57 lines
1.4 KiB
Diff
57 lines
1.4 KiB
Diff
From e0222c3dcf0bb1a44328b893bed9224d05b7506a Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Mon, 6 May 2024 16:28:41 +0800
|
|
Subject: [PATCH] firstboot: make "Pass phrase" mandatory
|
|
|
|
Without choosing the "Pass phrase" option, the default VM password will
|
|
remain after firstboot. To ensure the default password is gone for good,
|
|
make "Pass phrase" mandatory.
|
|
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
---
|
|
firstboot/fde | 13 ++++++++-----
|
|
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/firstboot/fde b/firstboot/fde
|
|
index 4911b32..161e832 100755
|
|
--- a/firstboot/fde
|
|
+++ b/firstboot/fde
|
|
@@ -203,15 +203,22 @@ function fde_setup_unencrypted {
|
|
|
|
function __fde_valid_protections {
|
|
|
|
+ pass_warn=true
|
|
for tag in $*; do
|
|
case $tag in
|
|
- pass|tpm) : ;;
|
|
+ pass) pass_warn=false ;;
|
|
+ tpm) : ;;
|
|
*)
|
|
display_errorbox "FDE key protection scheme $tag not yet implemented"
|
|
return 1;;
|
|
esac
|
|
done
|
|
|
|
+ if $pass_warn; then
|
|
+ display_errorbox "Pass phrase is mandatory"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
return 0
|
|
}
|
|
|
|
@@ -253,10 +260,6 @@ function fde_choose_protection {
|
|
FDE_PROTECTION="$result"
|
|
fde_trace "user selected protections: <$FDE_PROTECTION>"
|
|
|
|
- if [ -z "$FDE_PROTECTION" ]; then
|
|
- return 1
|
|
- fi
|
|
-
|
|
if __fde_valid_protections $FDE_PROTECTION; then
|
|
break
|
|
fi
|
|
--
|
|
2.35.3
|
|
|