codebase: unify all 'read' prompts to inject newline prior of asking for input

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

Author: tlaurion

initrd/bin/kexec-seal-key

@@ -69,9 +69,7 @@ attempts=0
 
 # Ask for the DRK passphrase first, before testing any devices
 while [ $attempts -lt 3 ] && [ $luks_drk_passphrase_valid -eq 0 ]; do
-	echo ""
-	read -s -p "Enter LUKS Disk Recovery Key (DRK) passphrase that can unlock $key_devices: " disk_recovery_key_passphrase
-	echo ""
+	read -s -p $'\nEnter LUKS Disk Recovery Key (DRK) passphrase that can unlock '"$key_devices"': ' disk_recovery_key_passphrase
 	echo -n "$disk_recovery_key_passphrase" >"$DISK_RECOVERY_KEY_FILE"
 
 	# Test the passphrase against ALL devices before deciding if it's valid
@@ -104,19 +102,14 @@ done
 MIN_PASSPHRASE_LENGTH=12
 attempts=0
 while [ $attempts -lt 3 ]; do
-	echo ""
-	read -s -p "New LUKS TPM Disk Unlock Key (DUK) passphrase for booting (minimum $MIN_PASSPHRASE_LENGTH characters): " key_password
-	echo ""
+	read -s -p $'\nNew LUKS TPM Disk Unlock Key (DUK) passphrase for booting (minimum '"$MIN_PASSPHRASE_LENGTH"' characters): ' key_password
 	if [ ${#key_password} -lt $MIN_PASSPHRASE_LENGTH ]; then
 		attempts=$((attempts + 1))
 		warn "Disk Unlock Key (DUK) passphrase is too short. Please try again."
 		continue
 	fi
 
-	echo ""
-	read -s -p "Repeat LUKS TPM Disk Unlock Key (DUK) passphrase for booting: " key_password2
-	echo ""
-	echo ""
+	read -s -p $'\nRepeat LUKS TPM Disk Unlock Key (DUK) passphrase for booting: ' key_password2
 	if [ "$key_password" != "$key_password2" ]; then
 		attempts=$((attempts + 1))
 		warn "Disk Unlock Key (DUK) passphrases do not match. Please try again."

initrd/bin/kexec-unseal-key

@@ -26,7 +26,7 @@ DEBUG "Show PCRs"
 DEBUG "$(pcrs)"
 
 for tries in 1 2 3; do
-	read -s -p "Enter LUKS TPM Disk Unlock Key passphrase (blank to abort): " tpm_password
+	read -s -p $'\nEnter LUKS TPM Disk Unlock Key passphrase (blank to abort): ' tpm_password
 	echo
 	if [ -z "$tpm_password" ]; then
 		die "Aborting unseal disk encryption key"

initrd/bin/seal-hotpkey

@@ -144,15 +144,11 @@ fi
 if [ "$admin_pin_status" -ne 0 ]; then
 
 	# prompt user for PIN and retry
-	echo ""
-	read -s -p "Enter your $HOTPKEY_BRANDING $prompt_message PIN: " admin_pin
-	echo -e "\n"
+	read -s -p $'\nEnter your '"$HOTPKEY_BRANDING $prompt_message"' PIN: ' admin_pin
 
 	hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING"
 	if [ $? -ne 0 ]; then
-		echo -e "\n"
-		read -s -p "Error setting HOTP secret, re-enter $prompt_message PIN and try again: " admin_pin
-		echo -e "\n"
+		read -s -p $'\nError setting HOTP secret, re-enter '"$prompt_message"' PIN and try again: ' admin_pin
 		if ! hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING"; then
 			# don't leak key on failure
 			shred -n 10 -z -u "$HOTP_SECRET" 2>/dev/null

initrd/etc/functions

@@ -171,8 +171,7 @@ confirm_gpg_card() {
 			gpg_admin_pin=""
 			while [ -z "$gpg_admin_pin" ]; do
 				#TODO: change all passphrase prompts in codebase to include -r to prevent backslash escapes
-				read -r -s -p "Please enter GPG Admin PIN needed to use the GPG backup thumb drive: " gpg_admin_pin
-				echo
+				read -r -s -p $'\nPlease enter GPG Admin PIN needed to use the GPG backup thumb drive: ' gpg_admin_pin
 			done
 			#prompt user to select the proper encrypted partition, which should the first one on next prompt
 			warn "Please select encrypted LUKS on GPG key material backup thumb drive (not public labeled one)"
@@ -790,8 +789,7 @@ prompt_tpm_owner_password() {
 		return 0
 	fi
 
-	read -s -p "TPM Owner Password: " tpm_owner_password
-	echo # new line after password prompt
+	read -s -p $'\nTPM Owner Password: ' tpm_owner_password
 
 	# Cache the password externally to be reused by who needs it
 	DEBUG "Caching TPM Owner Password to /tmp/secret/tpm_owner_password"
@@ -809,10 +807,9 @@ prompt_new_owner_password() {
 	tpm_owner_password=1
 	tpm_owner_password2=2
 	while [ "$tpm_owner_password" != "$tpm_owner_password2" ] || [ "${#tpm_owner_password}" -gt 32 ] || [ -z "$tpm_owner_password" ]; do
-		read -s -p "New TPM Owner Password (2 words suggested, 1-32 characters max): " tpm_owner_password
-		echo
+		read -s -p $'\nNew TPM Owner Password (2 words suggested, 1-32 characters max): ' tpm_owner_password
 
-		read -s -p "Repeat chosen TPM Owner Password: " tpm_owner_password2
+		read -s -p $'\nRepeat chosen TPM Owner Password: ' tpm_owner_password2
 		echo
 
 		if [ "$tpm_owner_password" != "$tpm_owner_password2" ]; then