fdo-rs / fido-device-onboard-rs

An implementation of the FIDO Device Onboard (FDO) spec written in Rust.
BSD 3-Clause "New" or "Revised" License
62 stars 34 forks source link

Make the `disk_label` configuration option optional in the `DiskEncryptionClevis` FSIM #523

Open 7flying opened 1 year ago

7flying commented 1 year ago

The DiskEncryptionClevis FSIM requires a disk_label configuration option to apply the given clevis bindings. Make this optional and if so, the client should infer which disk label the encryption options should be applied to by looking for the LUKS device.

pub struct ServiceInfoDiskEncryptionClevis {
    pub disk_label: String,
    pub binding: ServiceInfoDiskEncryptionClevisBinding,
    pub reencrypt: bool,
}

Out of scope: handling multiple LUKS devices.

Acceptance criteria:

nullr0ute commented 1 year ago

What format does the "disk_label" option take? Ultimately we should be able to discover the LUKS partition quite easily, whether by lsblk (probably not) or some API in cryptsetup and associated rust bindings.

7flying commented 1 year ago

What format does the "disk_label" option take? Ultimately we should be able to discover the LUKS partition quite easily, whether by lsblk (probably not) or some API in cryptsetup and associated rust bindings.

It's a string, we usually need '/dev/vdaX' or something like that.

runcom commented 1 year ago

so, it's not really a label, it's more a /dev path - perhaps @puiterwijk remembers more