Expand description
crypt_policy contains all the key policy logic for the different operations that can be done with hardware keys. Keeping the policy logic in one place makes it easier to audit.
Structs§
- Keymint
Sealed Data - Bundles together a handle to a Keymint sealing key together with a list of keys sealed by the sealing key. The contents of this struct can be persistently stored, as it contains no plaintext secrets.
- Null
KeySource - TeeDerived
KeySource
Enums§
- KeyConsumer
- Fxfs and zxcrypt have different null keys, so operations have to indicate which is ultimately going to consume the key we produce.
- KeySource
- Policy
Functions§
- format_
sources - Returns all valid key sources when formatting a volume, based on
policy. - get_
policy - Reads the policy from well-known locations in
/boot. - unseal_
sources - Returns all valid key sources when unsealing a volume, based on
policy.