init: wait for usbhid drivers for fido2 unlocking

[c3Ls1US]

Accomplishes the same effect as 1b65577 but instead of forcibly loading the usbhid and hid_sensor_hub modules, specific events are listened and waited for, namely, the hid-generic and the usbhid drivers.

It appears booster is being too fast, and doesn't wait long enough for the built in hid-generic driver to target the hidraw devices plugged via usb. As a result, errors occur for uevents when attempting to recover the fido2 password from hidraw devices.

This way unlocking encrypted partitions with fido2 keys is possible by only specifying fido2-assert in booster.yaml, but without the workarounds of generating a universal image and loading the hid_sensor_hub.

[anatol]

The idea sounds good.

We can also revert 1b65577

[c3Ls1US]

Tested a few times locally on my branch, and built within a chroot on arch. Appears to work when hidraw devices are plugged via a usb hub as well.

If you're on arch, here's the PKGBUILD

pkgname=booster-git
pkgver=0.11.r9.g0b915c0
pkgrel=1
pkgdesc='Fast and secure initramfs generator'
arch=(x86_64)
url='https://github.com/c3Ls1US/booster'
license=(MIT)
depends=(bash glibc)
makedepends=(git go ruby-ronn-ng)
#checkdepends=(qemu-headless linux tang)
optdepends=(
  'busybox: to enable emergency shell at the boot time'
  'yubikey-personalization: for clevis Yubikey challenge-response support'
  'libfido2: for systemd-enroll with FIDO2'
)
backup=(etc/booster.yaml)
provides=(booster initramfs)
conflicts=(booster)
replaces=(booster)
source=(git+https://github.com/c3Ls1US/booster.git#branch=fido2)
sha512sums=('SKIP')

pkgver() {
  cd booster
  git describe --long --tags | sed 's/\([^-]*-g\)/r\1/;s/-/./g'
}

build() {
  cd booster

  cd generator
  CGO_CPPFLAGS="${CPPFLAGS}" CGO_CFLAGS="${CFLAGS}" CGO_CXXFLAGS="${CXXFLAGS}" CGO_LDFLAGS="${LDFLAGS}" \
    go build -trimpath \
      -buildmode=pie \
      -mod=readonly \
      -modcacherw \
      -ldflags "-linkmode external -extldflags \"${LDFLAGS}\""

  cd ../init
  CGO_ENABLED=0 go build -trimpath -mod=readonly -modcacherw

  cd ..
  ronn docs/manpage.md
}

check() {
  cd booster/tests
  # arch chroot does not allow access to KVM
  # TEST_DISABLE_KVM=1 go test -v # integration tests require a lot of time and space to build 10G images
}

package() {
  cd booster
  mkdir "$pkgdir/etc/"
  touch "$pkgdir/etc/booster.yaml"
  install -Dp -m755 generator/generator "$pkgdir/usr/bin/booster"
  install -Dp -m644 docs/manpage.1 "$pkgdir/usr/share/man/man1/booster.1"
  install -Dp -m755 init/init "$pkgdir/usr/lib/booster/init"
  install -Dp -m755 packaging/arch/regenerate_images "$pkgdir/usr/lib/booster/regenerate_images"

  install -Dp -m644 packaging/arch/90-booster-install.hook "$pkgdir/usr/share/libalpm/hooks/90-booster-install.hook"
  install -Dp -m755 packaging/arch/booster-install "$pkgdir/usr/share/libalpm/scripts/booster-install"
  install -Dp -m644 packaging/arch/60-booster-remove.hook "$pkgdir/usr/share/libalpm/hooks/60-booster-remove.hook"
  install -Dp -m755 packaging/arch/booster-remove "$pkgdir/usr/share/libalpm/scripts/booster-remove"
  install -Dp -m755 contrib/completion/bash "$pkgdir/usr/share/bash-completion/completions/booster"
}

[anatol]

The commits look fine to me. Let me know if you are done changing and then I merge the changes.

[c3Ls1US]

The commits look fine to me. Let me know if you are done changing and then I merge the changes.

@anatol Finished.

[anatol]

Thank you for your work @c3Ls1US !