fdeunlock package

Submodules

fdeunlock.checker module

Pre-unlock checkers

class fdeunlock.checker.LinkLayerAddressChecker(unlocker)

Bases: fdeunlock.checker.NetworkBasedChecker

Check network link layer address and compare it to previously observed trusted once.

check(**kwargs)
update()

Update check cache while host is in normal operation.

class fdeunlock.checker.UnauthenticatedLatencyChecker(unlocker)

Bases: fdeunlock.checker.NetworkBasedChecker

Check the unauthenticated latency previously measured by fping if it is within expected boundaries.

check(**kwargs)
update()
class fdeunlock.checker.ChecksumChecker(unlocker)

Bases: fdeunlock.checker.SshBasedChecker

Compute checksums for all files in the initramfs and compare the checksums to previously measured trusted once.

check(shell=None, **kwargs)
update()
class fdeunlock.checker.AuthenticatedLatencyChecker(unlocker)

Bases: fdeunlock.checker.SshBasedChecker

Measure the latency over SSH and check if it is within expected boundaries.

check(shell=None, **kwargs)
update()

fdeunlock.cli module

Command line interface of fdeunlock

fdeunlock.cli.main()

fdeunlock.fdeunlock module

Core of FDEunlock

class fdeunlock.fdeunlock.FdeUnlock(vault, checkers=None)

Bases: object

check_and_unlock(host, unlock=True)
run_checkers(parent_class, shell=None)
unlock(init_shell)

Get passphrase and unlock system.

fdeunlock.helpers module

fdeunlock helpers

fdeunlock.helpers.ensure_permissions(path, mode)
fdeunlock.helpers.get_user_dir(dir_type)
fdeunlock.helpers.read_config()
fdeunlock.helpers.read_properties_config()
fdeunlock.helpers.read_ssh_config()
fdeunlock.helpers.write_properties_config(properties)

fdeunlock.pxssh module

Simplified Pxssh

class fdeunlock.pxssh.SimplifiedPxssh(timeout=30, maxread=2000, searchwindowsize=None, logfile=None, cwd=None, env=None, ignore_sighup=True, echo=True, options={}, encoding=None, codec_errors='strict')

Bases: pexpect.pxssh.pxssh

copy_to_remote(local_file_path, remote_file_path)
get_platform()

Return our platform name ‘linux_x86_64’

Format based on PEP 425 Compatibility Tags (wheel/pep425tags.py).

login(host, auto_prompt_reset=True)

Radically simplified login without the ‘New certificate – always accept it.’ stuff.

run_command(command)

Run command and don’t expect any additional output.

fdeunlock.vault module

Vault implementations

class fdeunlock.vault.FileVault

Bases: fdeunlock.vault.Vault

Simple, file based Vault implementation.

get_key(host, device_name)
class fdeunlock.vault.Vault

Bases: abc.ABC

Abstract Vault class.

get_key(host, device_name)

Module contents

Check and unlock full disk encrypted systems via ssh