[cryptohome] allow recovering encrypted stateful
This CL adds a mechanism for copying the contents of /mnt/stateful/encrypted out
into /mnt/stateful/decrypted at startup time, to be used by QA to recover system
logs. Authentication is provided by storage of the owning user's passkey (_NOT_
passphrase) in the request file. The passkey is computed as:
sha256(system-salt-as-hex || passphrase). The following shell script (which
nedes to be run on the device!) produces a passkey from a passphrase:
salt=$(od -A n -t x1 /home/.shadow/salt | tr -d ' ')
stty -echo
read -p "passphrase: " passphrase
stty echo
echo ""
echo $(echo -n "$salt$passphrase" | sha256sum | cut -c -32)
TEST=none yet
BUG=chromium-os:23075
Change-Id: I56a46b8c266da36973fc75da7e81b73b3cdc9b69
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31723
Reviewed-by: Kees Cook <keescook@chromium.org>
7 files changed