Merge c8fe63c into f8f7fb5

src/lib/y2partitioner/actions/controllers/encryption.rb

@@ -100,9 +100,12 @@ def several_encrypt_methods?
         #
         # @return [Array<Y2Storage::EncryptionMethod>]
         def methods
-          encrypt_methods = [Y2Storage::EncryptionMethod::LUKS1]
-          encrypt_methods << Y2Storage::EncryptionMethod::RANDOM_SWAP if swap?
-          encrypt_methods
+          @methods ||=
+            if swap?
+              Y2Storage::EncryptionMethod.available
+            else
+              Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?)
+            end
         end
 
         # Applies last changes to the block device at the end of the wizard, which

src/lib/y2partitioner/dialogs/encryption.rb

@@ -70,7 +70,7 @@ def label
         # @macro seeItemsSelection
         def items
           keep_label =
-            format(_("Preserve existing encryption (%s)"), encryption_method.to_human_string)
+            format(_("Preserve existing encryption (%s)"), encryption_system.to_human_string)
 
           [
             [:keep, keep_label],
@@ -114,9 +114,12 @@ def help
 
         # Encryption method currently used by the device
         #
-        # @return [Y2Storage::EncryptionMethod]
-        def encryption_method
-          @controller.encryption.method
+        # If the method couldn't be determined, it returns the encryption type
+        # instead
+        #
+        # @return [Y2Storage::EncryptionMethod, Y2Storage::EncryptionType]
+        def encryption_system
+          @controller.encryption.method || @controller.encryption.type
         end
       end
     end

src/lib/y2partitioner/widgets/encrypt.rb

@@ -169,6 +169,23 @@ def help_for_luks1(encrypt_method)
           label: encrypt_method.to_human_string
         )
       end
+
+      # Help text for the  encryption method
+      #
+      # @return [String]
+      def help_for_pervasive_luks2(encrypt_method)
+        format(
+          # TRANSLATORS: Pervasive encryption terminology. For the English version see
+          # https://www.ibm.com/support/knowledgecenter/linuxonibm/liaaf/lnz_r_crypt.html
+          _("<p><b>%{label}</b>: allows to encrypt the device using LUKS2 with a master secure key " \
+            "processed by a Crypto Express cryptographic coprocessor configured in CCA mode.</p>" \
+           "<p>If the cryptographic system already contains a secure key associated to this " \
+           "volume, that key will be used. Otherwise, a new secure key will be generated and " \
+           "registered in the system. You need to provide an encryption password that will be " \
+           "used to protect the access to that master key.</p>"),
+          label: encrypt_method.to_human_string
+        )
+      end
     end
   end
 end

src/lib/y2partitioner/widgets/encrypt_method_options.rb

@@ -54,10 +54,11 @@ def empty_widget
       # @return [CWM::CustomWidget] a widget containing the options for the
       # given encryption method
       def options_for(encrypt_method)
-        if encrypt_method.is?(:random_swap)
+        case encrypt_method.to_sym
+        when :random_swap
           RandomOptions.new(controller)
-        elsif encrypt_method.is?(:luks1)
-          Luks1Options.new(controller)
+        when :luks1, :pervasive_luks2
+          LuksOptions.new(controller)
         end
       end
     end
@@ -88,8 +89,8 @@ def contents
       end
     end
 
-    # Internal widget to display the Luks1 encryption options
-    class Luks1Options < CWM::CustomWidget
+    # Internal widget to display the Luks encryption options
+    class LuksOptions < CWM::CustomWidget
       # Constructor
       #
       # @param controller [Actions::Controllers::Encryption]

src/lib/y2storage/blk_device.rb

@@ -300,7 +300,7 @@ def encrypted?
     def encrypt(method: EncryptionMethod::LUKS1, dm_name: nil, password: nil)
       method = EncryptionMethod.find(method) if method.is_a?(Symbol)
       enc = method.create_device(self, dm_name)
-      enc.auto_dm_name = !dm_name
+      enc.auto_dm_name = enc.dm_table_name.empty?
       enc.password = password if password
 
       Encryption.update_dm_names(devicegraph)

src/lib/y2storage/device.rb

@@ -197,6 +197,11 @@ def hash
     #       sorted list (less than)
     storage_class_forward :compare_by_name
 
+    # @!method self.all(devicegraph)
+    #   @param devicegraph [Devicegraph]
+    #   @return [Array<Device>] all the devices in the given devicegraph
+    storage_class_forward :all, as: "Device"
+
     # Check whether the device exists in the probed devicegraph
     #
     # @note This is slightly different from Storage::Device#exists_in_probed?, which

src/lib/y2storage/devicegraph.rb

@@ -155,6 +155,13 @@ def actiongraph(from: nil)
       Actiongraph.new(graph)
     end
 
+    # All the devices in the devicegraph, in no particular order
+    #
+    # @return [Array<Device>]
+    def devices
+      Device.all(self)
+    end
+
     # All the DASDs in the devicegraph, sorted by name
     #
     # @note Based on the libstorage classes hierarchy, DASDs are not considered to be disks.
@@ -508,6 +515,16 @@ def dump(file_base_name = nil)
       DumpManager.dump(self, file_base_name)
     end
 
+    # Executes the pre_commit method in all the devices
+    def pre_commit
+      devices_action(:pre_commit)
+    end
+
+    # Executes the post_commit method in all the devices
+    def post_commit
+      devices_action(:post_commit)
+    end
+
     private
 
