42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From 5d69c34f59dbe7fce07d76057fc39198666ab44e Mon Sep 17 00:00:00 2001
|
|
Message-ID: <5d69c34f59dbe7fce07d76057fc39198666ab44e.1766065109.git.khanicov@redhat.com>
|
|
From: Ondrej Kozina <okozina@redhat.com>
|
|
Date: Thu, 27 Nov 2025 10:49:24 +0100
|
|
Subject: [PATCH] Reinstate pbkdf serialization flag in device activation.
|
|
|
|
crypt_activate_by_keyslot_context never respected pbkdf serialation
|
|
flag (CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF).
|
|
|
|
In fact it worked only when device was activated via passphrase or via
|
|
passphrase file. It was never respected when device was activated
|
|
by a token for example.
|
|
|
|
When the internal code was fully switched to activation via keyslot
|
|
context the legacy code for passphrase based activation was dropped
|
|
and we lost track of serialization flag completely.
|
|
|
|
This fixes all of the issues so now the serialization flag will be
|
|
respected also with tokens (and all other activation methods unlocking
|
|
LUKS2 keyslot with memory hard pbkdf).
|
|
|
|
Fixes: 58385d68d8f4 (Allow activation via keyslot context)
|
|
Fixes: #968.
|
|
---
|
|
lib/setup.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/lib/setup.c b/lib/setup.c
|
|
index f1b2033b..367d2d11 100644
|
|
--- a/lib/setup.c
|
|
+++ b/lib/setup.c
|
|
@@ -5450,6 +5450,9 @@ int crypt_activate_by_keyslot_context(struct crypt_device *cd,
|
|
return _activate_loopaes(cd, name, passphrase, passphrase_size, flags);
|
|
}
|
|
|
|
+ if (flags & CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF)
|
|
+ cd->memory_hard_pbkdf_lock_enabled = true;
|
|
+
|
|
/* acquire the volume key(s) */
|
|
r = -EINVAL;
|
|
if (isLUKS1(cd->type)) {
|