eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 05:10:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

cryptsetup: add --hw-opal and --hw-opal-only

Browse Source 
Signed-off-by: Luca Boccassi <bluca@debian.org>
Co-authored-by: Ondrej Kozina <okozina@redhat.com>
This commit is contained in:
Luca Boccassi
2022-11-28 02:36:05 +00:00
parent b9cc0129c9
commit 446ad76011
4 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/cryptsetup.c
View File

@@ -1374,6 +1374,9 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
.label = ARG_STR(OPT_LABEL_ID),
.subsystem = ARG_STR(OPT_SUBSYSTEM_ID)
};
struct crypt_params_hw_opal opal_params = {
.user_key_size = DEFAULT_LUKS1_KEYBITS / 8
};
void *params;
type = luksType(device_type);
@@ -1487,6 +1490,11 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
keysize = get_adjusted_key_size(cipher_mode, DEFAULT_LUKS1_KEYBITS, integrity_keysize);
if (ARG_SET(OPT_HW_OPAL_ONLY_ID))
keysize = opal_params.user_key_size;
else if (ARG_SET(OPT_HW_OPAL_ID))
keysize += opal_params.user_key_size;
if (ARG_SET(OPT_USE_RANDOM_ID))
crypt_set_rng_type(cd, CRYPT_RNG_RANDOM);
else if (ARG_SET(OPT_USE_URANDOM_ID))
@@ -1498,6 +1506,19 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
if (r < 0)
goto out;
if (ARG_SET(OPT_HW_OPAL_ID) || ARG_SET(OPT_HW_OPAL_ONLY_ID)) {
r = tools_get_key("Enter OPAL Admin password: ", CONST_CAST(char **)&opal_params.admin_key, &opal_params.admin_key_size,
0, 0, NULL,
ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
if (r < 0)
goto out;
if (opal_params.admin_key_size == 0) {
log_err(_("OPAL Admin password cannot be empty."));
r = -EPERM;
goto out;
}
}
if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize);
if (r < 0)
@@ -1517,7 +1538,13 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
if (ARG_SET(OPT_INTEGRITY_LEGACY_PADDING_ID))
crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING);
r = crypt_format(cd, type, cipher, cipher_mode,
if (ARG_SET(OPT_HW_OPAL_ID) || ARG_SET(OPT_HW_OPAL_ONLY_ID))
r = crypt_format_luks2_opal(cd,
ARG_SET(OPT_HW_OPAL_ONLY_ID) ? NULL : cipher,
ARG_SET(OPT_HW_OPAL_ONLY_ID) ? NULL : cipher_mode,
ARG_STR(OPT_UUID_ID), key, keysize, params, &opal_params);
else
r = crypt_format(cd, type, cipher, cipher_mode,
ARG_STR(OPT_UUID_ID), key, keysize, params);
check_signal(&r);
if (r < 0)
@@ -1550,6 +1577,7 @@ out:
}
crypt_safe_free(key);
crypt_safe_free(CONST_CAST(void *)opal_params.admin_key);
return r;
}