Add kernel keyring functions for volume key.

Code is written by Ondrej Kozina. This patch adds ability to store volume key in kernel keyring (feature available in recent kernels) and avoid setting key through dm-ioctl and avoiding key in table mapping. Will be used in LUKS2. Signed-off-by: Milan Broz <gmazyland@gmail.com>
2025-12-13 11:50:10 +01:00 · 2017-05-28 14:05:36 +02:00
parent 8a859391be
commit d891e00f63
9 changed files with 645 additions and 19 deletions
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -1814,7 +1814,7 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
 				   &cd->u.luks1.hdr, &vk, cd);
 	if (r >= 0) {
 		keyslot = r;
-		r = dm_resume_and_reinstate_key(cd, name, vk->keylength, vk->key);
+		r = dm_resume_and_reinstate_key(cd, name, vk->keylength, vk->key, 0);
 		if (r == -ENOTSUP)
 			log_err(cd, _("Resume is not supported for device %s.\n"), name);
 		else if (r)
@@ -1871,7 +1871,7 @@ int crypt_resume_by_keyfile_offset(struct crypt_device *cd,
 		goto out;

 	keyslot = r;
-	r = dm_resume_and_reinstate_key(cd, name, vk->keylength, vk->key);
+	r = dm_resume_and_reinstate_key(cd, name, vk->keylength, vk->key, 0);
 	if (r)
 		log_err(cd, _("Error during resuming device %s.\n"), name);
 out: