github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/overlord/devicestate/fde/fde.go

github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/overlord/devicestate/fde/fde.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020  Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  // package fde implements helper used by low level parts like secboot
    21  // in snap-bootstrap and high level parts like DeviceManager in snapd.
    22  //
    23  // Note that it must never import anything overlord related itself
    24  // to avoid increasing the size of snap-bootstrap.
    25  package fde
    26  
    27  import (
    28  	"os/exec"
    29  
    30  	"github.com/snapcore/snapd/secboot"
    31  )
    32  
    33  func init() {
    34  	secboot.FDEHasRevealKey = HasRevealKey
    35  }
    36  
    37  // HasRevealKey return true if the current system has a "fde-reveal-key"
    38  // binary (usually used in the initrd).
    39  //
    40  // This will be setup by devicestate to support device-specific full
    41  // disk encryption implementations.
    42  func HasRevealKey() bool {
    43  	// XXX: should we record during initial sealing that the fde-setup
    44  	//      was used and only use fde-reveal-key in that case?
    45  	_, err := exec.LookPath("fde-reveal-key")
    46  	return err == nil
    47  }
    48  
    49  // SetupRequest carries the operation and parameters for the fde-setup hooks
    50  // made available to them via the snapctl fde-setup-request command.
    51  type SetupRequest struct {
    52  	// XXX: make "op" a type: "features", "initial-setup", "update" ?
    53  	Op string `json:"op"`
    54  
    55  	Key     *secboot.EncryptionKey `json:"key,omitempty"`
    56  	KeyName string                 `json:"key-name,omitempty"`
    57  
    58  	// List of models with their related fields, this will be set
    59  	// to follow the secboot:SnapModel interface.
    60  	Models []map[string]string `json:"models,omitempty"`
    61  
    62  	// TODO: provide LoadChains, KernelCmdline etc to support full
    63  	//       tpm sealing
    64  }