fdeunlock package¶

Submodules¶

fdeunlock.checker module¶

Pre-unlock checkers

class fdeunlock.checker.LinkLayerAddressChecker(unlocker)¶

Bases: fdeunlock.checker.NetworkBasedChecker

Check network link layer address and compare it to previously observed trusted once.

check(**kwargs)¶: Check host in boot stage.

update()¶: Update check cache while host is in normal operation.

class fdeunlock.checker.UnauthenticatedLatencyChecker(unlocker)¶

Bases: fdeunlock.checker.NetworkBasedChecker

Check the unauthenticated latency previously measured by fping if it is within expected boundaries.

check(**kwargs)¶: Check host in boot stage.

update()¶: Update check cache while host is in normal operation.

class fdeunlock.checker.ChecksumChecker(unlocker)¶

Bases: fdeunlock.checker.SshBasedChecker

Compute checksums for all files in the initramfs and compare the checksums to previously measured trusted once.

check(shell=None, **kwargs)¶: Check host in boot stage.

update()¶: Update check cache while host is in normal operation.

class fdeunlock.checker.AuthenticatedLatencyChecker(unlocker)¶

Bases: fdeunlock.checker.SshBasedChecker

Measure the latency over SSH and check if it is within expected boundaries.

check(shell=None, **kwargs)¶: Check host in boot stage.

update()¶: Update check cache while host is in normal operation.

fdeunlock.cli module¶

Command line interface of fdeunlock

fdeunlock.cli.main()¶

fdeunlock.fdeunlock module¶

Core of FDEunlock

class fdeunlock.fdeunlock.FdeUnlock(vault, checkers=None)¶

Bases: object

check_and_unlock(host, unlock=True)¶

run_checkers(parent_class, shell=None)¶

unlock(init_shell)¶: Get passphrase and unlock system.

fdeunlock.helpers module¶

fdeunlock helpers

fdeunlock.helpers.ensure_permissions(path, mode)¶

fdeunlock.helpers.get_user_dir(dir_type)¶

fdeunlock.helpers.read_config()¶

fdeunlock.helpers.read_properties_config()¶

fdeunlock.helpers.read_ssh_config()¶

fdeunlock.helpers.write_properties_config(properties)¶

fdeunlock.pxssh module¶

Simplified Pxssh

class fdeunlock.pxssh.SimplifiedPxssh(timeout=30, maxread=2000, searchwindowsize=None, logfile=None, cwd=None, env=None, ignore_sighup=True, echo=True, options={}, encoding=None, codec_errors='strict', debug_command_string=False, use_poll=False)¶

Bases: pexpect.pxssh.pxssh

copy_to_remote(local_file_path, remote_file_path)¶

get_platform()¶

Return our platform name ‘linux_x86_64’

Format based on PEP 425 Compatibility Tags (wheel/pep425tags.py).

login(host, auto_prompt_reset=True)¶: Radically simplified login without the ‘New certificate – always accept it.’ stuff.

run_command(command)¶: Run command and don’t expect any additional output.

fdeunlock.vault module¶

Vault implementations

class fdeunlock.vault.FileVault¶

Bases: fdeunlock.vault.Vault

Simple, file based Vault implementation.

get_key(host, device_name)¶

class fdeunlock.vault.Vault¶

Bases: abc.ABC

Abstract Vault class.

get_key(host, device_name)¶

Module contents¶

Check and unlock full disk encrypted systems via ssh