Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/**
* Callback function for destroying the data on an encrypted device.
* It does so by overwriting the luks header and keyslots with zeroes.
* See https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions:
* 5.4 How do I securely erase a LUKS (or other) partition?
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between handler and main thread
* @return internal status code
*/
int callback_encryption_selfdestruct_post(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
bool * reboot = (bool *)user_data;
int r;
// Overwrite start of data partition with zeroes.
y_log_message(Y_LOG_LEVEL_DEBUG,
"Overwriting start of data partition with zeroes");
char * command = NULL;
asprintf(&command, "head -c %d /dev/zero > %s; sync",
LUKS_HEADER_SIZE, DATA_PARTITION_DEVICE);
r = system(command);
if (r != 0)
{
y_log_message(Y_LOG_LEVEL_ERROR,
"overwriting data device failed: return code %d",
r);
return send_simple_response(response, 500, "error",
"overwriting data device failed");
}
y_log_message(Y_LOG_LEVEL_DEBUG,
"Overwriting finished succesfully");
// Record that we want to reboot the machine.
*reboot = true;
y_log_message(Y_LOG_LEVEL_DEBUG,
"Will reboot");
r = send_simple_response(response, 200, "status", "ok");
y_log_message(Y_LOG_LEVEL_DEBUG,
"Response sent");
stop_server();
return r;
}