Crate crypt_policy

crypt_policy contains all the key policy logic for the different operations that can be done with hardware keys. Keeping the policy logic in one place makes it easier to audit.

Enums

• KeyConsumer
  Fxfs and zxcrypt have different null keys, so operations have to indicate which is ultimately going to consume the key we produce.
• KeySource
• Policy

Functions

• format_sources
  Returns all valid key sources when formatting a volume, based on policy.
• get_policy
  Reads the policy from well-known locations in /boot.
• unseal_sources
  Returns all valid key sources when unsealing a volume, based on policy.