File tree Expand file tree Collapse file tree 5 files changed +10
-11
lines changed Expand file tree Collapse file tree 5 files changed +10
-11
lines changed Original file line number Diff line number Diff line change @@ -158,7 +158,7 @@ DO_WITH_DEBUG eval "$kexeccmd" 2>/dev/null \
158158
159159if [ " $CONFIG_DEBUG_OUTPUT " = " y" ; then
160160 # Ask user if they want to continue booting without echoing back the input (-s)
161- read -s -n 1 -p " [DEBUG] Continue booting? [Y/n]: "
161+ read -r - s -n 1 -p " [DEBUG] Continue booting? [Y/n]: "
162162 echo
163163 if [ " ${debug_boot_confirm^^} " = N ]; then
164164 # abort
Original file line number Diff line number Diff line change @@ -69,7 +69,7 @@ attempts=0
6969
7070# Ask for the DRK passphrase first, before testing any devices
7171while [ $attempts -lt 3 ] && [ $luks_drk_passphrase_valid -eq 0 ]; do
72- read -s -p $' \n Enter LUKS Disk Recovery Key (DRK) passphrase that can unlock ' " $key_devices " ' : '
72+ read -r - s -p $' \n Enter LUKS Disk Recovery Key (DRK) passphrase that can unlock ' " $key_devices " ' : '
7373 echo -n " $disk_recovery_key_passphrase " > " $DISK_RECOVERY_KEY_FILE "
7474
7575 # Test the passphrase against ALL devices before deciding if it's valid
@@ -102,14 +102,14 @@ done
102102MIN_PASSPHRASE_LENGTH=12
103103attempts=0
104104while [ $attempts -lt 3 ]; do
105- read -s -p $' \n New LUKS TPM Disk Unlock Key (DUK) passphrase for booting (minimum ' " $MIN_PASSPHRASE_LENGTH " ' characters): '
105+ read -r - s -p $' \n New LUKS TPM Disk Unlock Key (DUK) passphrase for booting (minimum ' " $MIN_PASSPHRASE_LENGTH " ' characters): '
106106 if [ ${# key_password} -lt $MIN_PASSPHRASE_LENGTH ]; then
107107 attempts=$(( attempts + 1 ))
108108 warn " Disk Unlock Key (DUK) passphrase is too short. Please try again."
109109 continue
110110 fi
111111
112- read -s -p $' \n Repeat LUKS TPM Disk Unlock Key (DUK) passphrase for booting: '
112+ read -r - s -p $' \n Repeat LUKS TPM Disk Unlock Key (DUK) passphrase for booting: '
113113 if [ " $key_password " != " $key_password2 " ; then
114114 attempts=$(( attempts + 1 ))
115115 warn " Disk Unlock Key (DUK) passphrases do not match. Please try again."
Original file line number Diff line number Diff line change @@ -26,7 +26,7 @@ DEBUG "Show PCRs"
2626DEBUG " $( pcrs) "
2727
2828for tries in 1 2 3; do
29- read -s -p $' \n Enter LUKS TPM Disk Unlock Key passphrase (blank to abort): '
29+ read -r - s -p $' \n Enter LUKS TPM Disk Unlock Key passphrase (blank to abort): '
3030 echo
3131 if [ -z " $tpm_password " ; then
3232 die " Aborting unseal disk encryption key"
Original file line number Diff line number Diff line change 144144if [ " $admin_pin_status " -ne 0 ]; then
145145
146146 # prompt user for PIN and retry
147- read -s -p $' \n Enter your ' " $HOTPKEY_BRANDING $prompt_message " ' PIN: '
147+ read -r - s -p $' \n Enter your ' " $HOTPKEY_BRANDING $prompt_message " ' PIN: '
148148
149149 hotp_initialize " $admin_pin " $HOTP_SECRET $counter_value " $HOTPKEY_BRANDING "
150150 if [ $? -ne 0 ]; then
151- read -s -p $' \n Error setting HOTP secret, re-enter ' " $prompt_message " ' PIN and try again: '
151+ read -r - s -p $' \n Error setting HOTP secret, re-enter ' " $prompt_message " ' PIN and try again: '
152152 if ! hotp_initialize " $admin_pin " $HOTP_SECRET $counter_value " $HOTPKEY_BRANDING " ; then
153153 # don't leak key on failure
154154 shred -n 10 -z -u " $HOTP_SECRET " 2> /dev/null
Original file line number Diff line number Diff line change @@ -170,7 +170,6 @@ confirm_gpg_card() {
170170 echo
171171 gpg_admin_pin=" "
172172 while [ -z " $gpg_admin_pin " ; do
173- # TODO: change all passphrase prompts in codebase to include -r to prevent backslash escapes
174173 read -r -s -p $' \n Please enter GPG Admin PIN needed to use the GPG backup thumb drive: '
175174 done
176175 # prompt user to select the proper encrypted partition, which should the first one on next prompt
@@ -789,7 +788,7 @@ prompt_tpm_owner_password() {
789788 return 0
790789 fi
791790
792- read -s -p $' \n TPM Owner Password: '
791+ read -r - s -p $' \n TPM Owner Password: '
793792
794793 # Cache the password externally to be reused by who needs it
795794 DEBUG " Caching TPM Owner Password to /tmp/secret/tpm_owner_password"
@@ -807,9 +806,9 @@ prompt_new_owner_password() {
807806 tpm_owner_password=1
808807 tpm_owner_password2=2
809808 while [ " $tpm_owner_password " != " $tpm_owner_password2 " || [ " ${# tpm_owner_password} " -gt 32 ] || [ -z " $tpm_owner_password " ; do
810- read -s -p $' \n New TPM Owner Password (2 words suggested, 1-32 characters max): '
809+ read -r - s -p $' \n New TPM Owner Password (2 words suggested, 1-32 characters max): '
811810
812- read -s -p $' \n Repeat chosen TPM Owner Password: '
811+ read -r - s -p $' \n Repeat chosen TPM Owner Password: '
813812 echo
814813
815814 if [ " $tpm_owner_password " != " $tpm_owner_password2 " ; then
You can’t perform that action at this time.
0 commit comments