kernel/fde: add EncryptedDeviceMapperName, DeviceSetupHookPartitionOf…

…fset EncryptedDeviceMapperName is used to generate the name when installed a device with ICE. The DeviceSetupHookPartitionOffset is used to mount a mapper device of the partition offset to create a header in the offset on the physical partition. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
olivercalder · Mar 21, 2022 · f6f2947 · f6f2947
1 parent 0240e5c
commit f6f2947
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/kernel/fde/fde.go b/kernel/fde/fde.go
@@ -34,6 +34,11 @@ import (
 	"github.com/snapcore/snapd/osutil"
 )
 
+// DeviceSetupHookPartitionOffset defines the free space that is reserved
+// at the start of a device-setup based partition for future use (like
+// to simulate LUKS keyslot like setup).
+const DeviceSetupHookPartitionOffset = uint64(1 * 1024 * 1024)
+
 // HasRevealKey return true if the current system has a "fde-reveal-key"
 // binary (usually used in the initrd).
 //
@@ -194,3 +199,9 @@ func DeviceSetup(runSetupHook RunSetupHookFunc, params *DeviceSetupParams) error
 
 	return nil
 }
+
+// EncryptedDeviceMapperName returns the name to use in device mapper for a
+// device that is encrypted using FDE hooks
+func EncryptedDeviceMapperName(name string) string {
+	return name + "-device-locked"
+}
diff --git a/kernel/fde/fde_test.go b/kernel/fde/fde_test.go
@@ -683,3 +683,14 @@ func (s *fdeSuite) TestIsEncryptedDeviceMapperName(c *C) {
 		c.Assert(fde.IsHardwareEncryptedDeviceMapperName(t), Equals, false)
 	}
 }
+
+func (s *fdeSuite) TestEncryptedDeviceMapperName(c *C) {
+	for _, str := range []string{
+		"ubuntu-data",
+		"ubuntu-save",
+		"foo",
+		"other",
+	} {
+		c.Assert(fde.EncryptedDeviceMapperName(str), Equals, str+"-device-locked")
+	}
+}