Documentation ¶
Index ¶
Constants ¶
View Source
const ( FlagAllowDiscards string = "allow-discards" FlagSameCPUCrypt string = "same-cpu-crypt" FlagSubmitFromCryptCPUs string = "submit-from-crypt-cpus" FlagNoReadWorkqueue string = "no-read-workqueue" // supported at Linux 5.9 or newer FlagNoWriteWorkqueue string = "no-write-workqueue" // supported at Linux 5.9 or newer )
List of options handled by luks.go API. These names correspond to LUKSv2 persistent flags names (see persistent_flags[] array).
Variables ¶
View Source
var ErrPassphraseDoesNotMatch = fmt.Errorf("Passphrase does not match")
ErrPassphraseDoesNotMatch is an error that indicates provided passphrase does not match
Functions ¶
Types ¶
type Device ¶
type Device interface { io.Closer // Version returns version of LUKS disk Version() int // Path returns block device path Path() string // UUID returns UUID of the LUKS partition UUID() string // Slots returns list of all active slots for this device sorted by priority Slots() []int // Tokens returns list of available tokens (metadata) for slots Tokens() ([]Token, error) // FlagsGet get the list of LUKS flags (options) used during unlocking FlagsGet() []string // FlagsAdd adds LUKS flags used for the upcoming unlocking // Note that this method does not update LUKS v2 persistent flags FlagsAdd(flags ...string) error // FlagsClear clears flags // Note that this method does not update LUKS v2 persistent flags FlagsClear() // UnsealVolume recovers slot password and then populates Volume structure that contains information needed to // create a mapper device UnsealVolume(keyslot int, passphrase []byte) (*Volume, error) // Unlock is a shortcut for // “`go // volume, err := dev.UnsealVolume(keyslot, passphrase) // volume.SetupMapper(dmName) // “` Unlock(keyslot int, passphrase []byte, dmName string) error // UnlockAny iterates over all available slots and tries to unlock them until succeeds UnlockAny(passphrase []byte, dmName string) error }
Device represents LUKS partition data
type Token ¶
type Token struct { ID int Slots []int // Type of the token e.g. "clevis", "systemd-fido2" Type string Payload []byte }
Token represents LUKS token metadata information
type Volume ¶
type Volume struct { BackingDevice string Flags []string // luks-named flags UUID string LuksType string StorageEncryption string StorageIvTweak uint64 StorageSectorSize uint64 StorageOffset uint64 // offset of underlying storage in bytes StorageSize uint64 // length of underlying device in bytes, zero means that size should be calculated using `diskSize` function // contains filtered or unexported fields }
Volume represents information provided by an unsealed (i.e. with recovered password) LUKS slot
func (*Volume) SetupMapper ¶
SetupMapper creates a device mapper for the given LUKS volume
Source Files ¶
Click to show internal directories.
Click to hide internal directories.