Add a -t option to the 'luks unlock' command to allow a TKey to be used
to unlock a disk. The password is used as the user-supplied secret (USS)
in this case.
Series-to: concept
Cover-letter:
luks: Integrate support for a TKey
This series illustrates how to use a Tillitis TKey to unlock an
encrypted disk. This has the advantage that the key depends on a
physical key in the user's posession as well as the usual passphrase.
The TKey handles the key derivation, so this series includes logic to
skip that step when a TKey is used.
The 'luks unlock' command provides a -t flag to use a TKey.
It also provides a small pytest fix to ease conflicts with Labgrid
integration.
END
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Series-links: 1:63
Update luks_unlock() to support a pre-derived key, such as that obtained
from a TKey. This must match the key_size of the LUKS partition,
otherwise it will fail to unlock.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Update luks_unlock() to accept a binary passphrase, to match the LUKS2
implementation.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Provide a new 'luks unlock' command which can unlock a LUKS1 partition,
given a passphrase.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a 'luks' command which allows querying a partition to see if it is
encrypted using LUKS, as well as showing information about a LUKS
partition.
Provide some documentation and a test.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
