Add two new functions, IsEncryptedDeviceMapperName to identify if a device
mapper node is with a device-unlock encrypted mapper name device, and
DeviceUnlockKernelHookDeviceMapperHandler to combine the identification with
the task of "un-mapping" the device mapper to the original source disk. Also
register this with the disks package so users of the disks package will get
this built-in when they also import the fde package.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This test has been occasionally failing under spread:
```
FAIL: fde_test.go:492: fdeSuite.TestRevealErr
using shellcheck: ""
fde_test.go:508:
c.Assert(err, ErrorMatches, `(?s)cannot run fde-reveal-key "reveal":
-----
failed
service result: exit-code
-----`)
... error string = "cannot run fde-reveal-key \"reveal\": exit status 1"
... regex string = "" +
... "(?s)cannot run fde-reveal-key \"reveal\": \n" +
... "-----\n" +
... "failed\n" +
... "service result: exit-code\n" +
... "-----"
OOPS: 9 passed, 5 skipped, 1 FAILED
```
While we couldn't yet reproduce it locally and find what exactly
triggers it, it makes sense to exclude systemd-run from the picture by
mocking it. We now simply check that it was invoked with the right
parameters and that its output is captured correctly.
Adjusted code to the refactoring using kernel/fde.
Split responsibility to deal with v1/v2 hooks with kernel/fde.
Now dealing with aux key will come later.
this stops kernel/fde from importing secboot, which also means that
secboot can now kernel/fde naturally
rename/reorg/split secboot_tpm.go into hooks specific bits
and general secboot-using secboot_sb.go