     # Copy of a device tree where hashes have been substituted by sorted
@@ -560,5 +577,12 @@ def remove_with_dependants(device, keep: [])
         remove_device(dev)
       end
     end
+
+    # See {#pre_commit} and {#post_commit}
+    def devices_action(method)
+      devices.each do |device|
+        device.send(method) if device.respond_to?(method)
+      end
+    end
   end
 end

src/lib/y2storage/encryption.rb

@@ -188,6 +188,22 @@ def method
     # @param value [Encryption::Processes]
     def encryption_process=(value)
       save_userdata(:encryption_process, value)
+      @encryption_process = value
+    end
+
+    # Executes the actions that must be performed right before the devicegraph is
+    # committed to the system
+    def pre_commit
+      return unless encryption_process
+
+      encryption_process.pre_commit(self)
+      save_encryption_process
+    end
+
+    # Executes the actions that must be performed after the devicegraph has been
+    # committed to the system
+    def post_commit
+      encryption_process&.post_commit(self)
     end
 
     protected
@@ -205,7 +221,12 @@ def assign_etc_attribute(value)
     #
     # @return [EncryptionProcess::Base, nil]
     def encryption_process
-      userdata_value(:encryption_process)
+      @encryption_process ||= userdata_value(:encryption_process)
+    end
+
+    # Updates the userdata with an up-to-date version of the encryption process
+    def save_encryption_process
+      self.encryption_process = encryption_process
     end
 
     class << self

src/lib/y2storage/encryption_method.rb

@@ -19,6 +19,7 @@
 
 require "y2storage/encryption_processes/luks1"
 require "y2storage/encryption_processes/swap"
+require "y2storage/encryption_processes/pervasive"
 
 module Y2Storage
   # YaST provides different Encryption Methods to encrypt a block device. Not to be confused with the
@@ -34,6 +35,7 @@ module Y2Storage
   # @example
   #
   #   method = EncryptionMethod.all.first
+  #   method = EncryptionMethod.available.first
   #   method = EncryptionMethod.find(:luks1)
   #   method = EncryptionMethod.find(:random_swap)
   #   method = EncryptionMethod.new #=> error, private method
@@ -58,11 +60,14 @@ def initialize(id, label, process_class)
     LUKS1 = new(
       :luks1, N_("Regular LUKS1"), EncryptionProcesses::Luks1
     )
+    PERVASIVE_LUKS2 = new(
+      :pervasive_luks2, N_("Pervasive Volume Encryption"), EncryptionProcesses::Pervasive
+    )
     RANDOM_SWAP = new(
       :random_swap, N_("Random Swap"), EncryptionProcesses::Swap
     )
 
-    ALL = [LUKS1, RANDOM_SWAP].freeze
+    ALL = [LUKS1, PERVASIVE_LUKS2, RANDOM_SWAP].freeze
     private_constant :ALL
 
     class << self
@@ -77,6 +82,13 @@ def all
         ALL.dup
       end
 
+      # Sorted list of all encryption methods that can be used in this system
+      #
+      # @return [Array<Y2Storage::EncryptionMethod>]
+      def available
+        all.select(&:available?)
+      end
+
       # Looks for the encryption method used for the given encryption device
       #
       # @param encryption [Y2Storage::Encryption]
@@ -132,6 +144,23 @@ def used_for?(encryption)
       process_class.used_for?(encryption)
     end
 
+    # Whether the encryption method can be used in this system
+    #
+    # @return [Boolean]
+    def available?
+      process_class.available?
+    end
+
+    # Whether the encryption method is useful only for swap
+    #
+    # Some encryption methods are mainly useful for encrypting swap disks since they produce a new key
+    # on every boot cycle.
+    #
+    # @return [Boolean]
+    def only_for_swap?
+      process_class.only_for_swap?
+    end
+
     # Creates an encryption device for the given block device
     #
     # @param blk_device [Y2Storage::BlkDevice]

src/lib/y2storage/encryption_processes/base.rb

@@ -39,6 +39,24 @@ def self.used_for?(_encryption)
         false
       end
 
+      # Whether the process can be executed in the current system
+      #
+      # @see EncryptionMethod#available?
+      #
+      # @return [Boolean]
+      def self.available?
+        true
+      end
+
+      # Whether the process is mainly useful for swap disks
+      #
+      # @see EncryptionMethod#only_for_swap?
+      #
+      # @return [Boolean]
+      def self.only_for_swap?
+        false
+      end
+
       # Constructor
       #
       # @param method [Y2Storage::EncryptionMethod]
@@ -65,6 +83,18 @@ def create_device(blk_device, dm_name)
       #
       # @return [Y2Storage::EncryptionType]
       abstract_method :encryption_type
+
+      # Executes the actions that must be performed right before the devicegraph is
+      # committed to the system
+      #
+      # @param _device [Encryption]
+      def pre_commit(_device); end
+
+      # Executes the actions that must be performed after the devicegraph has
+      # been committed to the system
+      #
+      # @param _device [Encryption]
+      def post_commit(_device); end
     end
   end
 end

src/lib/y2storage/encryption_processes/luks1.rb

@@ -22,7 +22,7 @@
 
 module Y2Storage
   module EncryptionProcesses
-    # The enryption process that allows to create and identify an encryped
+    # The encryption process that allows to create and identify an encrypted
     # device using LUKS1
     class Luks1 < Base
       # Whether the process was used for the given encryption device