picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/cryptsetup
History
Lennart Poettering b997d1115b cryptsetup: read PKCS#11 key and token info from LUKS2 metadata 
Optionally, embedd PKCS#11 token URI and encrypted key in LUKS2 JSON
metadata header. That way it becomes very easy to unlock properly set up
PKCS#11-enabled LUKS2 volumes, a simple /etc/crypttab line like the
following suffices:

    mytest /dev/disk/by-partuuid/41c1df55-e628-4dbb-8492-bc69d81e172e - pkcs11-uri=auto

Such a line declares that unlocking via PKCS#11 shall be attempted, and
the token URI and the encrypted key shall be read from the LUKS2 header.
An external key file for the encrypted PKCS#11 key is hence no longer
necessary, nor is specifying the precise URI to use.
 		2020-12-17 19:59:24 +01:00
..
cryptsetup-generator.c cryptsetup: drop unnecessary bracket 2020-11-27 14:35:20 +09:00
cryptsetup-keyfile.c cryptsetup: modify keyfile search logic to use read_file_full() too 2020-12-01 14:27:01 +01:00
cryptsetup-keyfile.h cryptsetup: modify keyfile search logic to use read_file_full() too 2020-12-01 14:27:01 +01:00
cryptsetup-pkcs11.c cryptsetup: read PKCS#11 key and token info from LUKS2 metadata 2020-12-17 19:59:24 +01:00
cryptsetup-pkcs11.h cryptsetup: read PKCS#11 key and token info from LUKS2 metadata 2020-12-17 19:59:24 +01:00
cryptsetup.c cryptsetup: read PKCS#11 key and token info from LUKS2 metadata 2020-12-17 19:59:24 +01:00