diff options
| author | Aidan Dang <dang@aidan.gg> | 2022-09-26 00:12:10 +1000 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-10-07 16:36:04 +0200 |
| commit | fd83c98e8a462b9b5ae07e3d7a2ace500b50c172 (patch) | |
| tree | 364be92f922271f10ccef7745970559639814eda /src/home | |
| parent | b25e08a752017cb71fc86cf8d3012339143dee89 (diff) | |
| download | systemd-fd83c98e8a462b9b5ae07e3d7a2ace500b50c172.tar.gz | |
Implement --luks-sector-size for homed
Diffstat (limited to 'src/home')
| -rw-r--r-- | src/home/homectl.c | 46 | ||||
| -rw-r--r-- | src/home/homework-luks.c | 6 |
2 files changed, 49 insertions, 3 deletions
diff --git a/src/home/homectl.c b/src/home/homectl.c index 7ccee4df10..87a1c6883f 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -1797,6 +1797,26 @@ static int parse_disk_size(const char *t, uint64_t *ret) { return 0; } +static int parse_sector_size(const char *t, uint64_t *ret) { + int r; + + assert(t); + assert(ret); + + uint64_t ss; + + r = safe_atou64(t, &ss); + if (r < 0) + return log_error_errno(r, "Failed to parse sector size parameter %s", t); + if (ss < 512 || ss > 4096) /* Allow up to 4K due to dm-crypt support and 4K alignment by the homed LUKS backend */ + return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Sector size not between 512 and 4096: %s", t); + if (!ISPOWEROF2(ss)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Sector size not power of 2: %s", t); + + *ret = ss; + return 0; +} + static int resize_home(int argc, char *argv[], void *userdata) { _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; _cleanup_(user_record_unrefp) UserRecord *secret = NULL; @@ -2291,6 +2311,8 @@ static int help(int argc, char *argv[], void *userdata) { " Memory cost for PBKDF in bytes\n" " --luks-pbkdf-parallel-threads=NUMBER\n" " Number of parallel threads for PKBDF\n" + " --luks-sector-size=BYTES\n" + " Sector size for LUKS encryption in bytes\n" " --luks-extra-mount-options=OPTIONS\n" " LUKS extra mount options\n" " --auto-resize-mode=MODE Automatically grow/shrink home on login/logout\n" @@ -2372,6 +2394,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_LUKS_PBKDF_TIME_COST, ARG_LUKS_PBKDF_MEMORY_COST, ARG_LUKS_PBKDF_PARALLEL_THREADS, + ARG_LUKS_SECTOR_SIZE, ARG_RATE_LIMIT_INTERVAL, ARG_RATE_LIMIT_BURST, ARG_STOP_DELAY, @@ -2452,6 +2475,7 @@ static int parse_argv(int argc, char *argv[]) { { "luks-pbkdf-time-cost", required_argument, NULL, ARG_LUKS_PBKDF_TIME_COST }, { "luks-pbkdf-memory-cost", required_argument, NULL, ARG_LUKS_PBKDF_MEMORY_COST }, { "luks-pbkdf-parallel-threads", required_argument, NULL, ARG_LUKS_PBKDF_PARALLEL_THREADS }, + { "luks-sector-size", required_argument, NULL, ARG_LUKS_SECTOR_SIZE }, { "nosuid", required_argument, NULL, ARG_NOSUID }, { "nodev", required_argument, NULL, ARG_NODEV }, { "noexec", required_argument, NULL, ARG_NOEXEC }, @@ -3095,6 +3119,28 @@ static int parse_argv(int argc, char *argv[]) { break; } + case ARG_LUKS_SECTOR_SIZE: { + uint64_t ss; + + if (isempty(optarg)) { + r = drop_from_identity("luksSectorSize"); + if (r < 0) + return r; + + break; + } + + r = parse_sector_size(optarg, &ss); + if (r < 0) + return r; + + r = json_variant_set_field_unsigned(&arg_identity_extra, "luksSectorSize", ss); + if (r < 0) + return log_error_errno(r, "Failed to set sector size field: %m"); + + break; + } + case ARG_UMASK: { mode_t m; diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index 43e6ee02a8..858d9dda19 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -1378,7 +1378,7 @@ int home_setup_luks( return r; } - r = loop_device_make(setup->image_fd, O_RDWR, offset, size, 0, LOCK_UN, &setup->loop); + r = loop_device_make(setup->image_fd, O_RDWR, offset, size, user_record_luks_sector_size(h), 0, LOCK_UN, &setup->loop); if (r == -ENOENT) { log_error_errno(r, "Loopback block device support is not available on this system."); return -ENOLINK; /* make recognizable */ @@ -1761,7 +1761,7 @@ static int luks_format( &(struct crypt_params_luks2) { .label = label, .subsystem = "systemd-home", - .sector_size = 512U, + .sector_size = user_record_luks_sector_size(hr), .pbkdf = &good_pbkdf, }); if (r < 0) @@ -2299,7 +2299,7 @@ int home_create_luks( log_info("Writing of partition table completed."); - r = loop_device_make(setup->image_fd, O_RDWR, partition_offset, partition_size, 0, LOCK_EX, &setup->loop); + r = loop_device_make(setup->image_fd, O_RDWR, partition_offset, partition_size, user_record_luks_sector_size(h), 0, LOCK_EX, &setup->loop); if (r < 0) { if (r == -ENOENT) { /* this means /dev/loop-control doesn't exist, i.e. we are in a container * or similar and loopback bock devices are not available, return a |