Merge pull request #1291 from tlaurion/warn_user_when_totp-hotp_seal_requires_tpm_reset

tlaurion · web-flow · commit 075284374b21 · 2023-01-19T18:44:10.000-05:00
gui-init: warn the user when sealing measurements through TOTP/HOTP reset
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
@@ -149,17 +149,20 @@ prompt_update_checksums()
 generate_totp_htop()
 {
   echo "Scan the QR code to add the new TOTP secret"
-  /bin/seal-totp "$BOARD_NAME"
-  if [ -x /bin/hotp_verification ]; then
-    echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
-    read
-    /bin/seal-hotpkey
+  if /bin/seal-totp "$BOARD_NAME"; then
+    if [ -x /bin/hotp_verification ]; then
+      echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
+      read
+      /bin/seal-hotpkey
+    else
+      echo "Once you have scanned the QR code, hit Enter to continue"
+      read
+    fi
+    # clear screen
+    printf "\033c"
   else
-    echo "Once you have scanned the QR code, hit Enter to continue"
-    read
+    warn "Sealing of measurements inside of TPM failed. You might want to take ownership of TPM by resetting it."
   fi
-  # clear screen
-  printf "\033c"
 }
 
 update_totp()
