Skip to content

Add HMAC-based LUKS2 auth #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 7, 2025
Merged

Add HMAC-based LUKS2 auth #1

merged 3 commits into from
Oct 7, 2025
+121 −30

Conversation

@alexhulbert
Copy link
Member

@alexhulbert alexhulbert commented Sep 9, 2025
edited
Loading

No description provided.

@alexhulbert alexhulbert requested a review from Copilot September 9, 2025 14:02
Copilot AI reviewed Sep 9, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements HMAC-based LUKS2 authentication by adding header integrity verification using HMAC-SHA256. The changes enable detached LUKS header storage with MAC verification to protect against header tampering.

Key changes:

  • Adds HMAC-based header verification using SHA256 for LUKS2 authentication
  • Implements detached header workflow with MAC storage on disk
  • Refactors disk setup and mounting to use header verification

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 10 comments.

File Description
tdx-init.go Adds headerFile constant for temporary header storage
passphrase.go Implements HMAC verification functions and refactors LUKS operations to use detached headers with MAC authentication

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Ruteri
Ruteri reviewed Sep 11, 2025
View reviewed changes
@alexhulbert
Copy link
Member Author

I'm going to go ahead and merge this, but I'm not going to update the Bob image until I get the green light from @astarinmymind

@alexhulbert alexhulbert merged commit c638970 into main Oct 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ruteri Ruteri Ruteri left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexhulbert @Ruteri