diff options
| author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2019-02-15 10:40:14 +1100 |
|---|---|---|
| committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2019-03-26 16:46:38 +1100 |
| commit | f583f0cf35fc227db5f73ecd04daf7702735b740 (patch) | |
| tree | a53121f28618766c0b79dc322897bb08f695fada /discover/udev.c | |
| parent | 5f8fa2c151b8f0e568dc4015b7d307250b354a04 (diff) | |
| download | talos-petitboot-f583f0cf35fc227db5f73ecd04daf7702735b740.tar.gz talos-petitboot-f583f0cf35fc227db5f73ecd04daf7702735b740.zip | |
discover: Recognise and open LUKS encrypted partitions
Handle devices encrypted with LUKS and call cryptsetup to open them if a
client sends the associated password.
If a new device has the "crypto_LUKS" filesystem type it is marked as a
LUKS device and sent to clients but further discovery is not performed.
Once a client sends the device's password cryptsetup is called to open
it. The opened device will appear separately, so the source device is
"forgotten" at this point and then the newly opened device is treated as
a normal partition. On destruction the device is "closed" with
cryptsetup so that discovery can start from the beginning.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'discover/udev.c')
| -rw-r--r-- | discover/udev.c | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/discover/udev.c b/discover/udev.c index fa5d4b4..0c3da66 100644 --- a/discover/udev.c +++ b/discover/udev.c @@ -106,7 +106,7 @@ static int udev_handle_block_add(struct pb_udev *udev, struct udev_device *dev, "swap", NULL, }; - bool cdrom, usb; + bool cdrom, usb, luks = false; typestr = udev_device_get_devtype(dev); if (!typestr) { @@ -142,11 +142,18 @@ static int udev_handle_block_add(struct pb_udev *udev, struct udev_device *dev, } } - /* Ignore any device mapper devices that aren't logical volumes */ + /* + * Ignore any device mapper devices that aren't logical volumes or + * opened encrypted devices + */ devname = udev_device_get_property_value(dev, "DM_NAME"); - if (devname && ! udev_device_get_property_value(dev, "DM_LV_NAME")) { - pb_debug("SKIP: dm-device %s\n", devname); - return 0; + if (devname) { + if (device_handler_found_crypt_device(udev->handler, devname)) { + luks = true; + } else if (!udev_device_get_property_value(dev, "DM_LV_NAME")) { + pb_debug("SKIP: dm-device %s\n", devname); + return 0; + } } type = udev_device_get_property_value(dev, "ID_FS_TYPE"); @@ -216,16 +223,32 @@ static int udev_handle_block_add(struct pb_udev *udev, struct udev_device *dev, usb = !!udev_device_get_property_value(dev, "ID_USB_DRIVER"); if (cdrom) ddev->device->type = DEVICE_TYPE_OPTICAL; + else if (strncmp(type, "crypto_LUKS", strlen("crypto_LUKS")) == 0) + ddev->device->type = DEVICE_TYPE_LUKS; else ddev->device->type = usb ? DEVICE_TYPE_USB : DEVICE_TYPE_DISK; udev_setup_device_params(dev, ddev); + /* + * Don't perform discovery on encrypted devices, just register and + * notify clients. + */ + if (ddev->device->type == DEVICE_TYPE_LUKS) { + pb_log("Notifying clients about encrypted device %s\n", + name); + device_handler_add_encrypted_dev(udev->handler, ddev); + return 0; + } + /* Create a snapshot for all disk devices */ if ((ddev->device->type == DEVICE_TYPE_DISK || ddev->device->type == DEVICE_TYPE_USB)) devmapper_init_snapshot(udev->handler, ddev); + /* Note if this is an opened LUKS device */ + ddev->crypt_device = luks; + device_handler_discover(udev->handler, ddev); return 0; |
