From e00280e663dadb1895595ad0a5a19b917d470f33 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 19 Jan 2023 14:58:21 -0500
Subject: [PATCH] gui-init: warn the user when sealing measurements through
 TOTP/HOTP requires TPM reset

---
 initrd/bin/gui-init | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 74e30dba6..06a0d4224 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -149,17 +149,20 @@ prompt_update_checksums()
 generate_totp_htop()
 {
   echo "Scan the QR code to add the new TOTP secret"
-  /bin/seal-totp "$BOARD_NAME"
-  if [ -x /bin/hotp_verification ]; then
-    echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
-    read
-    /bin/seal-hotpkey
+  if /bin/seal-totp "$BOARD_NAME"; then
+    if [ -x /bin/hotp_verification ]; then
+      echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
+      read
+      /bin/seal-hotpkey
+    else
+      echo "Once you have scanned the QR code, hit Enter to continue"
+      read
+    fi
+    # clear screen
+    printf "\033c"
   else
-    echo "Once you have scanned the QR code, hit Enter to continue"
-    read
+    warn "Sealing of measurements inside of TPM failed. You might want to take ownership of TPM by resetting it."
   fi
-  # clear screen
-  printf "\033c"
 }
 
 update_totp()