From ff9dd5f667181fccee16d2444515524e6fcf50e1 Mon Sep 17 00:00:00 2001 From: alexgithublab Date: Wed, 24 Jul 2024 14:09:40 +0200 Subject: [PATCH 1/5] change system time feature Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 60 ++++++++++++++++++++++++++++++++++++++++++ initrd/bin/gui-init | 4 +++ 2 files changed, 64 insertions(+) create mode 100644 initrd/bin/change-time diff --git a/initrd/bin/change-time b/initrd/bin/change-time new file mode 100644 index 000000000..af8f6de7f --- /dev/null +++ b/initrd/bin/change-time @@ -0,0 +1,60 @@ +#!/bin/bash +#change time using hwclock and date -s + +clear + +echo -e -n "Please enter the date and time you wish to set\n" + +get_date () { + echo -e -n "enter the $1 please ($2-$3) (enter for $2)\n" + read -n $4 value + echo -e "\n" + #if enter + if [[ $value = "" ]]; then + value=$2 + fi + + #must be a $4 digits number between $2 and $3 + while [[ ! $value =~ ^[0-9]{$4} ]] || [[ ${value#0} -lt $2 ]] || [[ ${value#0} -gt $3 ]]; + do + echo -e -n "wrong $1, you enter "$value" please enter it again, must be a $4 digits number between $2 and $3 (press enter for $2) \n" + read -n $4 value + echo -e "\n" + if [[ $value = "" ]]; then + value=$2 + fi + done +} + +get_date "year" "2024" "2200" "4" +year=$value +get_date "month" "01" "12" "2" +month=$value +get_date "day" "01" "31" "2" +day=$value +get_date "hour" "00" "23" "2" +hour=$value +get_date "min" "00" "59" "2" +min=$value +get_date "sec" "00" "59" "2" +sec=$value + +##getting the output of date -s +OUTPUT=$(date -s "$year-$month-$day $hour:$min:$sec" 2>&1) + +##if output is starting with the letter d which is the beginning of the error message then we do the script again +if [[ ${OUTPUT} == d* ]]; then + echo "The date is not correct, press any key to set it again" + echo -e "\n" + read -n 1 noting + clear + change-time +else + hwclock -w + echo -e "the date has been sucessfully set to $year-$month-$day $hour:$min:$sec" + echo -e "\n" + + echo -e "press any key to return to the menu" + echo -e "\n" + read -n 1 nothing +fi \ No newline at end of file diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index dc9ec20da..8173fae6c 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -438,6 +438,7 @@ show_options_menu() 'C' ' Reencrypt LUKS container -->' \ 'P' ' Change LUKS Disk Recovery Key passphrase ->' \ 'R' ' Check/Update file hashes on root disk -->' \ + 'h' ' Change system time' \ 'x' ' Exit to recovery shell' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -476,6 +477,9 @@ show_options_menu() R ) root-hashes-gui.sh ;; + h ) + change-time + ;; x ) recovery "User requested recovery shell" ;; From a3b9a1d9e9a6a61d9490abcb1b8163af0ddbb5af Mon Sep 17 00:00:00 2001 From: alexgithublab Date: Thu, 25 Jul 2024 10:06:40 +0200 Subject: [PATCH 2/5] chmod Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 initrd/bin/change-time diff --git a/initrd/bin/change-time b/initrd/bin/change-time old mode 100644 new mode 100755 From 07a6b7819a62429f71a54db693a9a206db59573c Mon Sep 17 00:00:00 2001 From: alexgithublab Date: Thu, 25 Jul 2024 12:21:54 +0200 Subject: [PATCH 3/5] UTC statment + menu order Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 2 ++ initrd/bin/gui-init | 12 ++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index af8f6de7f..d7719b7e8 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -4,6 +4,8 @@ clear echo -e -n "Please enter the date and time you wish to set\n" +echo -e -n "You need to set the time according to the UTC/GMT timezone please check https://time.is/UTC\n" + get_date () { echo -e -n "enter the $1 please ($2-$3) (enter for $2)\n" diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 8173fae6c..75de07113 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -221,6 +221,7 @@ update_totp() If you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n How would you like to proceed?" 0 80 4 \ 'g' ' Generate new HOTP/TOTP secret' \ + 'h' ' Change system time' \ 'i' ' Ignore error and continue to main menu' \ 'p' ' Reset the TPM' \ 'x' ' Exit to recovery shell' \ @@ -234,6 +235,9 @@ update_totp() generate_totp_hotp && update_totp && BG_COLOR_MAIN_MENU="normal" && reseal_tpm_disk_decryption_key fi ;; + h ) + change-time + ;; i ) skip_to_menu="true" return 1 @@ -430,6 +434,7 @@ show_options_menu() --menu "" 0 80 10 \ 'b' ' Boot Options -->' \ 't' ' TPM/TOTP/HOTP Options -->' \ + 'h' ' Change system time' \ 'u' ' Update checksums and sign all files in /boot' \ 'c' ' Change configuration settings -->' \ 'f' ' Flash/Update the BIOS -->' \ @@ -438,7 +443,6 @@ show_options_menu() 'C' ' Reencrypt LUKS container -->' \ 'P' ' Change LUKS Disk Recovery Key passphrase ->' \ 'R' ' Check/Update file hashes on root disk -->' \ - 'h' ' Change system time' \ 'x' ' Exit to recovery