mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
ec484217a2
* many: remove all `device-setup` fde-setup code When we initially worked on the inline-cryto-engine (ICE) code we had a design based on the fde-setup hook that would return a `device-setup` feature as a hint that ICE should be used. It turned out this design was impractical and we moved to a much better approach that got merged in https://github.com/snapcore/snapd/pull/12589 and relies on support for ICE in the kernel and cryptsetup. With that new approach all the code that was supporting the `device-setup` approach can be removed now. * daemon: consider again the fde-setup hook case * client: consider the ICE encryption type * osu/disks,kernel: remove device-unlock support as well --------- Co-authored-by: Samuele Pedroni <pedronis@lucediurna.net>
44 lines
1.4 KiB
Go
44 lines
1.4 KiB
Go
// -*- Mode: Go; indent-tabs-mode: t -*-
|
|
|
|
/*
|
|
* Copyright (C) 2022 Canonical Ltd
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 3 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
package secboot
|
|
|
|
// EncryptionType specifies what encryption backend should be used (if any)
|
|
type EncryptionType string
|
|
|
|
const (
|
|
EncryptionTypeNone EncryptionType = ""
|
|
EncryptionTypeLUKS EncryptionType = "cryptsetup"
|
|
EncryptionTypeLUKSWithICE EncryptionType = "cryptsetup-with-inline-crypto-engine"
|
|
)
|
|
|
|
// TODO:ICE: all EncryptionTypes are LUKS based now so this could be removed?
|
|
func (et EncryptionType) IsLUKS() bool {
|
|
return et == EncryptionTypeLUKS || et == EncryptionTypeLUKSWithICE
|
|
}
|
|
|
|
type RecoveryKeyDevice struct {
|
|
// Mountpoint of the device
|
|
Mountpoint string
|
|
// AuthorizingKeyFile is the path to the key to authorize the
|
|
// operation, if empty, then it is assumed that the authorization key is
|
|
// present in the user session keyring
|
|
AuthorizingKeyFile string
|
|
}
|