diff options
author | William Roberts <william.c.roberts@intel.com> | 2023-01-18 08:45:53 -0600 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-01-18 21:58:33 +0000 |
commit | aae6eb96117acd54ce5ac572aac6a11b34c4ad99 (patch) | |
tree | 82c3781c1d15e1c3bf2c50abbd5f94eab782c879 /src/partition | |
parent | f2af682cd6308f9b26035b83063e6aa8593e468c (diff) | |
download | systemd-aae6eb96117acd54ce5ac572aac6a11b34c4ad99.tar.gz |
tpm2: add salt to pin
Add a salt to the pin and store it in the TPM2 LUKS header for future
this. This adds entropy to user supplied pins and helps brute forcing
the passphrase on the key residing in the TPM or brute forcing bind key
encrypted sessions with low entropy passphrases.
Signed-off-by: malikabhi05 <abhishek.malik@intel.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Diffstat (limited to 'src/partition')
-rw-r--r-- | src/partition/repart.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/partition/repart.c b/src/partition/repart.c index 586a5edd2d..7c4a1ee01c 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -3390,6 +3390,7 @@ static int partition_encrypt(Context *context, Partition *p, const char *node) { primary_alg, blob, blob_size, hash, hash_size, + NULL, 0, /* no salt because tpm2_seal has no pin */ 0, &v); if (r < 0) |