eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add --key-file support in luksErase action with LUKS2 opal.

Browse Source
This commit is contained in:
Ondrej Kozina
2023-10-27 11:18:04 +02:00
parent f15b2ffdec
commit 4081037bdb
3 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
man/common_options.adoc
View File

@@ -159,6 +159,16 @@ If this option is not used, cryptsetup will ask for all active keyslot
passphrases.
endif::[]
endif::[]
ifdef::ACTION_ERASE[]
*--key-file, -d* _name_ *(LUKS2 with HW OPAL only)*::
Read the Admin PIN or PSID (with --hw-opal-factory-reset) from file
depending on options used.
+
If the name given is "-", then the secret will be read from stdin.
In this case, reading will not stop at newline characters.
+
endif::[]
ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
*--keyfile-offset* _value_::

6
man/cryptsetup-erase.8.adoc
View File

@@ -18,15 +18,17 @@ cryptsetup-erase, cryptsetup-luksErase - erase all keyslots
== DESCRIPTION
Erase all keyslots and make the LUKS container permanently inaccessible.
You do not need to provide any password for this operation.
Unless the device is configured with HW OPAL support you do not need to
provide any password for this operation.
*WARNING:* This operation is irreversible.
*WARNING:* with *--hw-opal-factory-reset* ALL data is lost on the device,
regardless of the partition it is ran on, if any, and regardless of any LUKS2
header backup, and does not require a valid LUKS2 header to be present on the
device to run.
*<options>* can be [--header, --disable-locks, --hw-opal-factory-reset].
*<options>* can be [--header, --disable-locks, --hw-opal-factory-reset, --key-file].
include::man/common_options.adoc[]
include::man/common_footer.adoc[]

7
src/cryptsetup.c
View File

@@ -2877,9 +2877,10 @@ static int opal_erase(struct crypt_device *cd, bool factory_reset) {
int r;
r = tools_get_key(factory_reset ? _("Enter OPAL PSID: ") : _("Enter OPAL Admin password: "),
&password, &password_size,
0, 0, NULL,
ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
&password, &password_size, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1),
!ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
if (r < 0)
return r;