[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/4] Probing support for LUKS2

From: Patrick Steinhardt
Subject: [PATCH 0/4] Probing support for LUKS2
Date: Sat, 30 May 2020 14:25:00 +0200


while basic LUKS2 support is there already, there is currently no
support yet for auto-detection of LUKS2 for of grub-probe, grub-install
and companions. As a result, users have to manually configure GRUB to
include required modules. This series is a first step towards
auto-detection and implements probing support for LUKS2:

    $ grub-probe -d /dev/mapper/luks2 -t cryptodisk_uuid

Noticably missing is auto-detection of required cryptographic modules,
but this will require some refactoring of the cryptodisk code as the
current assumption is that there will be always exactly one cipher, KDF
and hash, which doesn't hold true for LUKS2. I'll thus do this as a
follow up at a later point.

The first two patches make sense on their own and are worthwhile to be
included in GRUB 2.06. The first one is an out-of-bounds read in LUKS
code, while the second one adjusts the internal UUID format of the
cryptodisk to match the dash-less format that we currently use for LUKS1
disks. As such, it breaks current configs using the dashed format, so
including it pre-2.06 would make sense from my point of view.

The latter two patches are required to implement probing. I'm fine with
deferring them until after 2.06.

@Daniel: please let me know if you want me to split up this series into
two. I didn't think it necessary as you can just apply the first two
patches separately.


Patrick Steinhardt (4):
  luks: fix out-of-bounds copy of UUID
  luks2: strip dashes off of the UUID
  luks2: set up dummy sector size during scan
  osdep: detect LUKS2-encrypted devices

 grub-core/disk/luks.c               |  2 +-
 grub-core/disk/luks2.c              | 21 ++++++++++++++++++---
 grub-core/osdep/devmapper/getroot.c | 23 +++++++++++++++++++++--
 include/grub/emu/getroot.h          |  1 +
 util/getroot.c                      |  1 +
 5 files changed, 42 insertions(+), 6 deletions(-)


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]