github.com/bugraaydogar/snapd@v0.0.0-20210315170335-8c70bb858939/secboot/encrypt_tpm.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 // +build !nosecboot 3 4 /* 5 * Copyright (C) 2020 Canonical Ltd 6 * 7 * This program is free software: you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 3 as 9 * published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program. If not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 package secboot 22 23 import ( 24 sb "github.com/snapcore/secboot" 25 ) 26 27 var ( 28 sbInitializeLUKS2Container = sb.InitializeLUKS2Container 29 sbAddRecoveryKeyToLUKS2Container = sb.AddRecoveryKeyToLUKS2Container 30 ) 31 32 const keyslotsAreaKiBSize = 2560 // 2.5MB 33 const metadataKiBSize = 2048 // 2MB 34 35 // FormatEncryptedDevice initializes an encrypted volume on the block device 36 // given by node, setting the specified label. The key used to unlock the volume 37 // is provided using the key argument. 38 func FormatEncryptedDevice(key EncryptionKey, label, node string) error { 39 opts := &sb.InitializeLUKS2ContainerOptions{ 40 // use a lower, but still reasonable size that should give us 41 // enough room 42 MetadataKiBSize: metadataKiBSize, 43 KeyslotsAreaKiBSize: keyslotsAreaKiBSize, 44 } 45 return sbInitializeLUKS2Container(node, label, key[:], opts) 46 } 47 48 // AddRecoveryKey adds a fallback recovery key rkey to the existing encrypted 49 // volume created with FormatEncryptedDevice on the block device given by node. 50 // The existing key to the encrypted volume is provided in the key argument. 51 func AddRecoveryKey(key EncryptionKey, rkey RecoveryKey, node string) error { 52 return sbAddRecoveryKeyToLUKS2Container(node, key[:], sb.RecoveryKey(rkey)) 53 } 54 55 func (k RecoveryKey) String() string { 56 return sb.RecoveryKey(k).String() 57 }