diff --git a/pyanaconda/core/kickstart/commands.py b/pyanaconda/core/kickstart/commands.py index da96f35c45b..029ece1094f 100644 --- a/pyanaconda/core/kickstart/commands.py +++ b/pyanaconda/core/kickstart/commands.py @@ -24,7 +24,7 @@ # Supported kickstart commands. from pykickstart.commands.authselect import F28_Authselect as Authselect -from pykickstart.commands.autopart import F38_AutoPart as AutoPart +from pykickstart.commands.autopart import F41_AutoPart as AutoPart from pykickstart.commands.bootloader import F39_Bootloader as Bootloader from pykickstart.commands.btrfs import F23_BTRFS as BTRFS from pykickstart.commands.cdrom import FC3_Cdrom as Cdrom @@ -54,7 +54,7 @@ from pykickstart.commands.nvdimm import F40_Nvdimm as Nvdimm from pykickstart.commands.ostreecontainer import F38_OSTreeContainer as OSTreeContainer from pykickstart.commands.ostreesetup import F38_OSTreeSetup as OSTreeSetup -from pykickstart.commands.partition import F34_Partition as Partition +from pykickstart.commands.partition import F41_Partition as Partition from pykickstart.commands.raid import F29_Raid as Raid from pykickstart.commands.realm import F19_Realm as Realm from pykickstart.commands.reboot import F23_Reboot as Reboot @@ -93,7 +93,7 @@ from pykickstart.commands.mount import F27_MountData as MountData from pykickstart.commands.network import F39_NetworkData as NetworkData from pykickstart.commands.nvdimm import F28_NvdimmData as NvdimmData -from pykickstart.commands.partition import F29_PartData as PartData +from pykickstart.commands.partition import F41_PartData as PartData from pykickstart.commands.raid import F29_RaidData as RaidData from pykickstart.commands.repo import F30_RepoData as RepoData from pykickstart.commands.snapshot import F26_SnapshotData as SnapshotData diff --git a/pyanaconda/modules/common/structures/partitioning.py b/pyanaconda/modules/common/structures/partitioning.py index ddcb290b151..0ffef6bce41 100644 --- a/pyanaconda/modules/common/structures/partitioning.py +++ b/pyanaconda/modules/common/structures/partitioning.py @@ -47,6 +47,8 @@ def __init__(self): self._escrow_certificate = "" self._backup_passphrase_enabled = False + self._opal_admin_passphrase = "" + @property def partitioning_scheme(self) -> Int: """The partitioning scheme. @@ -255,12 +257,25 @@ def backup_passphrase_enabled(self) -> Bool: def backup_passphrase_enabled(self, enabled: Bool): self._backup_passphrase_enabled = enabled + @property + def opal_admin_passphrase(self) -> Str: + """OPAL admin passphrase to be used when configuring hardware encryption + + :return: a string with the OPAL admin passphrase + """ + return self._opal_admin_passphrase + + @opal_admin_passphrase.setter + def opal_admin_passphrase(self, value: Str): + self._opal_admin_passphrase = value + def __repr__(self): """Generate a string representation.""" return generate_string_from_data( self, - skip=["passphrase"], - add={"passphrase_set": bool(self.passphrase)} + skip=["passphrase", "opal_admin_passphrase"], + add={"passphrase_set": bool(self.passphrase), + "opal_admin_passphrase_set": bool(self.opal_admin_passphrase)} ) diff --git a/pyanaconda/modules/storage/partitioning/automatic/automatic_module.py b/pyanaconda/modules/storage/partitioning/automatic/automatic_module.py index e7ac5bff47a..4e3c7363851 100644 --- a/pyanaconda/modules/storage/partitioning/automatic/automatic_module.py +++ b/pyanaconda/modules/storage/partitioning/automatic/automatic_module.py @@ -92,6 +92,8 @@ def process_kickstart(self, data): request.escrow_certificate = data.autopart.escrowcert request.backup_passphrase_enabled = data.autopart.backuppassphrase + request.opal_admin_passphrase = data.autopart.hw_passphrase + self.set_request(request) def setup_kickstart(self, data): @@ -123,6 +125,9 @@ def setup_kickstart(self, data): data.autopart.escrowcert = self.request.escrow_certificate data.autopart.backuppassphrase = self.request.backup_passphrase_enabled + # Don't generate sensitive information. + data.autopart.hw_passphrase = "" + @property def request(self): """The partitioning request.""" diff --git a/pyanaconda/modules/storage/partitioning/automatic/automatic_partitioning.py b/pyanaconda/modules/storage/partitioning/automatic/automatic_partitioning.py index 5d8c4da3896..507e96c96bc 100644 --- a/pyanaconda/modules/storage/partitioning/automatic/automatic_partitioning.py +++ b/pyanaconda/modules/storage/partitioning/automatic/automatic_partitioning.py @@ -119,6 +119,7 @@ def _get_luks_format_args(storage, request): "pbkdf_args": pbkdf_args, "escrow_cert": escrow_cert, "add_backup_passphrase": request.backup_passphrase_enabled, + "opal_admin_passphrase": request.opal_admin_passphrase, } @staticmethod diff --git a/pyanaconda/modules/storage/partitioning/custom/custom_partitioning.py b/pyanaconda/modules/storage/partitioning/custom/custom_partitioning.py index e59509975f1..4cf899c8ca9 100644 --- a/pyanaconda/modules/storage/partitioning/custom/custom_partitioning.py +++ b/pyanaconda/modules/storage/partitioning/custom/custom_partitioning.py @@ -410,7 +410,8 @@ def _execute_partition_data(self, storage, data, partition_data): escrow_cert=cert, add_backup_passphrase=partition_data.backuppassphrase, luks_version=partition_data.luks_version, - pbkdf_args=pbkdf_args + pbkdf_args=pbkdf_args, + opal_admin_passphrase=partition_data.hw_passphrase, ) luksdev = LUKSDevice( "luks%d" % storage.next_id, @@ -426,7 +427,8 @@ def _execute_partition_data(self, storage, data, partition_data): escrow_cert=cert, add_backup_passphrase=partition_data.backuppassphrase, luks_version=partition_data.luks_version, - pbkdf_args=pbkdf_args + pbkdf_args=pbkdf_args, + opal_admin_passphrase=partition_data.hw_passphrase, ) luksdev = LUKSDevice("luks%d" % storage.next_id, fmt=luksformat, diff --git a/tests/unit_tests/pyanaconda_tests/modules/storage/partitioning/test_module_part_automatic.py b/tests/unit_tests/pyanaconda_tests/modules/storage/partitioning/test_module_part_automatic.py index 384dd8e39ce..79aa2b16bc3 100644 --- a/tests/unit_tests/pyanaconda_tests/modules/storage/partitioning/test_module_part_automatic.py +++ b/tests/unit_tests/pyanaconda_tests/modules/storage/partitioning/test_module_part_automatic.py @@ -102,6 +102,7 @@ def test_request_property(self): 'pbkdf-iterations': get_variant(Int, 1000), 'escrow-certificate': get_variant(Str, 'file:///tmp/escrow.crt'), 'backup-passphrase-enabled': get_variant(Bool, True), + 'opal-admin-passphrase': get_variant(Str, '123456'), } self._check_dbus_property( "Request", @@ -200,6 +201,7 @@ def test_luks1_format_args(self): request.cipher = "aes-xts-plain64" request.escrow_certificate = "file:///tmp/escrow.crt" request.backup_passphrase_enabled = True + request.opal_admin_passphrase = "passphrase" args = AutomaticPartitioningTask._get_luks_format_args(storage, request) assert args == { @@ -209,6 +211,7 @@ def test_luks1_format_args(self): "pbkdf_args": None, "escrow_cert": "CERTIFICATE", "add_backup_passphrase": True, + "opal_admin_passphrase": "passphrase", } def test_luks2_format_args(self): @@ -231,6 +234,7 @@ def test_luks2_format_args(self): "luks_version": "luks2", "escrow_cert": None, "add_backup_passphrase": False, + "opal_admin_passphrase": "", } assert isinstance(pbkdf_args, LUKS2PBKDFArgs)