* boot,gadget: add new `device.TpmLockoutAuthUnder()` and use it
Create a helper in `gadget/device/encrypt.go:TpmLockoutAuthUnder()`
that is used to retrieve the path of the TPM lockout auth data.
This is then used in the boot package and will also be used when
reseting the DA lockout counter.
This is split out of PR#11935.
* boot,device: extract SealedKey helpers from boot to device
The DA lockout reset code will need to be able to read the
`SealedKeysMethod` so this commit moves the code to read/write
the sealing methods from `boot` to `gadget/device` (just like
we did for e.g. `{Has,Read}EncryptionMarkers`).
This is split out of PR #11935 and build on top of PR #11946
* boot: revert use of device.TpmLockoutAuthUnder() in tests
* gadget/device: rename tests as suggested by Alberto (thanks!)
* boot,gadget: add new `device.TpmLockoutAuthUnder()` and use it
Create a helper in `gadget/device/encrypt.go:TpmLockoutAuthUnder()`
that is used to retrieve the path of the TPM lockout auth data.
This is then used in the boot package and will also be used when
reseting the DA lockout counter.
This is split out of PR#11935.
* boot: revert test changes to `boot` (thanks to Samuele)
* many: introduce IsUndo flag in LinkContext
Some times LinkSnap is called in an undo task when we want to revert
to a previous snap revision. Introduce a flag to make LinkSnap and
boot code aware of when this happen, as some of the logic for snap
installations should not be applied when doing a revert. Specifically,
avoid the "try" logic that applies to kernels and bases: we are
reverting to a known snap that is expected to work, and making the
current snap the fallback provokes failures as we are removing it (and
also probably we are removing it because it has failed).
* tests: check that kernel with failing post-refresh is reverted
Check that a kernel with failing post-refresh hook is reverted
properly. In this case a second reboot to go back to the previous
kernel is needed.
* tests: check that base with failing post-refresh is reverted
Check that a base with failing post-refresh hook is reverted
properly. In this case a second reboot to go back to the previous
base is needed.
* boot,overlord: replace isUndo flags with NextBootContext
Replace isUndo flags with the NextBootContext struct, so we have
further information in the type and we can add flags in the future.
* boot: some style changes as suggested by review
* overlord: SetNextBoot call in maybeUndoRemodelBootChanges as undo type
* boot: add tests for the IsUndoingInstall true case
* overlord: fix remodel test for undos
* boot,overlord: implement the undo install for core16/18
* tests: added method to repack kernel snap also for core16/18
* tests: run revert after boot tests for UC16/18 too
* tests/nested/core/base-revert-after-boot: fix var usage
* tests: consider right channel/snap for uc16 in revert tests
* boot: minor stylistic changes
* boot: add tests for the undoing install case for core16/18
* boot,overlord: rename IsUndoingInstall to BootWithoutTry
* boot: use constant instead of literal for status
Previously we were resealing on commit in all cases, but this is not
needed if the change in modeenv is due to a gadget update. Add a flag
so we know when resealing is needed and make sure we don't do it for
gadgets.
It is possible that a factory reset attempt is interrupted by a reboot after
sealing the keys, which means that the PCR handles may already have been used
and have TPM resources allocated to them. In such case, we should attempt to
release the handles before sealing for factory reset again.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
