Versions in this module Expand all Collapse all v0 v0.1.0 Nov 12, 2022 v0.0.1 Nov 10, 2022 Changes in this version + const AltFallbackObjectPCRPolicyCounterHandle + const AltRunObjectPCRPolicyCounterHandle + const FallbackObjectPCRPolicyCounterHandle + const RunObjectPCRPolicyCounterHandle + var WithSecbootSupport = false + func AddRecoveryKey(key keys.EncryptionKey, rkey keys.RecoveryKey, node string) error + func CheckTPMKeySealingSupported() error + func EncryptedPartitionName(name string) string + func EnsureRecoveryKey(keyFile string, rkeyDevs []RecoveryKeyDevice) (keys.RecoveryKey, error) + func FormatEncryptedDevice(key keys.EncryptionKey, label, node string) error + func LockSealedKeys() error + func MarkSuccessful() error + func MeasureSnapModelWhenPossible(findModel func() (*asserts.Model, error)) error + func MeasureSnapSystemEpochWhenPossible() error + func PCRHandleOfSealedKey(p string) (uint32, error) + func ProvisionForCVM(initramfsUbuntuSeedDir string) error + func ProvisionTPM(mode TPMProvisionMode, lockoutAuthFile string) error + func ReleasePCRResourceHandles(handles ...uint32) error + func RemoveRecoveryKeys(rkeyDevToKey map[RecoveryKeyDevice]string) error + func ResealKeys(params *ResealKeysParams) error + func SealKeys(keys []SealKeyRequest, params *SealKeysParams) error + func SealKeysWithFDESetupHook(runHook fde.RunSetupHookFunc, keys []SealKeyRequest, ...) error + func StageEncryptionKeyChange(node string, key keys.EncryptionKey) error + func TransitionEncryptionKeyChange(mountpoint string, key keys.EncryptionKey) error + func UnlockEncryptedVolumeWithRecoveryKey(name, device string) error + type EncryptionType string + const EncryptionTypeDeviceSetupHook + const EncryptionTypeLUKS + const EncryptionTypeNone + type LoadChain struct + Next []*LoadChain + func NewLoadChain(bf bootloader.BootFile, next ...*LoadChain) *LoadChain + type ModelForSealing interface + BrandID func() string + Classic func() bool + Grade func() asserts.ModelGrade + Model func() string + Series func() string + SignKeyID func() string + type RecoveryKeyDevice struct + AuthorizingKeyFile string + Mountpoint string + type ResealKeysParams struct + KeyFiles []string + ModelParams []*SealKeyModelParams + TPMPolicyAuthKeyFile string + type SealKeyModelParams struct + EFILoadChains []*LoadChain + KernelCmdlines []string + Model ModelForSealing + type SealKeyRequest struct + Key keys.EncryptionKey + KeyFile string + KeyName string + type SealKeysParams struct + ModelParams []*SealKeyModelParams + PCRPolicyCounterHandle uint32 + TPMPolicyAuthKey *ecdsa.PrivateKey + TPMPolicyAuthKeyFile string + type SealKeysWithFDESetupHookParams struct + AuxKey keys.AuxKey + AuxKeyFile string + Model ModelForSealing + type TPMProvisionMode int + const TPMPartialReprovision + const TPMProvisionFull + const TPMProvisionFullWithoutLockout + const TPMProvisionNone + type UnlockMethod int + const NotUnlocked + const UnlockStatusUnknown + const UnlockedWithKey + const UnlockedWithRecoveryKey + const UnlockedWithSealedKey + type UnlockResult struct + FsDevice string + IsEncrypted bool + PartDevice string + UnlockMethod UnlockMethod + func UnlockEncryptedVolumeUsingKey(disk disks.Disk, name string, key []byte) (UnlockResult, error) + func UnlockVolumeUsingSealedKeyIfEncrypted(disk disks.Disk, name string, sealedEncryptionKeyFile string, ...) (UnlockResult, error) + type UnlockVolumeUsingSealedKeyOptions struct + AllowRecoveryKey bool + WhichModel func() (*asserts.Model, error)