Add password protection similar like xochitl

[torwag]

Seems to be a bit of a weak spot if you have a password on xochitl to protect important data, but one can start e,g, a shell terminal just without any password.

[Eeems]

I like this! My one concern is that since xochitl needs to be launched for wifi to connect, I'd prefer to hold off on this until we get oxide handling wifi connections. That way you can get unstuck if for some reason you forgot your password, don't have a USB cable, but still have ssh credentials.

[Eeems]

So, blocked by #7

[torwag]

or we keep 1111 as a "hidden" super password ;)... just joking

[Eeems]

QSettings xochitlSettings("/home/root/.config/remarkable/xochitl.conf", QSettings::IniFormat);
xochitlSettings.sync();
qDebug() << xochitlSettings.value("Password").toString();

[torwag]

are you telling me that they keep the login password in the settings completely unencrypted?

[torwag]

Ohh well, just checked...

[Eeems]

@torwag Yup, completely human readable too.

Honestly I'm not too concerned, technically you'd already have root access to the device if you can read it. Which means you already can do whatever you want. As we start to develop apps though, we might start creating attack vectors that would mean we want to do something to secure it better.

[Eeems]

So I'm trying to figure out the correct scope here. Here is what I think would be the correct way to do this:

On Install

• If a password is detected in xochitl configuration remove it and use it for oxide.
• If a password is ever detected in xochitl's configuration, remove it and update oxide's password.
• On resume from any application, pause the application and present password screen.

On Uninstall

• If a password is configured add it to xochitl's configuration.

@torwag and @raisjnn thoughts?

I'm also thinking of mimicking the xochitl password screen.

[torwag]

That sounds valid to me. I thinking whether some users prefer to have two passwords. One for xochitl one for oxide... like in:
you can play with dads tablet but do not mess with my working notes.
But then, I believe the rM is pretty much a single user device and most will be annoyed to type the password twice.
Should oxide provide a way to change the password, write it back on xochitl and read if from xochitl on a user request? I would found it odd that I have to add a password in xochitl, which works without password, to actually replace my password in oxide.

[Eeems]

So maybe on install/first launch prompt to import? Afterwords just leave it alone? And then on uninstall only export if xochitl doesn't have a password configured?

[torwag]

Best would be if it prompts for import during install and prompt to copy it back to xochitl during uninstall, albeit the uninstall one might be tricky to realize. I just think it would be best if a user knows exactly what is going on with something like passwords.
If the uninstall routine is tricky to handle, I wonder if it would be better to set the password back in xochitl or not
a) For security reasons it would be better. Not exposing xochitl unprotected, if oxide gets removed. Also if oxide takes over the password and deactivates it on xochitl, it should be the responsibility of oxide to undo this step during uninstall.
b) If a user wants to get rid of oxide because he forgot the password or due to some misbehave, well he might be not amused to see suddenly the same password set in xochitl.

Against b) speaks the point that if someone is able to uninstall oxide, he most likely has root access and is able to recover the password easily.

[Eeems]

I'm thinking that the best way to handle this would be to have an initial wizard on first launch after install that does the following:

1. Ask if the user wants to import the password from xochitl (default: yes).
   1. Ask if the user would like the password cleared from xochitl (default: yes).
   2. If the password was cleared, ask if the user would like to restore the password from oxide to xochitl on uninstall (default: yes).
2. If no password was imported, ask if the user wants to set a password (default: yes).
   1. Prompt for password twice and store to oxide.

[Eeems]

[Eeems]

[Eeems]

Mostly done. I don't have an option to change the PIN, or to not use a PIN. I think the option to change the PIN will just be part of #99. I will need to add the option to not pick a PIN though.

[Eeems]

Okay no pin option exists. Closing this. #99 will handle the changing of the pin.