Got below query while analyzing UC20 boot flow with FDE feature enabled.
If fde-reveal-key unable to unseal the key used for disk encryption, UC20 prompts user to enter the recovery key manually. But Recovery key is also a random key - generated by snapd snap. From anywhere user can get plain recovery key - which user can input to proceed the boot?
To get better understanding of boot flow, I tried to modify snapd disk unlock flow (fde-reveal-key flow) - Updated secboot_sb.go and secboot_hooks.go for this purpose. But changes are not reflecting. Whether UC20 image/base snap includes default snapd which runs before re-mounting of snapd snap in Run mode?