cryptsetup: add support for TPM2 unlocking of volumes

author: Lennart Poettering <lennart@poettering.net> 2020-12-04 17:26:37 +0100
committer: Lennart Poettering <lennart@poettering.net> 2020-12-17 20:02:03 +0100
commit: 18843ecc2a81a7d0d7c124fc5d9f9eed8b17bd1d (patch)
tree: c664d1aa4d22b2f2cd2e11850885cb94a8acaab7 /src/cryptsetup/cryptsetup-tpm2.h
parent: cryptenroll: support listing and wiping tokens (diff)
download: systemd-18843ecc2a81a7d0d7c124fc5d9f9eed8b17bd1d.tar.xz
systemd-18843ecc2a81a7d0d7c124fc5d9f9eed8b17bd1d.zip
1 files changed, 74 insertions, 0 deletions
diff --git a/src/cryptsetup/cryptsetup-tpm2.h b/src/cryptsetup/cryptsetup-tpm2.h
new file mode 100644
index 0000000000..8ddf301a63
--- /dev/null
+++ b/src/cryptsetup/cryptsetup-tpm2.h
@@ -0,0 +1,74 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <sys/types.h>
+
+#include "cryptsetup-util.h"
+#include "log.h"
+#include "time-util.h"
+
+#if HAVE_TPM2
+
+int acquire_tpm2_key(
+                const char *volume_name,
+                const char *device,
+                uint32_t pcr_mask,
+                const char *key_file,
+                size_t key_file_size,
+                uint64_t key_file_offset,
+                const void *key_data,
+                size_t key_data_size,
+                const void *policy_hash,
+                size_t policy_hash_size,
+                void **ret_decrypted_key,
+                size_t *ret_decrypted_key_size);
+
+int find_tpm2_auto_data(
+                struct crypt_device *cd,
+                uint32_t search_pcr_mask,
+                int start_token,
+                uint32_t *ret_pcr_mask,
+                void **ret_blob,
+                size_t *ret_blob_size,
+                void **ret_policy_hash,
+                size_t *ret_policy_hash_size,
+                int *ret_keyslot,
+                int *ret_token);
+
+#else
+
+static inline int acquire_tpm2_key(
+                const char *volume_name,
+                const char *device,
+                uint32_t pcr_mask,
+                const char *key_file,
+                size_t key_file_size,
+                uint64_t key_file_offset,
+                const void *key_data,
+                size_t key_data_size,
+                const void *policy_hash,
+                size_t policy_hash_size,
+                void **ret_decrypted_key,
+                size_t *ret_decrypted_key_size) {
+
+        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                               "TPM2 support not available.");
+}
+
+static inline int find_tpm2_auto_data(
+                struct crypt_device *cd,
+                uint32_t search_pcr_mask,
+                int start_token,
+                uint32_t *ret_pcr_mask,
+                void **ret_blob,
+                size_t *ret_blob_size,
+                void **ret_policy_hash,
+                size_t *ret_policy_hash_size,
+                int *ret_keyslot,
+                int *ret_token) {
+
+        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                               "TPM2 support not available.");
+}
+
+#endif
author	Lennart Poettering <lennart@poettering.net>	2020-12-04 17:26:37 +0100
committer	Lennart Poettering <lennart@poettering.net>	2020-12-17 20:02:03 +0100
commit	18843ecc2a81a7d0d7c124fc5d9f9eed8b17bd1d (patch)
tree	c664d1aa4d22b2f2cd2e11850885cb94a8acaab7 /src/cryptsetup/cryptsetup-tpm2.h
parent	cryptenroll: support listing and wiping tokens (diff)
download	systemd-18843ecc2a81a7d0d7c124fc5d9f9eed8b17bd1d.tar.xz systemd-18843ecc2a81a7d0d7c124fc5d9f9eed8b17bd1d.zip