| commit | 8d5a3a0751b7d47cb01cff25449e83e4a633aa4f | [log] [tgz] |
|---|---|---|
| author | John Wedig <johnwedig@google.com> | Thu Sep 29 15:25:58 2022 -0700 |
| committer | John Wedig <johnwedig@google.com> | Fri Sep 30 16:48:33 2022 -0700 |
| tree | d9e7e7887881f57dde83c14cf7df5f3d8e1e494b | |
| parent | be47c8fe9272715c12a8bbe346778cdd742f80e6 [diff] |
Implement the changePassword method With this commit, it is now possible to change the password for the LUKS-encrypted volume, using the changePassword D-Bus method for eStoraged. Tested: $ busctl call xyz.openbmc_project.eStoraged \ /xyz/openbmc_project/inventory/storage/mmcblk0 \ xyz.openbmc_project.Inventory.Item.Volume FormatLuks ays 3 1 2 3 \ xyz.openbmc_project.Inventory.Item.Volume.FilesystemType.ext4 \ --timeout=60 $ busctl call xyz.openbmc_project.eStoraged \ /xyz/openbmc_project/inventory/storage/mmcblk0 \ xyz.openbmc_project.Inventory.Item.Volume ChangePassword \ ayay 3 1 2 3 3 4 5 6 $ busctl call xyz.openbmc_project.eStoraged \ /xyz/openbmc_project/inventory/storage/mmcblk0 \ xyz.openbmc_project.Inventory.Item.Volume Lock Attempted to unlock using the old password. It failed as expected. $ busctl call xyz.openbmc_project.eStoraged \ /xyz/openbmc_project/inventory/storage/mmcblk0 \ xyz.openbmc_project.Inventory.Item.Volume Unlock ay 3 1 2 3 Unlocked with the new password $ busctl call xyz.openbmc_project.eStoraged \ /xyz/openbmc_project/inventory/storage/mmcblk0 \ xyz.openbmc_project.Inventory.Item.Volume Unlock ay 3 4 5 6 Signed-off-by: John Wedig <johnwedig@google.com> Change-Id: If1395fb04f51b1fb1a3d26731422d21476205207
This daemon serves as an abstraction for an encrypted storage device, encapsulating the security functionality and providing a D-Bus interface to manage the encrypted filesystem on the device. Using the D-Bus interface, other software components can interact with eStoraged to do things like create a new encrypted filesystem, wipe its contents, lock/unlock the device, or change the password.