diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-03-17 21:10:58 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-03-23 13:20:27 -0700 |
| commit | ec85cc8f987647c2b264c1f95dadda0f71c3d991 (patch) | |
| tree | 5695c9a84004ec40a9cb3d774c6bb2aa9503e605 /actions/config.go | |
| parent | ae886a89f541a74255c9a41f7fa504a82ee6413e (diff) | |
Create /etc/fscrypt.conf with policy_version 2 on kernel v5.4+
v2 encryption policies are now recommended, due to various security and
usability advantages over v1 policies. Many people have been running
into the usability problems with v1, so it's desirable to get people
onto v2 without having to manually opt-in.
Therefore, when 'fscrypt setup' creates /etc/fscrypt.conf, enable
policy_version 2 automatically if the kernel supports it.
I decided to go with this solution over the policy_version "auto" I
suggested originally because this way is simpler, it can still be
changed to "auto" later if desired, and "auto" might require changing
how we parse the config file (since currently the config file is mapped
directly to a protobuf where policy_version is an 'int' and is shared
with EncryptionOptions).
Resolves https://github.com/google/fscrypt/issues/182
Diffstat (limited to 'actions/config.go')
| -rw-r--r-- | actions/config.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/actions/config.go b/actions/config.go index 3433438..2463b95 100644 --- a/actions/config.go +++ b/actions/config.go @@ -58,8 +58,9 @@ var ( // CreateConfigFile creates a new config file at the appropriate location with // the appropriate hashing costs and encryption parameters. The hashing will be -// configured to take as long as the specified time target. -func CreateConfigFile(target time.Duration) error { +// configured to take as long as the specified time target. In addition, the +// version of encryption policy to use may be overridden from the default of v1. +func CreateConfigFile(target time.Duration, policyVersion int64) error { // Create the config file before computing the hashing costs, so we fail // immediately if the program has insufficient permissions. configFile, err := filesystem.OpenFileOverridingUmask(ConfigFileLocation, @@ -77,6 +78,10 @@ func CreateConfigFile(target time.Duration) error { Options: metadata.DefaultOptions, } + if policyVersion != 0 { + config.Options.PolicyVersion = policyVersion + } + if config.HashCosts, err = getHashingCosts(target); err != nil { return err } |