many: accidently the whole fde #15010
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
valentindavid
added
the
Run nested
github-actions
bot
added
the
Needs Documentation -auto-
|
Fri Feb 7 09:05:58 UTC 2025 Spread tests skipped |
valentindavid
force-pushed
the
valentindavid/fde-branch-merge-test
branch
from
f3c559a to
a72e507
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #15010 +/- ##
=========================================
Coverage ? 78.15%
=========================================
Files ? 1168
Lines ? 156529
Branches ? 0
=========================================
Hits ? 122329
Misses ? 26607
Partials ? 7593
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
valentindavid
force-pushed
the
valentindavid/fde-branch-merge-test
branch
2 times, most recently
from
3fb3b97 to
8ab94b7
Compare
valentindavid
force-pushed
the
valentindavid/fde-branch-merge-test
branch
4 times, most recently
from
4c41e58 to
ad7b8c4
Compare
We also make the FDE state manager install the the backend function to be associated with the state.
Because we will need to enroll multiple keys, we need to make the first key at volume creation a bootstrap key that we remove in the end. This commit does not implement it, but it does add the abstraction where to allow us to do it.
When using FDE with hooks or tpm, modifying the run model in the boot partition should result in disk that does not unlock. A recovery must be used in that case.
Its use was removed in 3988a93 which was in PR canonical#11715
Also update github.com/mvo5/goconfigparser to latest.
There was a bug where the protector key file for the plainkey of the ubuntu-save partition was incorrectly used as the unlock key, the fix is to first check the unlock key from the keyring if it is not there, then probably the key file is for the unlock key and no plainkey is used. Signed-off-by: Zeyad Gouda <[email protected]> * fixup! secboot: use default-fallback to be consistent with reality Signed-off-by: Zeyad Gouda <[email protected]> --------- Signed-off-by: Zeyad Gouda <[email protected]>
Some old kernels do not store keys in the keyring at all. Unfortunately, we do need an FDE state so that we can reseal, as resealing needs to save/retrieve the policies in/from the state.
Mock the architecture so that boot assets can be properly identified even when running unit tests on ARM64. Signed-off-by: Maciej Borzecki <[email protected]>
…cal#14945) * tests/nested/core/core20-fault-inject-on-refresh: disable FDE Refresh from store get some kernel that have an old initrd that do not support FDE installation from new snapd.
…vice There is a bug in old UC20 kernels where udev does not retrieve data from cold plugged disks initialized in initrd. It was fixed in: * canonical/core-initrd#58 * canonical/core-initrd#203
…t detected Because we do not count reboots correctly, if we did not see the second reboot, we should not fail.
We used 4 handles from 0x01880001-0x01880004 for PCR policies. We always used a pair and would switch to the other pair after factory reset. No instead we look for free handle in range 0x01880005-0x0188000F. We also use only one handle per primary key. When we factory reset, we should remove the handles correctly since the old primary key for the save partition should have been the same as the data partition that was removed, thus the handles should be the same. We also now correctly populate the FDE state with the correct handles.
In the case we update snapd with and old kernel, then reseal, the FDE state might be not set because we did not find the primary key from the initrd that set it in the legacy path. So if we do not find the key in the keyring, we should try and see if we find it in the old path.
…anonical#15021) Snapd needs `KeyringMode=shared`, but `snap-failure` runs it without. We either need to add access to the keyring or disable initialization of FDE state when re-seeding.
If a plainkey token is used then the key sealed with FDE hook should have the same primary key. This was added for TPM, but I forgot to add it to FDE hook.
This a temporary measure since pc-kernel in store does not have a fresh enough snap-bootstrap.
The encrypted case is more complex and is covered in tests/nested/manual/remodel-uc-to-next-version-fakestore
Until now, we were just delete old keys on factory-reset instead of renaming if cryptsetup was too old. But this is a bit too dangerous. Instead we copy-delete them. Second, we need to convert old keyslots to have a name so we can remove them after.
valentindavid
force-pushed
the
valentindavid/fde-branch-merge-test
branch
from
ad7b8c4 to
e325e60
Compare
pedronis
added
Skip spread
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.