Write connection details to TTY on boot #53
Conversation
lukechilds
force-pushed
the
connection-details
branch
from
7868f8a to
529c2a7
Compare
|
Concept and implementation ACK! What a beautiful and creative solution to the pressing problem of bootstrapping initial connection. Pretty sure many OGs and hardcoiners are going to love it! Unfortunately, I don't have a micro HDMI cable at my disposal currently, so I cannot test it. Meanwhile, @nolim1t: if you could test it out that'd be wonderful. Else we can directly proceed to merge it because we trust, and don't verify. |
|
We should have it show the IP address too. |
+1. That's a very good point. |
|
Raspbian/Pi OS already logs the IP, you can see it in the photo just below the 6th We could pull it in to the ascii output to neaten it up but I didn't think the dashboard was available via IP address due to it not being in the origin whitelist? |
|
Ah yes, you're right. We can export the IP as an environment variable called |
|
Yeah that's a good idea. |
There was a problem hiding this comment.
Added some small notes. Cool stuff! 👌🏻
Only other thought is that having logo, and QR horizontally will get them both terribly scrambled on a screen that's not wide enough. But I guess most TVs should be fine and guessing some smaller displays are not supported, and/or would require some extra changes.
Yeah, my thinking was that most HDMI displays are 16:9 and a good chunk of those will be exactly 1920x1080. So its probably safe to assume most users will see it how we've tested it. Also, remember this is writing directly to the TTY, it's not a proper terminal, AFAIK there is no scroll buffer. So if we put them underneath each other and something goes out of view there's no way for the user to scroll it back in. Since most diaplys will be 16:9, we actually have more horizontal real estate than vertical, so displaying things horizontally instead of vertically increases the amount of things we can show before they get cut off. |
|
LGTM.. |
|
Only thing I can see making any sense would be removing some horizontal whitespace between, and around them, but again… probably really not worth bothering with. Alternatively, spend an evening writing a custom QR-generator that puts umbrel logo in the middle 😝. |
@meeDamian stop giving him ideas 🤫 |
| on_chroot << EOF | ||
| pip3 install qrcode | ||
| EOF |
There was a problem hiding this comment.
I would suggest adding python3-qrcode to packages instead.
There was a problem hiding this comment.
Wooaaaah, I've been messing around for ages trying to get pipenv to install system packages as root so we can install securely and verify against a checksum, had no idea it was available via apt!
| @@ -73,4 +73,12 @@ if [ ! -f /home/umbrel/statuses/service-configured ]; then | |||
| fi | |||
| fi | |||
|
|
|||
| # Display connection details on the TTY | |||
There was a problem hiding this comment.
You could add a clear here.
There was a problem hiding this comment.
I'm not sure we should clear the TTY here since there could be useful log output on the screen that we don't want to overwrite.
| chmod +x files/connection-details | ||
| cp files/connection-details "${ROOTFS_DIR}"/usr/local/bin/connection-details |
There was a problem hiding this comment.
install -m 755 files/connection-details "${ROOTFS_DIR}"/usr/bin/connection-details would probably work better here.
There was a problem hiding this comment.
Thanks, was not aware of install!
lukechilds
force-pushed
the
connection-details
branch
from
4ee6d63 to
28a6164
Compare
When an HDMI monitor is connected to the Pi, it'll write the Tor hidden service address directly to the TTY without requiring the user to login.
This solves the problem of setting up a device on an untrusted network. We use the HDMI display as a secure channel to write out an ascii QR code that the user can scan to start the setup process securely via Tor.
Currently the setup is done over unencrypted HTTP on the local network. This is fine if the user trusts the network, however many people have smart devices on their local networks such as Chromecast/Sonos/Smart TV/etc and we can't verify how they work and that they aren't malicious.
So with that in mind it's probably not safe to assume the user's network is secure. Most users networks are probably insecure and they just don't know it.
It's impossible to bootstrap a secure connection over an insecure connection without any previous communication. If we show the hidden service address on the HTTP server and tell the user to continue there, there's no way they can verify someone hasn't MITMd the initial connection and injected a false address.
A self signed SSL cert doesn't really achieve anything here because if we generate it randomly the user doesn't know the expected fingerprint for the real cert, and if we hardcode it an attacker can just extract the private key from the source and use that to imitate the real server.
We need a secure communication channel to do some sort of initial information share so that we can establish a secure channel, and HDMI seems like the simplest solution.
Here's an example of what the ascii output looks like: