device

package
v0.0.0-...-584f380 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2025 License: GPL-3.0 Imports: 8 Imported by: 7

Documentation

Index

Constants

View Source 
const (
	SealingMethodLegacyTPM    = SealingMethod("")
	SealingMethodTPM          = SealingMethod("tpm")
	SealingMethodFDESetupHook = SealingMethod("fde-setup-hook")
)

Variables

View Source 
var ErrNoSealedKeys = errors.New("no sealed keys")

ErrNoSealedKeys error if there are no sealed keys

Functions

func DataSealedKeyUnder 

func DataSealedKeyUnder(deviceFDEDir string) string

DataSealedKeyUnder returns the path of the sealed key for ubuntu-data.

func FactoryResetFallbackSaveSealedKeyUnder 

func FactoryResetFallbackSaveSealedKeyUnder(seedDeviceFDEDir string) string

FactoryResetFallbackSaveSealedKeyUnder returns the path of a fallback ubuntu save key object generated during factory reset.

func FallbackDataSealedKeyUnder 

func FallbackDataSealedKeyUnder(seedDeviceFDEDir string) string

FallbackDataSealedKeyUnder returns the path of a fallback ubuntu data key.

func FallbackSaveSealedKeyUnder 

func FallbackSaveSealedKeyUnder(seedDeviceFDEDir string) string

FallbackSaveSealedKeyUnder returns the path of a fallback ubuntu save key.

func HasEncryptedMarkerUnder 

func HasEncryptedMarkerUnder(deviceFDEDir string) bool

HasEncryptedMarkerUnder returns true when there is an encryption marker in a given directory.

func ReadEncryptionMarkers 

func ReadEncryptionMarkers(dataFDEDir, saveFDEDir string) ([]byte, []byte, error)

ReadEncryptionMarkers reads the encryption marker files at the appropriate locations.

func RecoveryKeyUnder 

func RecoveryKeyUnder(deviceFDEDir string) string

RecoveryKeyUnder returns the path of the recovery key.

func SaveKeyUnder 

func SaveKeyUnder(deviceFDEDir string) string

SaveKeyUnder returns the path of a plain encryption key for ubuntu-save.

func StampSealedKeys 

func StampSealedKeys(rootdir string, content SealingMethod) error

StampSealedKeys writes what sealing method was used for key sealing

func TpmLockoutAuthUnder 

func TpmLockoutAuthUnder(saveDeviceFDEDir string) string

TpmLockoutAuthUnder return the path of the tpm lockout authority key.

func ValidatePassphraseOrPINEntropy 

func ValidatePassphraseOrPINEntropy(mode AuthMode, value string) error

ValidatePassphraseOrPINEntropy checks quality of given passphrase or PIN based on their entropy. An AuthQualityError error is returned which contains more information about the given passphrase or PIN quality.

func WriteEncryptionMarkers 

func WriteEncryptionMarkers(dataFDEDir, saveFDEDir string, markerSecret []byte) error

WriteEncryptionMarkers writes the encryption marker files at the appropriate locations.

Types

type AuthMode 

type AuthMode string

AuthMode corresponds to an authentication mechanism. 

const (
	AuthModePassphrase AuthMode = "passphrase"
	AuthModePIN        AuthMode = "pin"
)

type AuthQualityError 

type AuthQualityError struct {
	// Reasons is a list of reason enums to explain exactly what quality
	// criteria failed e.g. AuthQualityErrorReasonLowEntropy.
	Reasons []AuthQualityErrorReason
	// Entropy is the calculated entropy in bits for the passed passphrase
	// or PIN.
	Entropy float64
	// MinEntropy is the minimum entropy in bits for the corresponding
	// authentication mode i.e. passhrase or PIN.
	MinEntropy float64
	// contains filtered or unexported fields
}

AuthQualityError contains rich inforamtion on why some auth value did not pass quality checks.

func (*AuthQualityError) Error 

func (e *AuthQualityError) Error() string

type AuthQualityErrorReason 

type AuthQualityErrorReason string
const (
	AuthQualityErrorReasonLowEntropy AuthQualityErrorReason = "low-entropy"
)

type EncryptionType 

type EncryptionType string

EncryptionType specifies what encryption backend should be used (if any) 

const (
	EncryptionTypeNone        EncryptionType = ""
	EncryptionTypeLUKS        EncryptionType = "cryptsetup"
	EncryptionTypeLUKSWithICE EncryptionType = "cryptsetup-with-inline-crypto-engine"
)

func (EncryptionType) IsLUKS 

func (et EncryptionType) IsLUKS() bool

TODO:ICE: all EncryptionTypes are LUKS based now so this could be removed?

type SealingMethod 

type SealingMethod string

SealingMethod represents the sealing method

func SealedKeysMethod 

func SealedKeysMethod(rootdir string) (sm SealingMethod, err error)

SealedKeysMethod return whether any keys were sealed at all

type VolumesAuthOptions 

type VolumesAuthOptions struct {
	Mode       AuthMode      `json:"mode,omitempty"`
	Passphrase string        `json:"passphrase,omitempty"`
	KDFType    string        `json:"kdf-type,omitempty"`
	KDFTime    time.Duration `json:"kdf-time,omitempty"`
}

VolumesAuthOptions contains options for the volumes authentication mechanism (e.g. passphrase authentication).

TODO: Add PIN option when secboot support lands.

func (*VolumesAuthOptions) Validate 

func (o *VolumesAuthOptions) Validate() error

Validates authentication options.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.