Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a "Quiet mode", hiding console output into LOG mode to be seen under /tmp/debug.log from recovery console #1822

Open
1 task
tlaurion opened this issue Oct 24, 2024 · 0 comments
Open
1 task

Implement a "Quiet mode", hiding console output into LOG mode to be seen under /tmp/debug.log from recovery console #1822

tlaurion opened this issue Oct 24, 2024 · 0 comments
Assignees
@tlaurion
Labels
consultation service Funded work enhancement release cycle - 2024-11-20 UX

Comments

@tlaurion
Copy link
Collaborator

tlaurion commented Oct 24, 2024
edited
Loading

The idea here is that Heads is getting more and more mainstreamed and aims to get easier/less scary to newcomers.

History:

  • Heads was once used only by technical users and collaborated upon by security oriented people.
  • Nowadays, this is shifting a bit where advanced users still wants to see TPM extend operations (that were cleaned and more spot on relative information is now provided on console prior of TPM PCR extend ops)
    • On early boot: Heads asciiart
    • Followed by user material being extracted from cbfs and measured prior of being used
    • Followed by early, board specific kernel modules measurements + load (usb controlloers kernel modules, usb keyboard)
    • Followed by late runtime state PCR extension/recovery shell access PCR extension to invalidate secret unsealing from TPM nvram
    • Followed by late optional TPM Disk Unlock Key (DUK) additional measurements (LUKS header, some platform TPM event log replay) measurements
    • Followed by /boot signed hash digest validation
    • Followed by HOTP enablement + uatomatic default boot "press any key to exit default boot" prompt
    • Followed by optional DUK passphrase prompt if everything above kosher
    • Followed by board specific chipset locking of SPI chip (PR0)
    • Followed by TPM cleanup (TPM2)
    • Followed by kexec call
    • OS takeover output

With HOTP and automatic boot now being default in all HOTP boards, which are the ones aimed at less technical users as opposed to non-HOTP (TOTP only remote attestation over phone), only required output on default boot could be, for quiet mode:

  • HOTP default boot "press any key to exit default boot" prompt to enter GUI
  • OS takeover output

With such implementation, OEM could, as part of their rebranding commit on top of chosen master commit, overload board config with something like export CONFIG_QUIET_MODE=y and have everything advanced hidden from end users. OF course this would require paid development time, but would reduce noise that is currently scary for non technical users. Log traces will always stay available through recovery shell under /tmp/debug.log, where everything above would be trapped behind LOG helper (see /initrd/etc/ash_functions's LOG) to output in debug.log even if no TRACE/DEBUG is enabled under board's config, leaving otherwise default output to console under file instead.

Thoughts? Comments?
This would be effort to address concerns for downstream OEM users and to help mainstream Head usage and reduce noise for less advanced users.

  • @wessel-novacustom/@jans23: please tag any other people that you think should be involved in this discussion to determine requirements.

--

Note that this effort will not be part of day to day maintainership and must be scoped as OEM first consultation service per #1627
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tlaurion tlaurion

Labels
consultation service Funded work enhancement release cycle - 2024-11-20 UX
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tlaurion