Skip to content

Commit

Permalink
cmd/snap-bootstrap: unlock save partition with protector key
Browse files Browse the repository at this point in the history
  • Loading branch information
@valentindavid
valentindavid committed Oct 15, 2024
1 parent 0a211fd commit 3b9f37f
Show file tree
Hide file tree
Showing 6 changed files with 93 additions and 36 deletions.
14 changes: 7 additions & 7 deletions cmd/snap-bootstrap/cmd_initramfs_mounts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@ var (
snap.TypeSnapd: "snapd",
}

secbootProvisionForCVM func(initramfsUbuntuSeedDir string) error
secbootMeasureSnapSystemEpochWhenPossible func() error
secbootMeasureSnapModelWhenPossible func(findModel func() (*asserts.Model, error)) error
secbootUnlockVolumeUsingSealedKeyIfEncrypted func(disk disks.Disk, name string, encryptionKeyFile string, opts *secboot.UnlockVolumeUsingSealedKeyOptions) (secboot.UnlockResult, error)
secbootUnlockEncryptedVolumeUsingKey func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error)
secbootProvisionForCVM func(initramfsUbuntuSeedDir string) error
secbootMeasureSnapSystemEpochWhenPossible func() error
secbootMeasureSnapModelWhenPossible func(findModel func() (*asserts.Model, error)) error
secbootUnlockVolumeUsingSealedKeyIfEncrypted func(disk disks.Disk, name string, encryptionKeyFile string, opts *secboot.UnlockVolumeUsingSealedKeyOptions) (secboot.UnlockResult, error)
secbootUnlockEncryptedVolumeUsingProtectorKey func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error)

secbootLockSealedKeys func() error

Expand Down Expand Up @@ -1211,7 +1211,7 @@ func (m *recoverModeStateMachine) unlockEncryptedSaveRunKey() (stateFunc, error)
return m.unlockEncryptedSaveFallbackKey, nil
}

unlockRes, unlockErr := secbootUnlockEncryptedVolumeUsingKey(m.disk, "ubuntu-save", key)
unlockRes, unlockErr := secbootUnlockEncryptedVolumeUsingProtectorKey(m.disk, "ubuntu-save", key)
if err := m.setUnlockStateWithRunKey("ubuntu-save", unlockRes, unlockErr); err != nil {
return nil, err
}
Expand Down Expand Up @@ -1800,7 +1800,7 @@ func maybeMountSave(disk disks.Disk, rootdir string, encrypted bool, mountOpts *
if err != nil {
return true, err
}
unlockRes, err := secbootUnlockEncryptedVolumeUsingKey(disk, "ubuntu-save", key)
unlockRes, err := secbootUnlockEncryptedVolumeUsingProtectorKey(disk, "ubuntu-save", key)
if err != nil {
return true, fmt.Errorf("cannot unlock ubuntu-save volume: %v", err)
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/snap-bootstrap/cmd_initramfs_mounts_nosecboot.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func init() {
secbootUnlockVolumeUsingSealedKeyIfEncrypted = func(disk disks.Disk, name string, sealedEncryptionKeyFile string, opts *secboot.UnlockVolumeUsingSealedKeyOptions) (secboot.UnlockResult, error) {
return secboot.UnlockResult{}, errNotImplemented
}
secbootUnlockEncryptedVolumeUsingKey = func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
secbootUnlockEncryptedVolumeUsingProtectorKey = func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
return secboot.UnlockResult{}, errNotImplemented
}

Expand Down
2 changes: 1 addition & 1 deletion cmd/snap-bootstrap/cmd_initramfs_mounts_secboot.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,6 @@ func init() {
secbootMeasureSnapSystemEpochWhenPossible = secboot.MeasureSnapSystemEpochWhenPossible
secbootMeasureSnapModelWhenPossible = secboot.MeasureSnapModelWhenPossible
secbootUnlockVolumeUsingSealedKeyIfEncrypted = secboot.UnlockVolumeUsingSealedKeyIfEncrypted
secbootUnlockEncryptedVolumeUsingKey = secboot.UnlockEncryptedVolumeUsingKey
secbootUnlockEncryptedVolumeUsingProtectorKey = secboot.UnlockEncryptedVolumeUsingProtectorKey
secbootLockSealedKeys = secboot.LockSealedKeys
}
46 changes: 23 additions & 23 deletions cmd/snap-bootstrap/cmd_initramfs_mounts_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2368,7 +2368,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRunModeEncryptedDataHappy(c *C
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

saveActivated := false
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
saveActivated = true
c.Assert(name, Equals, "ubuntu-save")
Expand Down Expand Up @@ -2586,7 +2586,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRunModeEncryptedDataUnhappyNoS

// the test does not mock ubuntu-save.key, the secboot helper for
// opening a volume using the key should not be called
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Fatal("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
})
Expand Down Expand Up @@ -2664,7 +2664,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRunModeEncryptedDataUnhappyUnl
defer restore()

