git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Thu, 27 May 2021 20:55:39 +0000 (22:55 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 28 May 2021 14:36:52 +0000 (16:36 +0200)
commit	3cc00ba60594cbce0aa416e54b846988376685f8
tree	9bb39c3bc747089bfe852a86ddcbe728a996e760	tree \| snapshot
parent	1ce8f69dbd9b6dc931defb32cb7ee0229935d176	commit \| diff

cryptsetup: revert to systemd 248 up/pin/uv FIDO2 settings when we don't have LUKS2 JSON data telling us the precise configuration

Let's improve compatibility with systemd 248 enrollments of FIDO2 keys:
if we have no information about the up/uv/pin settings, let's try to
determine them automatically, i.e. use up and pin if needed.

This only has an effect on LUKS2 volumes where a FIDO2 key was enrolled
with systemd 248 and thus the JSON data lacks the up/uv/pin fields. It
also matters if the user configured FIDO2 parameters explicitly via
crypttab options, so that the JSON data is not used.

For newer enrollments we'll stick to the explicit settings, as that's
generally much safer and robust.

src/cryptsetup/cryptsetup-fido2.c		diff \| blob \| blame \| history
src/cryptsetup/cryptsetup.c		diff \| blob \| blame \| history
src/shared/libfido2-util.c		diff \| blob \| blame \| history
src/shared/libfido2-util.h		diff \| blob \| blame \| history