diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index b95118f47..9b5f81422 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -58,9 +58,6 @@ handle_mode() { USER_PIN=$(generate_passphrase --number_words 2 --max_length $MAX_HOTP_GPG_PIN_LENGTH) ADMIN_PIN=$(generate_passphrase --number_words 2 --max_length $MAX_HOTP_GPG_PIN_LENGTH) TPM_PASS=$ADMIN_PIN - # Inspect the passphrase using xxd and output to DEBUG - DEBUG "USER_PIN (hex): $(echo "$USER_PIN" | xxd)" - DEBUG "ADMIN_PIN (hex): $(echo "$ADMIN_PIN" | xxd)" ;; *) warn "Unknown mode: $mode" @@ -728,9 +725,6 @@ generate_checksums() { fi DEBUG "Detach-signing boot files under kexec.sig: ${param_files}" - DEBUG "TODO REMOVE: USER_PIN=$USER_PIN ADMIN_PIN=$ADMIN_PIN" - echo "$USER_PIN" | xxd - echo "$ADMIN_PIN" | xxd if sha256sum $param_files 2>/dev/null | gpg \ --pinentry-mode loopback \ diff --git a/initrd/etc/functions b/initrd/etc/functions index 029c785ad..aa57676d9 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -898,17 +898,14 @@ generate_passphrase() { local rolls="" local random_bytes - # Read num_rolls bytes from /dev/urandom in one go + # Read num_rolls bytes from /dev/random, fed by CPU RRAND in one go random_bytes=$(dd if=/dev/random bs=1 count="$num_rolls" 2>/dev/null | hexdump -e '1/1 "%u\n"') # Process each byte to generate a dice roll while read -r byte; do roll=$((byte % 6 + 1)) - DEBUG "Randomized dice roll: $roll" rolls+=$roll done <<<"$random_bytes" - - DEBUG "Generated dice rolls: $rolls" echo "$rolls" } @@ -978,15 +975,12 @@ generate_passphrase() { exit 1 fi - digits=${#key} - DEBUG "Number of digits in dice rolls: $digits" + digits=${#key} #Number of digits in dice rolls for ((i = 0; i < num_words; ++i)); do key=$(generate_dice_rolls "$digits") word=$(get_word_from_dictionary "$key" "$dictionary_file") - DEBUG "Retrieved word: =>$word<=" if [[ "$lowercase" == "false" ]]; then - DEBUG "Capitalizing the first letter of the word" word=${word^} # Capitalize the first letter fi passphrase+="$word " @@ -997,8 +991,8 @@ generate_passphrase() { fi done - passphrase=$(echo "$passphrase" | xargs) # Remove any leading/trailing whitespace - DEBUG "Generated passphrase: $passphrase<=" + #Remove passphrase trailing space from passphrase+="$word" + passphrase=${passphrase% } echo "$passphrase" return 0 }