Skip to content

service: Adjust management of default encryption settings #2053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ancorgs merged 2 commits into from
Feb 24, 2025
Merged

service: Adjust management of default encryption settings #2053

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bdea0e5
service: Adjust management of default encryption settings
ancorgs Feb 23, 2025
cedbff7
Changelog
ancorgs Feb 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions service/lib/agama/storage/config_solvers/encryption.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,7 @@ def solve_encryption(config)

encryption = config.encryption
encryption.method ||= default_encryption.method

# Recovering values from the default encryption only makes sense if the encryption method
# is the same.
solve_encryption_values(encryption) if encryption.method == default_encryption.method
solve_encryption_values(encryption)
end

def solve_physical_volumes_encryptions
Expand All @@ -69,14 +66,17 @@ def solve_physical_volumes_encryption(config)

encryption = config.physical_volumes_encryption
encryption.method ||= default_encryption.method

# Recovering values from the default encryption only makes sense if the encryption method
# is the same.
solve_encryption_values(encryption) if encryption.method == default_encryption.method
solve_encryption_values(encryption)
end

# @param config [Configs::Encryption]
def solve_encryption_values(config)
# FIXME: We need better mechanisms to define these values (eg. the process for TpmFde
# enforces pbkdf2, but that is not reflected in the case of planned devices).
# As a first (not perfect) control mechanism, the values are ignored if the default
# encryption type does not match
return if config.method.encryption_type != default_encryption.method.encryption_type

config.password ||= default_encryption.password
config.pbkd_function ||= default_encryption.pbkd_function
config.label ||= default_encryption.label
Expand Down
6 changes: 6 additions & 0 deletions service/package/rubygem-agama-yast.changes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Feb 24 07:41:17 UTC 2025 - Ancor Gonzalez Sosa <ancor@suse.com>

- Adjust default encryption settings to better support TPM-based
unlocking (gh#agama-project/agama#2053).

-------------------------------------------------------------------
Fri Feb 21 13:59:30 UTC 2025 - José Iván López González <jlopez@suse.com>

Expand Down