Skip to content

firstboot: Prompt for secret during firstboot welcome

Joseph Nuthalapati requested to merge njoseph/plinth:firsboot-wizard-secret into master
  • A freshly installed FreedomBox can be hijacked by a third party and an admin account can be created which can be used to inject malware or simply take over the instance. Password protecting the firstboot step is a good way to avoid this. A secret will be displayed to the user as soon as the Plinth package is installed, which they have to enter during firstboot welcome step. Also, writing this to a file in plinth's home in case the user loses it.
  • This protection is not applicable for images built by freedom-maker and for Amazon Machine Images.

Signed-off-by: Joseph Nuthalapati njoseph@thoughtworks.com

Merge request reports