fix tpmr.sh: use tpm_owner_passphrase from prompt function

The prompt_tpm_owner_password() function sets tpm_owner_passphrase variable,
but tpm2_seal was using an unset tpm_owner_password variable instead.
This caused evictcontrol to fail with auth error (0x9A2) since no passphrase
was being passed to the TPM command.

Also standardizes all user-facing strings and variables to use 'passphrase'
instead of 'password' for TPM owner auth, including the cache file path.

Fixes regression introduced in commit 16648ca.

Author: tlaurion

initrd/bin/gui-init.sh

@@ -956,8 +956,7 @@ fi
 
 # Detect dongle branding from USB VID:PID -- must run AFTER enable_usb so lsusb
 # can see the dongle (NK3 enumerates ~1 second after USB module load).
-DONGLE_BRAND="$(detect_usb_security_dongle_branding)"
-export DONGLE_BRAND
+detect_usb_security_dongle_branding
 
 if detect_boot_device; then
 	# /boot device with installed OS found

initrd/bin/oem-factory-reset.sh

@@ -1004,8 +1004,7 @@ usb_security_token_capabilities_check() {
 	enable_usb
 
 	# Always detect dongle branding from USB VID:PID — never read a stored file.
-	DONGLE_BRAND="$(detect_usb_security_dongle_branding)"
-	export DONGLE_BRAND
+	detect_usb_security_dongle_branding
 	DEBUG "USB Security dongle detected: $DONGLE_BRAND"
 	# Only show generic "Detected" if no specific brand was identified
 	if [ "$DONGLE_BRAND" = "USB Security dongle" ]; then

initrd/bin/seal-hotpkey.sh

@@ -51,8 +51,7 @@ counter_value=1
 enable_usb
 
 # Detect branding after USB is up so lsusb can see the device.
-DONGLE_BRAND="$(detect_usb_security_dongle_branding)"
-export DONGLE_BRAND
+detect_usb_security_dongle_branding
 DEBUG "$DONGLE_BRAND detected via USB VID:PID"
 
 TRACE_FUNC
@@ -72,8 +71,7 @@ if ! hotp_token_info="$(hotp_verification info)"; then
 fi
 
 # Re-detect branding now that the dongle is confirmed present.
-DONGLE_BRAND="$(detect_usb_security_dongle_branding)"
-export DONGLE_BRAND
+detect_usb_security_dongle_branding
 DEBUG "$DONGLE_BRAND detected via USB VID:PID"
 
 # Truncate the secret if it is longer than the maximum HOTP secret
@@ -109,13 +107,13 @@ hotpkey_fw_display "$hotp_token_info" "$DONGLE_BRAND"
 show_pin_retries() {
 	local info
 	info="$(hotp_verification info 2>/dev/null)" || true
-	if [ "$prompt_message" = "Secrets app" ]; then
+	if [ "$DONGLE_BRAND" = "Nitrokey 3" ]; then
 		admin_pin_retries=$(echo "$info" | grep "Secrets app PIN counter:" | cut -d ':' -f 2 | tr -d ' ')
 	else
 		admin_pin_retries=$(echo "$info" | grep "Card counters: Admin" | grep -o 'Admin [0-9]*' | grep -o '[0-9]*')
 	fi
 	admin_pin_retries="${admin_pin_retries:-0}"
-	STATUS "$DONGLE_BRAND $prompt_message PIN retries remaining: $(pin_color "$admin_pin_retries")${admin_pin_retries}\033[0m"
+	STATUS "$DONGLE_BRAND GPG Admin PIN retries remaining: $(pin_color "$admin_pin_retries")${admin_pin_retries}\033[0m"
 }
 
