LUKS Management

LUKS management functions.

lmi.scripts.storage.luks.add_luks_passphrase(ns, fmt, passphrase, new_passphrase)

Adds new password to LUKS format. Each format can have up to 8 separate passwords and any of them can be used to open(decrypt) the format.

Any existing passphrase must be provided to add a new one. This proves the caller is authorized to add new passphrase (because it already knows one) and also this ‘old’ passphrase is used to retrieve encryption keys. This ‘old’ passphrase is not removed nor replaced when adding new passphrase!

Parameters:
  • fmt (LMIInstance/LMI_EncryptionFormat or string) – The LUKS format to modify.
  • passphrase (string) – Existing LUKS passphrase.
  • new_passphrase (string) – New passphrase to add to the format.
lmi.scripts.storage.luks.close_luks(ns, fmt)

Closes clear-text block device previously opened by open_luks().

Parameters:fmt (LMIInstance/LMI_EncryptionFormat or string) – The LUKS format to close.
lmi.scripts.storage.luks.create_luks(ns, device, passphrase)

Format given device with LUKS encryption format. All data on the device will be deleted! Encryption key and algorithm will be chosen automatically.

Parameters:
  • device (LMIInstance/CIM_StorageExtent or string) – Device to format with LUKS data
  • passphrase (string) – Password to open the encrypted data. This is not the encryption key.
Return type:

LMIInstance/LMI_EncryptionFormat

lmi.scripts.storage.luks.delete_luks_passphrase(ns, fmt, passphrase)

Delete passphrase from LUKS format.

Parameters:
  • fmt (LMIInstance/LMI_EncryptionFormat or string) – The LUKS format to modify.
  • passphrase (string) – The passphrase to remove
lmi.scripts.storage.luks.get_luks_device(ns, fmt)

Return clear-text device for given LUKS format. The format must be already opened by open_luks().

Parameters:fmt (LMIInstance/LMI_EncryptionFormat or string) – The LUKS format to inspect.
Return type:LMIInstance/LMI_LUKSStorageExtent
Returns:Block device with clear-text data or None, if the LUKS format is not open.
lmi.scripts.storage.luks.get_luks_list(ns)

Retrieve list of all encrypted devices.

Return type:list of LMIInstance/LMI_EncryptionFormat.
lmi.scripts.storage.luks.get_passphrase_count(ns, fmt)

Each LUKS format can have up to 8 passphrases. Any of these passphrases can be used to decrypt the format and create clear-text device.

This function returns number of passphrases in given LUKS format.

Parameters:fmt (LMIInstance/LMI_EncryptionFormat or string) – The LUKS format to inspect.
Return type:int
Returns:Number of used passphrases.
lmi.scripts.storage.luks.open_luks(ns, fmt, name, passphrase)

Open encrypted LUKS format and expose it as a clear-text block device.

Parameters:
  • fmt (LMIInstance/LMI_EncryptionFormat or string) – The LUKS format to open.
  • name (string) – Requested name of the clear-text block device. It will be available as /dev/mapper/<name>.
  • passphrase (string) – Password to open the encrypted data.
Return type:

LMIInstance/LMI_LUKSStorageExtent

Returns:

The block device with clear-text data.