mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
fde: add HasDeviceUnlock() helper
This method is used to determine if the fde-device-unlock helper is available.
This commit is contained in:
@@ -43,6 +43,16 @@ func HasRevealKey() bool {
|
||||
return err == nil
|
||||
}
|
||||
|
||||
// HasDeviceUnlock return true if the current system has a
|
||||
// "fde-device-unlock" binary (usually used in the initrd).
|
||||
//
|
||||
// This will be used by the initrd to determine if cryptsetup is
|
||||
// skipped and a hook need to be used to unlock individual device.
|
||||
func HasDeviceUnlock() bool {
|
||||
_, err := exec.LookPath("fde-device-unlock")
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func isV1Hook(hookOutput []byte) bool {
|
||||
// This is the prefix of a tpm secboot v1 key as used in the
|
||||
// "denver" project. So if we see this prefix we know it's
|
||||
|
||||
@@ -74,6 +74,8 @@ func (s *fdeSuite) TestHasRevealKey(c *C) {
|
||||
// correct fde-reveal-key, no logging
|
||||
err = os.Chmod(mockBin+"fde-reveal-key", 0755)
|
||||
c.Assert(err, IsNil)
|
||||
|
||||
c.Check(fde.HasRevealKey(), Equals, true)
|
||||
}
|
||||
|
||||
func (s *fdeSuite) TestInitialSetupV2(c *C) {
|
||||
@@ -513,3 +515,28 @@ service result: exit-code
|
||||
// ensure no tmp files are left behind
|
||||
c.Check(osutil.FileExists(filepath.Join(dirs.GlobalRootDir, "/run/fde-reveal-key")), Equals, false)
|
||||
}
|
||||
|
||||
func (s *fdeSuite) TestHasDeviceUnlock(c *C) {
|
||||
oldPath := os.Getenv("PATH")
|
||||
defer func() { os.Setenv("PATH", oldPath) }()
|
||||
|
||||
mockRoot := c.MkDir()
|
||||
os.Setenv("PATH", mockRoot+"/bin")
|
||||
mockBin := mockRoot + "/bin/"
|
||||
err := os.Mkdir(mockBin, 0755)
|
||||
c.Assert(err, IsNil)
|
||||
|
||||
// no fde-device-unlock binary
|
||||
c.Check(fde.HasDeviceUnlock(), Equals, false)
|
||||
|
||||
// fde-device-unlock without +x
|
||||
err = ioutil.WriteFile(mockBin+"fde-device-unlock", nil, 0644)
|
||||
c.Assert(err, IsNil)
|
||||
c.Check(fde.HasDeviceUnlock(), Equals, false)
|
||||
|
||||
// correct fde-device-unlock, no logging
|
||||
err = os.Chmod(mockBin+"fde-device-unlock", 0755)
|
||||
c.Assert(err, IsNil)
|
||||
|
||||
c.Check(fde.HasDeviceUnlock(), Equals, true)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user