 # Try using factory default admin PIN for 1 month following OEM reset to ease
@@ -133,7 +131,7 @@ if [ "$((now_date - gpg_key_create_time))" -gt "$month_secs" ]; then
 elif [ "$admin_pin_retries" -lt 3 ]; then
 	DEBUG "Not trying default PIN ($admin_pin): only $admin_pin_retries attempt(s) left"
 else
-	STATUS "Trying $prompt_message PIN to seal HOTP secret on $DONGLE_BRAND"
+	STATUS "Trying GPG Admin PIN to seal HOTP secret on $DONGLE_BRAND"
 	# NK3 requires physical touch confirmation for the initialize operation
 	if [ "$DONGLE_BRAND" = "Nitrokey 3" ]; then
 		NOTE "Nitrokey 3 requires physical presence: touch the dongle when prompted"
@@ -151,9 +149,9 @@ if [ "$admin_pin_status" -ne 0 ]; then
 	for tries in 1 2 3; do
 		show_pin_retries
 		if [ "$tries" -eq 1 ]; then
-			INPUT "Enter your $DONGLE_BRAND $prompt_message PIN (attempt $tries/3):" -r -s admin_pin
+			INPUT "Enter your $DONGLE_BRAND GPG Admin PIN (attempt $tries/3):" -r -s admin_pin
 		else
-			INPUT "Wrong PIN - re-enter your $DONGLE_BRAND $prompt_message PIN (attempt $tries/3):" -r -s admin_pin
+			INPUT "Wrong PIN - re-enter your $DONGLE_BRAND GPG Admin PIN (attempt $tries/3):" -r -s admin_pin
 		fi
 		if hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$DONGLE_BRAND"; then
 			break
@@ -163,10 +161,10 @@ if [ "$admin_pin_status" -ne 0 ]; then
 			shred -n 10 -z -u "$HOTP_SECRET" 2>/dev/null
 			case "$DONGLE_BRAND" in
 			"Nitrokey Pro" | "Nitrokey Storage" | "Nitrokey 3")
-				DIE "Setting HOTP secret on $DONGLE_BRAND failed after 3 attempts. To reset $prompt_message PIN: redo Re-Ownership, or use Nitrokey App 2, or contact Nitrokey support."
+				DIE "Setting HOTP secret on $DONGLE_BRAND failed after 3 attempts. To reset GPG Admin PIN: redo Re-Ownership, or use Nitrokey App 2, or contact Nitrokey support."
 				;;
 			"Librem Key")
-				DIE "Setting HOTP secret on $DONGLE_BRAND failed after 3 attempts. To reset $prompt_message PIN: redo Re-Ownership or contact Purism support."
+				DIE "Setting HOTP secret on $DONGLE_BRAND failed after 3 attempts. To reset GPG Admin PIN: redo Re-Ownership or contact Purism support."
 				;;
 			*)
 				DIE "Setting HOTP secret failed after 3 attempts"
@@ -177,7 +175,7 @@ if [ "$admin_pin_status" -ne 0 ]; then
 else
 	# Default PIN was accepted — security reminder, not a fatal error.
 	# NOTE prints blank lines before/after and is always visible; no INPUT needed.
-	NOTE "Default $prompt_message PIN detected.  Change it via Options --> OEM Factory Reset / Re-Ownership."
+	NOTE "Default GPG Admin PIN detected.  Change it via Options --> OEM Factory Reset / Re-Ownership."
 fi
 
 # HOTP key no longer needed

initrd/bin/seal-totp.sh

@@ -50,7 +50,7 @@ DEBUG "Sealing TOTP without PCR6 involvement (LUKS header consistency is not fir
 # pcr 7 is containing measurements of user injected stuff in cbfs
 DEBUG "Sealing TOTP with actual state of PCR7 (User injected stuff in cbfs)"
 tpmr.sh pcrread -a 7 "$pcrf"
-#Make sure we clear the TPM Owner Password from memory in case it failed to be used to seal TOTP
+#Make sure we clear the TPM Owner Passphrase from memory in case it failed to be used to seal TOTP
 
 # if the board has TPM2 tools, check for the primary handle before
 # attempting to seal; a missing handle is the most common reason for
@@ -61,9 +61,9 @@ fi
 
 # perform sealing via tpmr.sh. Failures may indicate missing primary handle
 # or other TPM state issues. Avoid DO_WITH_DEBUG so interactive prompts
-# (TPM owner password on TPM1) are not hidden from the user.
+# (TPM owner passphrase on TPM1) are not hidden from the user.
 STATUS "Sealing TOTP secret to TPM NVRAM"
-if ! tpmr.sh seal "$TOTP_SECRET" "$TPM_NVRAM_SPACE" 0,1,2,3,4,7 "$pcrf" 312 "" "$TPM_PASSWORD"; then
+if ! tpmr.sh seal "$TOTP_SECRET" "$TPM_NVRAM_SPACE" 0,1,2,3,4,7 "$pcrf" 312 "" "$TPM_PASSPHRASE"; then
 	# tpmr.sh already logged details; guide user generically to reset TPM
 	DIE "Unable to seal TOTP secret to TPM NVRAM; reset the TPM (Options -> TPM/TOTP/HOTP Options -> Reset the TPM in the GUI) and try again."
 fi