fde

package

v0.0.0-...-9e584df Latest Latest Go to latest Published: Aug 27, 2021 License: GPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

package fde implements helper used by low level parts like secboot in snap-bootstrap and high level parts like DeviceManager in snapd.

Note that it must never import anything overlord related itself to avoid increasing the size of snap-bootstrap.

Index ¶

func HasRevealKey() bool
func LockSealedKeys() error
func MockRunFDERevealKey(mock func(*RevealKeyRequest) ([]byte, error)) (restore func())
func Reveal(params *RevealParams) (payload []byte, err error)
type InitialSetupParams
type InitialSetupResult
- func InitialSetup(runSetupHook RunSetupHookFunc, params *InitialSetupParams) (*InitialSetupResult, error)
type RevealKeyRequest
type RevealParams
type RunSetupHookFunc
type SetupRequest

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HasRevealKey ¶

func HasRevealKey() bool

HasRevealKey return true if the current system has a "fde-reveal-key" binary (usually used in the initrd).

This will be setup by devicestate to support device-specific full disk encryption implementations.

func LockSealedKeys ¶

func LockSealedKeys() error

func MockRunFDERevealKey ¶

func MockRunFDERevealKey(mock func(*RevealKeyRequest) ([]byte, error)) (restore func())

func Reveal ¶

func Reveal(params *RevealParams) (payload []byte, err error)

Reveal invokes the fde-reveal-key reveal operation.

Types ¶

type InitialSetupParams ¶

type InitialSetupParams struct {
	Key     []byte
	KeyName string
}

InitialSetupParams contains the inputs for the fde-setup hook

type InitialSetupResult ¶

type InitialSetupResult struct {
	// result when called with "initial-setup"
	// XXX call this encrypted-key if possible?
	EncryptedKey []byte           `json:"sealed-key"`
	Handle       *json.RawMessage `json:"handle"`
}

InitalSetupResult contains the outputs of the fde-setup hook

func InitialSetup ¶

func InitialSetup(runSetupHook RunSetupHookFunc, params *InitialSetupParams) (*InitialSetupResult, error)

InitialSetup invokes the initial-setup op running the kernel hook via runSetupHook.

type RevealKeyRequest ¶

type RevealKeyRequest struct {
	Op string `json:"op"`

	SealedKey []byte           `json:"sealed-key,omitempty"`
	Handle    *json.RawMessage `json:"handle,omitempty"`
	// deprecated for v1
	KeyName string `json:"key-name,omitempty"`
}

RevealKeyRequest carries the operation parameters to the fde-reavel-key helper that receives them serialized over stdin.

type RevealParams ¶

type RevealParams struct {
	SealedKey []byte
	Handle    *json.RawMessage
	// V2Payload is set true if SealedKey is expected to contain a v2 payload
	// (disk key + aux key)
	V2Payload bool
}

RevealParams contains the parameters for fde-reveal-key reveal operation.

type RunSetupHookFunc ¶

type RunSetupHookFunc func(req *SetupRequest) ([]byte, error)

A RunSetupHookFunc implements running the fde-setup kernel hook.

type SetupRequest ¶

type SetupRequest struct {
	// XXX: make "op" a type: "features", "initial-setup", "update" ?
	Op string `json:"op"`

	// This needs to be a []byte so that Go's standard library will base64
	// encode it automatically for us
	Key     []byte `json:"key,omitempty"`
	KeyName string `json:"key-name,omitempty"`
}

SetupRequest carries the operation and parameters for the fde-setup hooks made available to them via the snapctl fde-setup-request command.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL