-
Notifications
You must be signed in to change notification settings - Fork 22
Expand file tree
/
Copy pathstorage.go
More file actions
96 lines (87 loc) · 3.92 KB
/
storage.go
File metadata and controls
96 lines (87 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2025 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package secboot
import (
"context"
"sync"
)
// StorageContainerBackend is an interface used by secboot to communicate
// with a backend that has support for a specific type of encrypted storage
// container.
type StorageContainerBackend interface {
// Probe returns a StorageContainer instance for the supplied
// path to a storage container source if it can be handled by this
// backend, else it returns (nil, nil).
//
// Implementations should always return the same StorageContainer
// instance for the same container referenced by the supplied path -
// the implementation should at least handle the cases of symbolic
// links. It should also be the same instance as the one returned
// via the ProbeActivated method with a path to the corresponding
// activate storage container.
//
// Implementations of this must be safe to call from any goroutine.
//
// The supplied path may or may not be a path to a block device,
// depending on how the backend works - there may be backends in the
// future that don't use block devices for storage containers.
Probe(ctx context.Context, path string) (StorageContainer, error)
// ProbeActivated returns a StorageContainer instance for the
// supplied path to an activated storage container if it can be
// handled by this backend, else it returns (nil, nil). An activated
// storage container is one that is backed by some source that can
// be returned via the Probe method using the path to the source
// instead.
//
// Implementations should always return the same StorageContainer
// instance for the same container referenced by the supplied path -
// the implementation should at least handle the cases of symbolic
// links. It should also be the same instance as the one returned
// via the Probe method with the corresponding source path.
//
// Implementations of this must be safe to call from any goroutine.
//
// The supplied path may or may not be a path to a block device,
// depending on how the backend works - there may be backends in the
// future that don't use block devices for storage containers.
ProbeActivated(ctx context.Context, path string) (StorageContainer, error)
}
var (
storageContainerHandlersMu sync.Mutex
storageContainerHandlers = make(map[string]StorageContainerBackend)
)
// RegisterStorageContainerBackend permits a backend that manages storage containers
// with keyslots to be registered with and used by this package. Specifying a nil
// backend will delete the previously registered backend.
//
// XXX(chrisccoulson): Should we use a string to identify a backend or use any
// arbitrary comparable go type instead (in the same way that [context.Context]
// works)? I think I would prefer this (but perhaps it should be considered as
// these abstractions evolve). We can't do this for [RegisteredPlatformKeyDataHandler]
// because the platform name is serialized as a string in the keyslot metadata and has
// to be decoded later on in order to identify the platform - it's not possible to
// preserve go types in this case.
func RegisterStorageContainerBackend(name string, backend StorageContainerBackend) {
storageContainerHandlersMu.Lock()
defer storageContainerHandlersMu.Unlock()
if backend == nil {
delete(storageContainerHandlers, name)
return
}
storageContainerHandlers[name] = backend
}