install

package
v0.0.0-...-b6d827d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2025 License: GPL-3.0 Imports: 27 Imported by: 3

Documentation

Overview

Package install implements installation logic details for UC20+ systems. It is meant for use by overlord/devicestate and the single-reboot installation code in snap-bootstrap.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyPreseededData

func ApplyPreseededData(preseedSeed seed.PreseedCapable, writableDir string) error

ApplyPreseededData applies the preseed payload from the given seed, including installing snaps, to the given target system filesystem.

func BuildInstallObserver

func BuildInstallObserver(model *asserts.Model, gadgetDir string, useEncryption bool) (
	observer gadget.ContentObserver, trustedObserver boot.TrustedAssetsInstallObserver, err error)

BuildInstallObserver creates an observer for gadget assets if applicable, otherwise the returned gadget.ContentObserver is nil. The observer if any is also returned as non-nil trustedObserver if encryption is in use.

func CheckEncryptionSupport

func CheckEncryptionSupport(model *asserts.Model, tpmMode secboot.TPMProvisionMode, kernelInfo *snap.Info, gadgetInfo *gadget.Info, runSetupHook fde.RunSetupHookFunc) (secboot.EncryptionType, error)

CheckEncryptionSupport checks the type of encryption support for disks available if any and returns the corresponding secboot.EncryptionType, internally it uses GetEncryptionSupportInfo with the provided parameters.

func MockSecbootCheckTPMKeySealingSupported

func MockSecbootCheckTPMKeySealingSupported(f func(tpmMode secboot.TPMProvisionMode) error) (restore func())

MockSecbootCheckTPMKeySealingSupported mocks secboot.CheckTPMKeySealingSupported usage by the package for testing.

func PrepareEncryptedSystemData

func PrepareEncryptedSystemData(model *asserts.Model, keyForRole map[string]keys.EncryptionKey, trustedInstallObserver boot.TrustedAssetsInstallObserver) error

PrepareEncryptedSystemData executes preparations related to encrypted system data: * provides trustedInstallObserver with the chosen keys * uses trustedInstallObserver to track any trusted assets in ubuntu-seed * save keys and markers for ubuntu-data being able to safely open ubuntu-save It is the responsibility of the caller to call ObserveExistingTrustedRecoveryAssets on trustedInstallObserver.

func PrepareRunSystemData

func PrepareRunSystemData(model *asserts.Model, gadgetDir string, perfTimings timings.Measurer) error

PrepareRunSystemData prepares the run system: * it writes the model to ubuntu-boot * sets up/copies any allowed and relevant cloud init configuration * plus other details

Types

type EncryptionSupportInfo

type EncryptionSupportInfo struct {
	// Disabled is set to true if encryption was forcefully
	// disabled (e.g. via the seed partition), if set the rest
	// of the struct content is not relevant.
	Disabled bool

	// StorageSafety describes the level safety properties
	// requested by the model
	StorageSafety asserts.StorageSafety
	// Available is set to true if encryption is available on this device
	// with the used gadget.
	Available bool

	// Type is set to the EncryptionType that can be used if
	// Available is true.
	Type secboot.EncryptionType

	// UnvailableErr is set if the encryption support availability of
	// the this device and used gadget do not match the
	// storage safety requirements.
	UnavailableErr error
	// UnavailbleWarning describes why encryption support is not
	// available in case it is optional.
	UnavailableWarning string
}

EncryptionSupportInfo describes what encryption is available and needed for the current device.

func GetEncryptionSupportInfo

func GetEncryptionSupportInfo(model *asserts.Model, tpmMode secboot.TPMProvisionMode, kernelInfo *snap.Info, gadgetInfo *gadget.Info, runSetupHook fde.RunSetupHookFunc) (EncryptionSupportInfo, error)

GetEncryptionSupportInfo returns the encryption support information for the given model, TPM provision mode, kernel and gadget information and system hardware. It uses runSetupHook to invoke the kernel fde-setup hook if any is available, leaving the caller to decide how, based on the environment.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL