi 'second factor = (yes|true|1)' /etc/ykfde.conf; then + if grep -E -qi 'second factor = (yes|true|1)' /etc/ykfde.conf; then add_systemd_unit cryptsetup-pre.target add_systemd_unit ykfde-2f.service add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service ../ykfde-2f.service diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service index d98d4c4..9fc9e73 100644 --- a/systemd/ykfde-2f.service +++ b/systemd/ykfde-2f.service @@ -1,4 +1,4 @@ -# (C) 2016-2021 by Christian Hesse <mail@eworm.de> +# (C) 2016-2024 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/systemd/ykfde-worker.service b/systemd/ykfde-worker.service index 20d20af..ea7807f 100644 --- a/systemd/ykfde-worker.service +++ b/systemd/ykfde-worker.service @@ -1,4 +1,4 @@ -# (C) 2016-2021 by Christian Hesse <mail@eworm.de> +# (C) 2016-2024 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/systemd/ykfde.service b/systemd/ykfde.service index f4cfee4..dee0f29 100644 --- a/systemd/ykfde.service +++ b/systemd/ykfde.service @@ -1,4 +1,4 @@ -# (C) 2016-2021 by Christian Hesse <mail@eworm.de> +# (C) 2016-2024 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by |