git-history.diyao.me Git - systemd/.git/commit

author	Adrian Vovk <adrianvovk@gmail.com>
	Thu, 1 Feb 2024 04:49:24 +0000 (23:49 -0500)
committer	Luca Boccassi <bluca@debian.org>
	Sat, 23 Mar 2024 01:05:13 +0000 (01:05 +0000)
commit	d0eff7a12d44ac98371431d22c18ec4c50a283ba
tree	6108b9aa2a55826ad2a879e2b1160b3f83522559	tree \| snapshot
parent	9a077230a4c3e7192c66ed7fa7439eb85893aaee	commit \| diff

homework: Always upload volume key to keyring

This commit makes homework always upload the LUKS volume key into the
kernel keyring. This is different from previous behavior in three
notable ways:

- Previously, we'd only upload if auto-resize was on. In preparation for
upcoming changes, now we always upload

- Previously, we'd upload the user's actual password (or a password
obtained from a FIDO key or similar). Now, we upload the LUKS volume key
itself, to remove a layer of unnecessary indirection.

- Previously, Lock() wouldn't remove the key from the kernel keyring.
This, of course, defeats the purpose of Lock(), so now it removes the
key

This commit also allows the LUKS volume to be unlocked using the volume
key we obtained from the keyring.

meson.build		diff \| blob \| history
src/home/homework-luks.c		diff \| blob \| history
src/home/homework-password-cache.c		diff \| blob \| history
src/home/homework-password-cache.h		diff \| blob \| history
src/home/homework.c		diff \| blob \| history
src/shared/cryptsetup-util.c		diff \| blob \| history
src/shared/cryptsetup-util.h		diff \| blob \| history