token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
55,657 Commits 69 Branches 314 Tags
2.56
Commit Graph

284 Commits

Author SHA1 Message Date
Maciej Borzecki
713702f079 secboot/keymgr: add checker for keyslot full error 
Add a helper to identify keyslot full errors. Unfortunately there's no smarter
way to introspect the errors coming out from snapcore/secboot cryptsetup
wrappers our code is based on. Unfortunately there's no reasonable way to
identify particular error coming from cryptsetup either, even though the manpage
lists different error exit statuses, trying to use an occupied error falls under
'parameters' and has the status 1 which is shared with other errors.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-05-13 11:14:16 +02:00
Maciej Borzecki
1f7e1633ff secboot/keymgr: add recovery key fail test 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-05-13 11:08:57 +02:00
Maciej Borzecki
2be2517c3d secboot/keymgr: remove recovery key, authorize with existing key 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-05-06 15:00:02 +02:00
Samuele Pedroni
f2dbb69db4 o/devicestate,secboot: fixes and clear per-mode behavior of recovery keys mgmt 
thanks @mardy, @MiguelPires
 2022-04-28 20:21:51 +02:00
Samuele Pedroni
307ac40ed4 Merge remote-tracking branch 'upstream/master' into rework-recovery-keys-mgmt 2022-04-28 17:01:38 +02:00
Samuele Pedroni
c9ab3c9e5f o/devicestate,secboot: switch to realistic signatures for Ensure/RemoveRecoveryKey(s) 
also switch to use .../device/fde/marker to check for encryption as gadget/update.go does

fix also devicestate tests

thanks @bboozzoo
 2022-04-28 15:40:39 +02:00
Samuele Pedroni
34fca622dc Merge remote-tracking branch 'upstream/master' into rework-recovery-keys-mgmt 
fix conflicts and adjust
 2022-04-28 15:39:52 +02:00
Maciej Borzecki
6aa66cc0e1 secboot: simplifications, error tweaks 
Thanks to @mardy for the suggestions.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-28 14:09:06 +02:00
Maciej Borzecki
8b4f538c6b secboot/keymgr: tweak comments and TODOs 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-27 11:19:27 +02:00
Maciej Borzecki
c6c0a3a311 secboot/keymgr: fix unit tests on 32bit systems 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-27 08:43:12 +02:00
Maciej Borzecki
2ae63ad941 secboot: update the order of arguments 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-26 13:46:29 +02:00
Maciej Borzecki
5de665fe23 secboot/keymgr: change args order, tweak KDF options, extend unit tests 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-26 13:41:54 +02:00
Maciej Borzecki
6538596c56 Merge branch 'bboozzoo/secboot-keys' into bboozzoo/factory-reset-snap-fde-keymgr-wip 2022-04-26 11:32:29 +02:00
Maciej Borzecki
af8da5ae58 secboot/keys: move the key types to a separate package 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-26 10:43:37 +02:00
Maciej Borzecki
97420bd589 secboot: restore AddRecoveryKey which calls to keymgr 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-26 10:28:45 +02:00
Maciej Borzecki
49023613a9 secboot/keymgr: use secboot/keys package 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-26 10:27:25 +02:00
Maciej Borzecki
fc080a2968 secboot/keys: move the key types to a separate package 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-26 10:22:21 +02:00
Maciej Borzecki
a49589fa65 secboot/keymgr: add code for adding a recovery key using other key for authorization 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-25 19:25:30 +02:00
Maciej Borzecki
3988a93de8 secboot: drop code for adding a recovery key 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-25 19:20:35 +02:00
Maciej Borzecki
3db9c2ca87 secboot/keymgr: helpers to add/remove recovery key and change the encryption key 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-25 16:45:13 +02:00
Maciej Borzecki
e45a076a6f secboot/keyring: import smallish bits of github.com/snapcore/secboot/internal/keyring 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-25 16:45:13 +02:00
Maciej Borzecki
a466265db2 secboot/luks2: import luks2 pieces from github.com/snapcore/secboot 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-04-25 16:45:13 +02:00
Samuele Pedroni
557fe98c05 secboot,o/devicestate: sketching new support for ensuring/removing recovery key(s) 2022-04-25 15:19:58 +02:00
Paweł Stołowski
5f85964e3f Fix typo. 2022-04-14 15:26:26 +02:00
Paweł Stołowski
97d23f56f5 Update TODO 2022-04-14 13:20:46 +02:00