-
Notifications
You must be signed in to change notification settings - Fork 1
/
fde.go
64 lines (54 loc) · 2.09 KB
/
fde.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2020 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
// package fde implements helper used by low level parts like secboot
// in snap-bootstrap and high level parts like DeviceManager in snapd.
//
// Note that it must never import anything overlord related itself
// to avoid increasing the size of snap-bootstrap.
package fde
import (
"os/exec"
"github.com/snapcore/snapd/secboot"
)
func init() {
secboot.FDEHasRevealKey = HasRevealKey
}
// HasRevealKey return true if the current system has a "fde-reveal-key"
// binary (usually used in the initrd).
//
// This will be setup by devicestate to support device-specific full
// disk encryption implementations.
func HasRevealKey() bool {
// XXX: should we record during initial sealing that the fde-setup
// was used and only use fde-reveal-key in that case?
_, err := exec.LookPath("fde-reveal-key")
return err == nil
}
// SetupRequest carries the operation and parameters for the fde-setup hooks
// made available to them via the snapctl fde-setup-request command.
type SetupRequest struct {
// XXX: make "op" a type: "features", "initial-setup", "update" ?
Op string `json:"op"`
Key *secboot.EncryptionKey `json:"key,omitempty"`
KeyName string `json:"key-name,omitempty"`
// List of models with their related fields, this will be set
// to follow the secboot:SnapModel interface.
Models []map[string]string `json:"models,omitempty"`
// TODO: provide LoadChains, KernelCmdline etc to support full
// tpm sealing
}