crosh: Add U2F disclaimer.
The experimental U2F implementation is recently drawing more
attention, and users are stumbling upon various restrictions
(including some that have security implications) that we intend to
resolve before public launch. Make users aware of this by showing a
warning message with the u2_flags command.
BUG=chromium:851955
TEST=Invoking u2f_flags in crosh generates a scary warning message.
Change-Id: I74a7daabb51659b2e517462c0359a7858664345e
Reviewed-on: https://chromium-review.googlesource.com/1099059
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
(cherry picked from commit aeb16b7a802d4b077d83dcd62e822c5c6f3a2c61)
Reviewed-on: https://chromium-review.googlesource.com/1110058
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
diff --git a/crosh/crosh b/crosh/crosh
index 04bf6a3..54e4c15 100755
--- a/crosh/crosh
+++ b/crosh/crosh
@@ -784,14 +784,24 @@
debugd_shill network_diag --help
)
+u2f_warning='
+ ### IMPORTANT: The U2F feature is experimental and not suitable for
+ ### general production use in its current form. The current
+ ### implementation is still in flux and some features (including
+ ### security-relevant ones) are still missing. You are welcome to
+ ### play with this, but use at your own risk. You have been warned.
+'
+
USAGE_u2f_flags='<u2f | g2f>[,verbose]'
-HELP_u2f_flags='
+HELP_u2f_flags="
+${u2f_warning}
Set flags to override the second-factor authentication daemon configuration.
u2f: Always enable the standard U2F mode even if not set in device policy.
g2f: Always enable the U2F mode plus some additional extensions.
verbose: Increase the daemon logging verbosity in /var/log/messages.
-'
+"
cmd_u2f_flags() (
+ echo "${u2f_warning}"
debugd SetU2fFlags "string:$*"
)
