install reads config file

2 files changed, 45 insertions, 23 deletions

diff --git a/config b/config
index 6485cb52a1c8..28b7154fda3a 100644
--- a/config
+++ b/config
@@ -9,20 +9,25 @@
 # completely replaced with one created by the attacker
 
 # Where to store the file in the initramfs
-auth_key_file=/boot_partition_auth.pem
+AUTH_KEY_FILE=/boot_partition_auth.pem
 
 # RSA key size, in bits
 # Note: The size of the key determines the size of the
 # signature. The size of the signature determines the
 # size of the QR code that will be printed to the terminal.
 # Pick the largest key size that fits on your monitor
-auth_key_length=4096
+AUTH_KEY_LENGTH=4096
 
+# Options to pass to QR encoder
+# Use these in case your terminal can't output UTF8 or
+# you need to fiddle with the settings to make the QR
+# code fit on your screen
+QR_OPTS="-t ANSIUTF8 -m 1"
 
 # Hashes of important boot programs
 
 # The hashing algorithm to use
-hash_alg=sha256
+HASH_ALG=sha256
 
 # Expected hash values
 # Note: These are calculated for you each time mkinitcpio
@@ -32,15 +37,15 @@ hash_alg=sha256
 
 # The hash of the MBR 
 # (first 512 bytes of disk housing partition with boot flag set)
-# expected_mbr_hash=
+# EXPECTED_MBR_HASH=
 
 # The hash of the Post-MBR Gap
 # (bytes from the end of the MBR to the start of the first partition)
-# expected_mbr_gap_hash=
+# EXPECTED_MBR_GAP_HASH=
 
 # The hash of the EFI stub used to boot
 # (hash of the file invoked by the UEFI firmware, likely /EFI/grub/grubx64.efi)
 # Note: Only checked when booting via UEFI
 # Note: MBR and Post MBR Gap are still checked when booting via UEFI
-# expected_efi_stub_hash=
+# EXPECTED_EFI_STUB_HASH=
 
diff --git a/install b/install
index 0ebbd7320f3c..35b68bdbfda6 100755
--- a/install
+++ b/install
@@ -3,12 +3,20 @@
 set -e
 set -u
 
+# Grab functions
 source nannycam.functions
 
+# Grab configuration
+if [ -z ${1:-} ]; then
+  source /etc/nannycam.conf
+else
+  source "$1"
+fi  
+AUTH_PUB_KEY_FILE="/tmp$AUTH_KEY_FILE.pub"
+
 # This script is expected to be called from mkinitcpio, setup env otherwise
 ensure_mkcpinitio_environment
 
-
 # The BUILDROOT and _optgenimg varibles are set in mkinitcpio and I do feel
 # fairly bad for relying on the implementation details, but the interface
 # exposed by init_functions is not really sufficient for determining if the
@@ -20,23 +28,32 @@ assert_encrypted "$_optgenimg"
 # If any other process on the box reads the private key file then all the
 # protections are for naught.
 assert_root
-
-KEYFILE="/tmp/boot_partition_auth.pem"
-PUBFILE="/tmp/boot_partition_auth.pub"
-
-touch "$KEYFILE"
-chmod 700 "$KEYFILE"
-
-openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:4096 -out "$KEYFILE" 2> /dev/null
-openssl rsa -pubout -out "$PUBFILE" -outform DER -in "$KEYFILE" 2> /dev/null
-
-add_file "$KEYFILE"
-
-shred -uf "$KEYFILE"
-
+touch "/tmp$AUTH_KEY_FILE"
+chmod 700 "/tmp$AUTH_KEY_FILE"
+
+# Generate a new public key each time the initramfs is built
+openssl genpkey \
+  -algorithm rsa \
+  -pkeyopt rsa_keygen_bits:$AUTH_KEY_LENGTH \
+  -out "/tmp$AUTH_KEY_FILE" \
+  2> /dev/null
+add_file "/tmp$AUTH_KEY_FILE" "$AUTH_KEY_FILE"
+
+# Extract the public key 
+openssl rsa \
+  -pubout \
+  -out "$AUTH_PUB_KEY_FILE" \
+  -outform DER \
+  -in "/tmp$AUTH_KEY_FILE" \
+  2> /dev/null
+
+# The private component is no longer required
+shred -uf "/tmp$AUTH_KEY_FILE"
+
+# Print a QR-code with the public half
 echo "Scan the following public key into your verification device"
-cat "$PUBFILE" | qrencode -8 -t ANSIUTF8 -m 1
+cat "$AUTH_PUB_KEY_FILE" | qrencode -8 $QR_OPTS
 read -p "Press ENTER to continue..." pause
 
-rm "$PUBFILE"
+rm "$AUTH_PUB_KEY_FILE"