class EncryptedVolumeClient

class EncryptedVolumeClient

Defined at line 78 of file ../../src/security/lib/zxcrypt/client.h

|zxcrypt::EncryptedVolumeClient| represents a channel to an instance of a bound

zxcrypt device (named "zxcrypt" in the device tree).

Public Methods

void EncryptedVolumeClient (zx::channel && channel)

Defined at line 215 of file ../../src/security/lib/zxcrypt/client.cc

zx_status_t Format (const uint8_t * key, size_t key_len, uint8_t slot)

Request that the volume provided by the manager represented by |chan| be

formatted with the given key material/slot, destroying all previous data

and key slots. This function will only succeed on a sealed volume.

Defined at line 218 of file ../../src/security/lib/zxcrypt/client.cc

zx_status_t FormatWithImplicitKey (uint8_t slot)

Request that the volume provided by the manager represented by |chan| be

formatted with a product-defined device key associated with the specified

slot, destroying any previous superblock. The caller must have access to

/boot/config/zxcrypt in its namespace to use this function. This function

will only succeed on a sealed volume.

Defined at line 234 of file ../../src/security/lib/zxcrypt/client.cc

zx_status_t Unseal (const uint8_t * key, size_t key_len, uint8_t slot)

Request that the volume provided by the manager represented by |chan| be

unsealed with the given key material/slot. If successful, the driver

will create a child device named |unsealed| which exposes a block interface.

Defined at line 241 of file ../../src/security/lib/zxcrypt/client.cc

zx_status_t UnsealWithImplicitKey (uint8_t slot)

Request that the volume provided by the manager represented by |chan| be

unsealed with an product-defined device key associated with the specified

slot. The caller must have access to /boot/config/zxcrypt in its

namespace to use this function. If successful, the driver will create a

child device named |unsealed| which exposes a block interface.

Defined at line 257 of file ../../src/security/lib/zxcrypt/client.cc

zx_status_t Seal ()

Request that the volume provided by the manager represented by |chan| be

sealed. After calling this method, it is an error to make any further

calls with this EncryptedVolumeClient.

Defined at line 264 of file ../../src/security/lib/zxcrypt/client.cc

zx_status_t Shred ()

Request that the volume provided by the manager represented by |chan| be

shredded, permanently rendering the device unable to be |Unseal|ed again in

the future. This renders all data on the volume permanently inaccessible

once it is sealed.

Defined at line 277 of file ../../src/security/lib/zxcrypt/client.cc