Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/archinstall/lib/menu
diff options
context:
space:
mode:
authorAnton Hvornum <anton@hvornum.se>2022-05-18 11:28:59 +0200
committerGitHub <noreply@github.com>2022-05-18 11:28:59 +0200
commit493cccc18fa8c77c362b6abee2c3dc89d331c792 (patch)
tree5778ffbf361ecf80360b4848bc683c8387965d9a /archinstall/lib/menu
parent561ea7e8f5c326312cc61c03d1b2329111f7634b (diff)
Added a HSM menu entry (#1196)
* Added a HSM menu entry, but also a safety check to make sure a FIDO device is connected * flake8 complaints * Adding FIDO lookup using cryptenroll listing * Added systemd-cryptenroll --fido2-device=list * Removed old _select_hsm call * Fixed flake8 complaints * Added support for locking and unlocking with a HSM * Removed hardcoded paths in favor of PR merge * Removed hardcoded paths in favor of PR merge * Fixed mypy complaint * Flake8 issue * Added sd-encrypt for HSM and revert back to encrypt when HSM is not used (stability reason) * Added /etc/vconsole.conf and tweaked fido2_enroll() to use the proper paths * Spelling error * Using UUID instead of PARTUUID when using HSM. I can't figure out how to get sd-encrypt to use PARTUUID instead. Added a Partition().part_uuid function. Actually renamed .uuid to .part_uuid and created a .uuid instead. * Adding missing package libfido2 and removed tpm2-device=auto as it overrides everything and forces password prompt to be used over FIDO2, no matter the order of the options. * Added some notes to clarify some choices. * Had to move libfido2 package install to later in the chain, as there's not even a base during mounting :P
Diffstat (limited to 'archinstall/lib/menu')
-rw-r--r--archinstall/lib/menu/global_menu.py6
-rw-r--r--archinstall/lib/menu/selection_menu.py24
2 files changed, 30 insertions, 0 deletions
diff --git a/archinstall/lib/menu/global_menu.py b/archinstall/lib/menu/global_menu.py
index 13d385ef..d807433c 100644
--- a/archinstall/lib/menu/global_menu.py
+++ b/archinstall/lib/menu/global_menu.py
@@ -85,6 +85,12 @@ class GlobalMenu(GeneralMenu):
lambda x: self._select_encrypted_password(),
display_func=lambda x: secret(x) if x else 'None',
dependencies=['harddrives'])
+ self._menu_options['HSM'] = Selector(
+ description=_('Use HSM to unlock encrypted drive'),
+ func=lambda preset: self._select_hsm(preset),
+ dependencies=['!encryption-password'],
+ default=None
+ )
self._menu_options['swap'] = \
Selector(
_('Swap'),
diff --git a/archinstall/lib/menu/selection_menu.py b/archinstall/lib/menu/selection_menu.py
index 35057e9c..26be4cc7 100644
--- a/archinstall/lib/menu/selection_menu.py
+++ b/archinstall/lib/menu/selection_menu.py
@@ -2,12 +2,14 @@ from __future__ import annotations
import logging
import sys
+import pathlib
from typing import Callable, Any, List, Iterator, Tuple, Optional, Dict, TYPE_CHECKING
from .menu import Menu, MenuSelectionType
from ..locale_helpers import set_keyboard_language
from ..output import log
from ..translation import Translation
+from ..hsm.fido import get_fido2_devices
if TYPE_CHECKING:
_: Any
@@ -466,3 +468,25 @@ class GeneralMenu:
return language
return preset_value
+
+ def _select_hsm(self, preset :Optional[pathlib.Path] = None) -> Optional[pathlib.Path]:
+ title = _('Select which partitions to mark for formatting:')
+ title += '\n'
+
+ fido_devices = get_fido2_devices()
+
+ indexes = []
+ for index, path in enumerate(fido_devices.keys()):
+ title += f"{index}: {path} ({fido_devices[path]['manufacturer']} - {fido_devices[path]['product']})"
+ indexes.append(f"{index}|{fido_devices[path]['product']}")
+
+ title += '\n'
+
+ choice = Menu(title, indexes, multi=False).run()
+
+ match choice.type_:
+ case MenuSelectionType.Esc: return preset
+ case MenuSelectionType.Selection:
+ return pathlib.Path(list(fido_devices.keys())[int(choice.value.split('|',1)[0])])
+
+ return None \ No newline at end of file