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/data/system-data"), "foo", "")
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not yet activated"))
return foundEncrypted("ubuntu-save"), fmt.Errorf("ubuntu-save unlock fail")
})
Expand Down Expand Up @@ -3692,7 +3692,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeHappyEncrypted(c *C
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

saveActivated := false
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
encDevPartUUID, err := disk.FindMatchingPartitionUUIDWithFsLabel(name + "-enc")
c.Assert(err, IsNil)
Expand Down Expand Up @@ -3851,7 +3851,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedDegradedDa
s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "marker")
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
encDevPartUUID, err := disk.FindMatchingPartitionUUIDWithFsLabel(name + "-enc")
c.Assert(err, IsNil)
Expand Down Expand Up @@ -4029,7 +4029,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedDegradedSa
s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "marker")
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
encDevPartUUID, err := disk.FindMatchingPartitionUUIDWithFsLabel(name + "-enc")
c.Assert(err, IsNil)
Expand Down Expand Up @@ -4200,7 +4200,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedDegradedAb
s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "marker")
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
encDevPartUUID, err := disk.FindMatchingPartitionUUIDWithFsLabel(name + "-enc")
c.Assert(err, IsNil)
Expand Down Expand Up @@ -4363,7 +4363,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedDegradedAb
s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "marker")
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
encDevPartUUID, err := disk.FindMatchingPartitionUUIDWithFsLabel(name + "-enc")
c.Assert(err, IsNil)
Expand Down Expand Up @@ -4535,7 +4535,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedDegradedDa

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
// nothing can call this function in the tested scenario
c.Fatalf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
Expand Down Expand Up @@ -4725,7 +4725,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeDegradedAbsentDataU

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
// nothing can call this function in the tested scenario
c.Fatalf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
Expand Down Expand Up @@ -4916,7 +4916,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeDegradedUnencrypted

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
// nothing can call this function in the tested scenario
c.Fatalf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
Expand Down Expand Up @@ -5062,7 +5062,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeDegradedEncryptedDa

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
// nothing can call this function in the tested scenario
c.Fatalf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
Expand Down Expand Up @@ -5186,7 +5186,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeUnencryptedDataUnen

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
// nothing can call this function in the tested scenario
c.Fatalf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
Expand Down Expand Up @@ -5325,7 +5325,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedDegradedAb

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
// nothing can call this function in the tested scenario
c.Fatalf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
Expand Down Expand Up @@ -5531,7 +5531,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedDegradedDa

s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
// nothing can call this function in the tested scenario
c.Fatalf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
Expand Down Expand Up @@ -5696,7 +5696,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedMismatched
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

saveActivated := false
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
encDevPartUUID, err := disk.FindMatchingPartitionUUIDWithFsLabel(name + "-enc")
c.Assert(err, IsNil)
Expand Down Expand Up @@ -5910,7 +5910,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsRecoverModeEncryptedAttackerFS
s.mockUbuntuSaveKeyAndMarker(c, filepath.Join(dirs.GlobalRootDir, "/run/mnt/host/ubuntu-data/system-data"), "foo", "marker")
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
encDevPartUUID, err := disk.FindMatchingPartitionUUIDWithFsLabel(name + "-enc")
c.Assert(err, IsNil)
c.Assert(encDevPartUUID, Equals, "ubuntu-save-enc-partuuid")
Expand Down Expand Up @@ -6459,7 +6459,7 @@ func (s *initramfsMountsSuite) testInitramfsMountsTryRecoveryDegraded(c *C, expe
})
defer restore()
unlockVolumeWithKeyCalls := 0
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
unlockVolumeWithKeyCalls++
switch unlockVolumeWithKeyCalls {
case 1:
Expand Down Expand Up @@ -6760,7 +6760,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsFactoryResetModeHappyEncrypted
})
defer restore()

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Errorf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
})
Expand Down Expand Up @@ -6883,7 +6883,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsFactoryResetModeHappyUnencrypt
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
})
defer restore()
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Errorf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
})
Expand Down Expand Up @@ -6969,7 +6969,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsFactoryResetModeHappyUnencrypt
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
})
defer restore()
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Errorf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
})
Expand Down Expand Up @@ -7056,7 +7056,7 @@ func (s *initramfsMountsSuite) TestInitramfsMountsFactoryResetModeUnhappyUnlockE
})
defer restore()

restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Errorf("unexpected call")
return secboot.UnlockResult{}, fmt.Errorf("unexpected call")
})
Expand Down Expand Up @@ -7638,7 +7638,7 @@ func (s *initramfsClassicMountsSuite) TestInitramfsMountsRunModeEncryptedDataHap
s.mockUbuntuSaveMarker(c, boot.InitramfsUbuntuSaveDir, "marker")

saveActivated := false
restore = main.MockSecbootUnlockEncryptedVolumeUsingKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
restore = main.MockSecbootUnlockEncryptedVolumeUsingProtectorKey(func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error) {
c.Check(dataActivated, Equals, true, Commentf("ubuntu-data not activated yet"))
saveActivated = true
c.Assert(name, Equals, "ubuntu-save")
Expand Down
8 changes: 4 additions & 4 deletions cmd/snap-bootstrap/export_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,11 +129,11 @@ func MockSecbootUnlockVolumeUsingSealedKeyIfEncrypted(f func(disk disks.Disk, na
}
}

func MockSecbootUnlockEncryptedVolumeUsingKey(f func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error)) (restore func()) {
old := secbootUnlockEncryptedVolumeUsingKey
secbootUnlockEncryptedVolumeUsingKey = f
func MockSecbootUnlockEncryptedVolumeUsingProtectorKey(f func(disk disks.Disk, name string, key []byte) (secboot.UnlockResult, error)) (restore func()) {
old := secbootUnlockEncryptedVolumeUsingProtectorKey
secbootUnlockEncryptedVolumeUsingProtectorKey = f
return func() {
secbootUnlockEncryptedVolumeUsingKey = old
secbootUnlockEncryptedVolumeUsingProtectorKey = old
}
}

Expand Down
Loading

0 comments on commit 3b9f37f

Please sign in to comment.