Fix: check for cipher_null before attaching LUKS container

Author: grydz

pkg/mount_luks.sh

@@ -15,6 +15,13 @@ case $? in
     ;;
 # failure; the directory is not a mountpoint, or device is not a block device on --devno
 32)
+    NULL_CIPHERS=$(cryptsetup luksDump --dump-json-metadata /home/cosmian/header | jq '[.keyslots.[].area.encryption] | select(any(contains("null")))')
+
+    if [ -n "$NULL_CIPHERS" ]; then
+        echo "cipher_null is not allowed in LUKS header"
+        exit 2
+    fi 
+
     # unlock the partition
     /lib/systemd/systemd-cryptsetup attach cosmian_vm_container /var/lib/cosmian_vm/container - tpm2-device=auto,headless=true,header=/var/lib/cosmian_vm/header || exit 1
     # mount the partition