fdeunlock package

Submodules

fdeunlock.checker module

Pre-unlock checkers

class fdeunlock.checker.LinkLayerAddressChecker(unlocker)

Bases: fdeunlock.checker.NetworkBasedChecker

Check network link layer address and compare it to previously observed trusted once.

check(**kwargs)

Check host in boot stage.

update()

Update check cache while host is in normal operation.

class fdeunlock.checker.UnauthenticatedLatencyChecker(unlocker)

Bases: fdeunlock.checker.NetworkBasedChecker

Check the unauthenticated latency previously measured by fping if it is within expected boundaries.

check(**kwargs)

Check host in boot stage.

update()

Update check cache while host is in normal operation.

class fdeunlock.checker.ChecksumChecker(unlocker)

Bases: fdeunlock.checker.SshBasedChecker

Compute checksums for all files in the initramfs and compare the checksums to previously measured trusted once.

check(shell=None, **kwargs)

Check host in boot stage.

update()

Update check cache while host is in normal operation.

class fdeunlock.checker.AuthenticatedLatencyChecker(unlocker)

Bases: fdeunlock.checker.SshBasedChecker

Measure the latency over SSH and check if it is within expected boundaries.

check(shell=None, **kwargs)

Check host in boot stage.

update()

Update check cache while host is in normal operation.

fdeunlock.cli module

Command line interface of fdeunlock

fdeunlock.cli.main()

fdeunlock.fdeunlock module

Core of FDEunlock

class fdeunlock.fdeunlock.FdeUnlock(vault, checkers=None)

Bases: object

check_and_unlock(host, unlock=True)
run_checkers(parent_class, shell=None)
unlock(init_shell)

Get passphrase and unlock system.

fdeunlock.helpers module

fdeunlock helpers

fdeunlock.helpers.ensure_permissions(path, mode)
fdeunlock.helpers.get_user_dir(dir_type)
fdeunlock.helpers.read_config()
fdeunlock.helpers.read_properties_config()
fdeunlock.helpers.read_ssh_config()
fdeunlock.helpers.write_properties_config(properties)

fdeunlock.pxssh module

Simplified Pxssh

class fdeunlock.pxssh.SimplifiedPxssh(timeout=30, maxread=2000, searchwindowsize=None, logfile=None, cwd=None, env=None, ignore_sighup=True, echo=True, options={}, encoding=None, codec_errors='strict', debug_command_string=False, use_poll=False)

Bases: pexpect.pxssh.pxssh

copy_to_remote(local_file_path, remote_file_path)
get_platform()

Return our platform name ‘linux_x86_64’

Format based on PEP 425 Compatibility Tags (wheel/pep425tags.py).

login(host, auto_prompt_reset=True)

Radically simplified login without the ‘New certificate – always accept it.’ stuff.

run_command(command)

Run command and don’t expect any additional output.

fdeunlock.vault module

Vault implementations

class fdeunlock.vault.FileVault

Bases: fdeunlock.vault.Vault

Simple, file based Vault implementation.

get_key(host, device_name)
class fdeunlock.vault.Vault

Bases: abc.ABC

Abstract Vault class.

get_key(host, device_name)

Module contents

Check and unlock full disk encrypted systems via ssh