Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the disk_label configuration option optional in the DiskEncryptionClevis FSIM #523

Open
7flying opened this issue Jun 29, 2023 · 3 comments
Open

Make the disk_label configuration option optional in the DiskEncryptionClevis FSIM #523

7flying opened this issue Jun 29, 2023 · 3 comments
Labels
jira service info modules bugs or RFEs for FDO SIMs

Comments

@7flying
Copy link
Contributor

7flying commented Jun 29, 2023

The DiskEncryptionClevis FSIM requires a disk_label configuration option to apply the given clevis bindings. Make this optional and if so, the client should infer which disk label the encryption options should be applied to by looking for the LUKS device.

pub struct ServiceInfoDiskEncryptionClevis {
    pub disk_label: String,
    pub binding: ServiceInfoDiskEncryptionClevisBinding,
    pub reencrypt: bool,
}

Out of scope: handling multiple LUKS devices.

Acceptance criteria:

  • The DiskEncryptionClevis FSIM no longer requires an explicit disk_label to work
  • If no disk_label is given the client-linuxapp will identify which single device the encryption settings will be applied to
  • Tests are done to support both configuration options (aka explicit disk_label vs no disk_label)
@7flying 7flying added jira service info modules bugs or RFEs for FDO SIMs labels Jun 29, 2023
@nullr0ute
Copy link
Contributor

What format does the "disk_label" option take? Ultimately we should be able to discover the LUKS partition quite easily, whether by lsblk (probably not) or some API in cryptsetup and associated rust bindings.

@7flying
Copy link
Contributor Author

7flying commented Jun 29, 2023

What format does the "disk_label" option take? Ultimately we should be able to discover the LUKS partition quite easily, whether by lsblk (probably not) or some API in cryptsetup and associated rust bindings.

It's a string, we usually need '/dev/vdaX' or something like that.

@runcom
Copy link
Contributor

runcom commented Jun 29, 2023

so, it's not really a label, it's more a /dev path - perhaps @puiterwijk remembers more

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
jira service info modules bugs or RFEs for FDO SIMs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@runcom @nullr0ute @7flying