[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/6] Support for LUKS2 disc encryption
From: |
Patrick Steinhardt |
Subject: |
[PATCH 0/6] Support for LUKS2 disc encryption |
Date: |
Sat, 2 Nov 2019 19:06:49 +0100 |
Hi,
as you probably know, the cryptsetup project has introduced a new
format LUKS2 in 2017 which is incompatible with the previous
format. GRUB is thus currently not able to boot from disks
encrypted with the newer format.
Both formats do in fact differ quite a lot. While the old one
used a single binary header, LUKS2 one uses a binary header to
identify a JSON header that contains all encryption parameters.
The intent of the cryptsetup project is to be more flexible than
they have previously been with the binary header, but that also
required me to pull in a JSON parser. I hope to have found one
that doesn't generate too much controversy, but let's see.
Anyway. This patch set implements support for key derival via
PBKDF2, only. LUKS2 has also introduced the Argon2i/Argon2id
KDFs, but as libgcrypt does not currently support these I've
decided to first go the simple route of adding PBKDF2, only. GRUB
could probably pull in Argon2i as another dependency, but I
focussed on getting basic support for LUKS2 ready first.
So the result is a new module "luks2" that is able to decrypt and
read LUKS2-encrypted partitions that use PBKDF2 as KDF.
Regards
Patrick
Patrick Steinhardt (6):
jsmn: Add JSON parser
jsmn: Add convenience functions
bootstrap: Add gnulib's base64 module
afsplitter: Move into its own module
luks: Move configuration of ciphers into cryptodisk
disk: Implement support for LUKS2
Makefile.util.def | 1 +
bootstrap.conf | 3 +-
conf/Makefile.extra-dist | 1 +
docs/grub.texi | 2 +-
grub-core/Makefile.core.def | 14 +-
grub-core/disk/AFSplitter.c | 3 +
grub-core/disk/cryptodisk.c | 163 ++++-
grub-core/disk/luks.c | 188 +----
grub-core/disk/luks2.c | 685 ++++++++++++++++++
grub-core/lib/gnulib-patches/fix-base64.patch | 26 +
include/grub/cryptodisk.h | 3 +
include/grub/jsmn.h | 579 +++++++++++++++
12 files changed, 1491 insertions(+), 177 deletions(-)
create mode 100644 grub-core/disk/luks2.c
create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch
create mode 100644 include/grub/jsmn.h
--
2.23.0
- [PATCH 0/6] Support for LUKS2 disc encryption,
Patrick Steinhardt <=
- [PATCH 3/6] bootstrap: Add gnulib's base64 module, Patrick Steinhardt, 2019/11/02
- [PATCH 2/6] jsmn: Add convenience functions, Patrick Steinhardt, 2019/11/02
- Re: [PATCH 2/6] jsmn: Add convenience functions, Max Tottenham, 2019/11/04
- Re: [PATCH 2/6] jsmn: Add convenience functions, Patrick Steinhardt, 2019/11/04
- Re: [PATCH 2/6] jsmn: Add convenience functions, Daniel Kiper, 2019/11/04
- Re: [PATCH 2/6] jsmn: Add convenience functions, Patrick Steinhardt, 2019/11/04
- Re: [PATCH 2/6] jsmn: Add convenience functions, Daniel Kiper, 2019/11/06
- Re: [PATCH 2/6] jsmn: Add convenience functions, Patrick Steinhardt, 2019/11/06