shell' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -451,6 +455,9 @@ show_options_menu() t ) show_tpm_totp_hotp_options_menu ;; + h ) + change-time + ;; u ) prompt_update_checksums ;; @@ -477,9 +484,6 @@ show_options_menu() R ) root-hashes-gui.sh ;; - h ) - change-time - ;; x ) recovery "User requested recovery shell" ;; From a99298acb25ee471d2420a88ca1117fa6503040e Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 29 Jul 2024 09:41:27 -0400 Subject: [PATCH 4/5] change-time script: syntax, spcaing, wording and typo fixes Signed-off-by: Thierry Laurion Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index d7719b7e8..d99c21e42 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -4,11 +4,11 @@ clear echo -e -n "Please enter the date and time you wish to set\n" -echo -e -n "You need to set the time according to the UTC/GMT timezone please check https://time.is/UTC\n" +echo -e -n "You need to set the time according to the UTC/GMT timezone please check https://time.is/UTC\n\n" get_date () { - echo -e -n "enter the $1 please ($2-$3) (enter for $2)\n" + echo -e -n "Please insert $1 (between $2-$3) (Enter key to accept $2)\n" read -n $4 value echo -e "\n" #if enter @@ -19,7 +19,7 @@ get_date () { #must be a $4 digits number between $2 and $3 while [[ ! $value =~ ^[0-9]{$4} ]] || [[ ${value#0} -lt $2 ]] || [[ ${value#0} -gt $3 ]]; do - echo -e -n "wrong $1, you enter "$value" please enter it again, must be a $4 digits number between $2 and $3 (press enter for $2) \n" + echo -e -n "$1 is wrong: you entered "$value". Please try again, it must be $4 digits number between $2 and $3 (press Enter to accept $2) \n" read -n $4 value echo -e "\n" if [[ $value = "" ]]; then @@ -36,9 +36,9 @@ get_date "day" "01" "31" "2" day=$value get_date "hour" "00" "23" "2" hour=$value -get_date "min" "00" "59" "2" +get_date "minute" "00" "59" "2" min=$value -get_date "sec" "00" "59" "2" +get_date "second" "00" "59" "2" sec=$value ##getting the output of date -s @@ -46,17 +46,17 @@ OUTPUT=$(date -s "$year-$month-$day $hour:$min:$sec" 2>&1) ##if output is starting with the letter d which is the beginning of the error message then we do the script again if [[ ${OUTPUT} == d* ]]; then - echo "The date is not correct, press any key to set it again" + echo "The date is not correct, press any key to try again" echo -e "\n" - read -n 1 noting + read -n 1 nothing clear change-time else hwclock -w - echo -e "the date has been sucessfully set to $year-$month-$day $hour:$min:$sec" + echo -e "The system date has been sucessfully set to $year-$month-$day $hour:$min:$sec" echo -e "\n" - echo -e "press any key to return to the menu" + echo -e "Press any key to return to the menu" echo -e "\n" read -n 1 nothing -fi \ No newline at end of file +fi From f4ce04716778dbb2cfdda2d9dab67f8c4a81b7d6 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 29 Jul 2024 09:59:38 -0400 Subject: [PATCH 5/5] gui-init: put change-time under TOTP mismatch where it should be, remove unneeded duplicate menu options to change system time Signed-off-by: Thierry Laurion --- initrd/bin/gui-init | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 75de07113..2f76c0769 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -221,7 +221,6 @@ update_totp() If you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n How would you like to proceed?" 0 80 4 \ 'g' ' Generate new HOTP/TOTP secret' \ - 'h' ' Change system time' \ 'i' ' Ignore error and continue to main menu' \ 'p' ' Reset the TPM' \ 'x' ' Exit to recovery shell' \ @@ -235,9 +234,6 @@ update_totp() generate_totp_hotp && update_totp && BG_COLOR_MAIN_MENU="normal" && reseal_tpm_disk_decryption_key fi ;; - h ) - change-time - ;; i ) skip_to_menu="true" return 1 @@ -551,16 +547,8 @@ prompt_totp_mismatch() { TRACE_FUNC if (whiptail_warning --title "TOTP/HOTP code mismatched" \ - --yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift:\n\nTo correct clock drift: 'date -s yyyy-MM-DD hh:mm:ss' in UTC timezone\nand save it to the RTC: 'hwclock -w'\nthen reboot and try again.\n\nWould you like to exit to a recovery console?" 0 80) then - echo "" - echo "To correct clock drift: 'date -s yyyy-MM-DD hh:mm:ss' in UTC timezone" - echo "and save it to the RTC: 'hwclock -w'" - echo "" - echo "Alternatively you could do this automatically with an Ethernet cable connected to a functional network: 'network-init-recovery'" - echo "" - echo "Then reboot and try again" - echo "" - recovery "TOTP/HOTP mismatch" + --yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift.\n\nHere, we will manually set system time to see if TOTP code mismatch was because of time drift.\n\nAlternatively you could sync time from network automatically with 'network-init-recovery' helper from Recovery shell\n " 0 80) then + change-time fi }