2022-10-03 09:03:48 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"os"
|
|
|
|
|
|
2024-09-18 08:10:39 +00:00
|
|
|
"github.com/kairos-io/kairos-sdk/types"
|
2023-04-19 12:44:33 +00:00
|
|
|
"github.com/kairos-io/kcrypt/pkg/lib"
|
2024-05-30 12:19:19 +00:00
|
|
|
"github.com/urfave/cli/v2"
|
2022-10-03 09:03:48 +00:00
|
|
|
)
|
|
|
|
|
|
2022-11-15 13:09:56 +00:00
|
|
|
var Version = "v0.0.0-dev"
|
|
|
|
|
|
2022-10-03 09:03:48 +00:00
|
|
|
func main() {
|
|
|
|
|
app := &cli.App{
|
2022-11-15 13:09:56 +00:00
|
|
|
Name: "kairos-kcrypt",
|
|
|
|
|
Version: Version,
|
2024-05-30 12:19:19 +00:00
|
|
|
Authors: []*cli.Author{&cli.Author{Name: "Ettore Di Giacinto"}},
|
2022-11-15 13:09:56 +00:00
|
|
|
Usage: "kairos escrow key agent component",
|
2022-10-03 09:03:48 +00:00
|
|
|
Description: ``,
|
2022-10-05 21:09:04 +00:00
|
|
|
UsageText: ``,
|
|
|
|
|
Copyright: "Ettore Di Giacinto",
|
2024-05-30 12:19:19 +00:00
|
|
|
Commands: []*cli.Command{
|
2022-10-03 09:03:48 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
Name: "encrypt",
|
|
|
|
|
Description: "Encrypts a partition",
|
2023-11-30 10:01:39 +00:00
|
|
|
Usage: "Encrypts a partition",
|
2024-05-28 09:48:37 +00:00
|
|
|
ArgsUsage: "kcrypt [--tpm] [--tpm-pcrs] [--public-key-pcrs] LABEL",
|
2023-11-30 10:01:39 +00:00
|
|
|
Flags: []cli.Flag{
|
|
|
|
|
&cli.BoolFlag{
|
|
|
|
|
Name: "tpm",
|
2024-05-28 09:48:37 +00:00
|
|
|
Usage: "Use TPM measurements to lock the partition",
|
|
|
|
|
},
|
|
|
|
|
&cli.StringSliceFlag{
|
|
|
|
|
Name: "tpm-pcrs",
|
|
|
|
|
Usage: "tpm pcrs to bind to (single measurement) . Only applies when --tpm is also set.",
|
|
|
|
|
},
|
|
|
|
|
&cli.StringSliceFlag{
|
|
|
|
|
Name: "public-key-pcrs",
|
|
|
|
|
Usage: "public key pcrs to bind to (policy). Only applies when --tpm is also set.",
|
2024-05-30 12:19:19 +00:00
|
|
|
Value: cli.NewStringSlice("11"),
|
2023-11-30 10:01:39 +00:00
|
|
|
},
|
|
|
|
|
},
|
2022-10-03 09:03:48 +00:00
|
|
|
Action: func(c *cli.Context) error {
|
2024-05-28 09:48:37 +00:00
|
|
|
var err error
|
|
|
|
|
var out string
|
2022-10-03 09:03:48 +00:00
|
|
|
if c.NArg() != 1 {
|
|
|
|
|
return fmt.Errorf("requires 1 arg, the partition label")
|
|
|
|
|
}
|
2024-09-18 08:10:39 +00:00
|
|
|
log := types.NewKairosLogger("kcrypt-lock", "info", false)
|
2024-05-28 09:48:37 +00:00
|
|
|
if c.Bool("tpm") {
|
|
|
|
|
err = lib.LuksifyMeasurements(c.Args().First(), c.StringSlice("tpm-pcrs"), c.StringSlice("public-key-pcrs"), log)
|
|
|
|
|
} else {
|
|
|
|
|
out, err = lib.Luksify(c.Args().First(), log)
|
|
|
|
|
fmt.Println(out)
|
|
|
|
|
}
|
2022-11-10 14:20:47 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-05-28 09:48:37 +00:00
|
|
|
|
2022-11-10 14:20:47 +00:00
|
|
|
return nil
|
2022-10-03 09:03:48 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
{
|
2023-11-30 10:01:39 +00:00
|
|
|
Name: "unlock-all",
|
|
|
|
|
UsageText: "unlock-all",
|
|
|
|
|
Usage: "Try to unlock all LUKS partitions",
|
|
|
|
|
Description: "Typically run during initrd to unlock all the LUKS partitions found",
|
2023-11-30 10:39:21 +00:00
|
|
|
ArgsUsage: "kcrypt [--tpm] unlock-all",
|
|
|
|
|
Flags: []cli.Flag{
|
|
|
|
|
&cli.BoolFlag{
|
|
|
|
|
Name: "tpm",
|
|
|
|
|
Usage: "Use TPM to unlock the partition",
|
|
|
|
|
},
|
|
|
|
|
},
|
2022-10-03 09:03:48 +00:00
|
|
|
Action: func(c *cli.Context) error {
|
2023-11-30 10:39:21 +00:00
|
|
|
return lib.UnlockAll(c.Bool("tpm"))
|
2022-10-03 09:03:48 +00:00
|
|
|
},
|
|
|
|
|
},
|
2023-11-30 09:24:55 +00:00
|
|
|
{
|
|
|
|
|
|
2023-11-30 10:01:39 +00:00
|
|
|
Name: "extract-initrd",
|
|
|
|
|
Hidden: true,
|
2023-11-30 09:24:55 +00:00
|
|
|
Action: func(c *cli.Context) error {
|
|
|
|
|
if c.NArg() != 2 {
|
|
|
|
|
return fmt.Errorf("requires 3 args. initrd,, dst")
|
|
|
|
|
}
|
2024-05-30 12:19:19 +00:00
|
|
|
return lib.ExtractInitrd(c.Args().First(), c.Args().Get(1))
|
2023-11-30 09:24:55 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
2023-11-30 10:01:39 +00:00
|
|
|
Name: "inject-initrd",
|
|
|
|
|
Hidden: true,
|
2023-11-30 09:24:55 +00:00
|
|
|
Action: func(c *cli.Context) error {
|
|
|
|
|
if c.NArg() != 3 {
|
|
|
|
|
return fmt.Errorf("requires 3 args. initrd, srcfile, dst")
|
|
|
|
|
}
|
2024-05-30 12:19:19 +00:00
|
|
|
return lib.InjectInitrd(c.Args().First(), c.Args().Get(1), c.Args().Get(2))
|
2023-11-30 09:24:55 +00:00
|
|
|
},
|
|
|
|
|
},
|
2022-10-03 09:03:48 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := app.Run(os.Args); err != nil {
|
|
|
|
|
fmt.Println(err.Error())
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
}
|
