diff options
author | Ondrej Kozina <okozina@redhat.com> | 2023-11-01 12:53:16 +0100 |
---|---|---|
committer | Ondrej Kozina <okozina@redhat.com> | 2023-11-02 17:15:14 +0100 |
commit | af8c53a8233fcf2f5e8dcbd02287c3b62b866445 (patch) | |
tree | 68bbd419ce14ba804598011d7777a487b1c0101d | |
parent | 45ddc623bc45c2f5b3d21cadcbaec2397f0abf5a (diff) | |
download | cryptsetup-af8c53a8233fcf2f5e8dcbd02287c3b62b866445.tar.gz |
Move LUKS2 legacy reencryption flag check.
There's already routine meant for verification if LUKS2
can be reencrypted. So move the appropriate code there instead.
-rw-r--r-- | src/utils_reencrypt.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c index b283402d..9b044118 100644 --- a/src/utils_reencrypt.c +++ b/src/utils_reencrypt.c @@ -349,11 +349,6 @@ static int luks2_reencrypt_in_progress(struct crypt_device *cd) if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)) return -EINVAL; - if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) { - log_err(_("Legacy LUKS2 reencryption is no longer supported.")); - return -EINVAL; - } - return flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT; } @@ -411,8 +406,17 @@ static enum device_status_info load_luks(struct crypt_device **r_cd, static bool luks2_reencrypt_eligible(struct crypt_device *cd) { + uint32_t flags; struct crypt_params_integrity ip = { 0 }; + if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)) + return false; + + if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) { + log_err(_("Legacy LUKS2 reencryption is no longer supported.")); + return false; + } + /* raw integrity info is available since 2.0 */ if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) { log_err(_("Reencryption of device with integrity profile is not supported.")); |