Add support for changing read-write mode of unencrypted volume

This change adds support for changing the read-write mode of the
unencrypted volume. To do so, we introduce a new top-level command,
unencrypted, with a new subcommand, set, that accepts the new mode of
the volume.

1 files changed, 24 insertions, 0 deletions

diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index 3cad8f1..8db5cd8 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -361,6 +361,30 @@ pub fn reset(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
   })
 }
 
+/// Change the configuration of the unencrypted volume.
+pub fn unencrypted_set(
+  ctx: &mut args::ExecCtx<'_>,
+  mode: args::UnencryptedVolumeMode,
+) -> Result<()> {
+  let device = get_storage_device(ctx)?;
+  let pin_entry = pinentry::PinEntry::from(pinentry::PinType::Admin, &device)?;
+  let mode = match mode {
+    args::UnencryptedVolumeMode::ReadWrite => nitrokey::VolumeMode::ReadWrite,
+    args::UnencryptedVolumeMode::ReadOnly => nitrokey::VolumeMode::ReadOnly,
+  };
+
+  // The unencrypted volume may reconnect, so be sure to flush caches to
+  // disk.
+  unsafe { sync() };
+
+  try_with_pin(
+    ctx,
+    &pin_entry,
+    "Changing unencrypted volume mode failed",
+    |pin| device.set_unencrypted_volume_mode(&pin, mode),
+  )
+}
+
 /// Open the encrypted volume on the Nitrokey.
 pub fn encrypted_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
   let device = get_storage_device(ctx)?;