[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] luks2: Continue trying all keyslots even if there are some f
|
From: |
Patrick Steinhardt |
|
Subject: |
Re: [PATCH] luks2: Continue trying all keyslots even if there are some failures |
|
Date: |
Mon, 15 Aug 2022 17:23:15 +0200 |
On Fri, Jul 22, 2022 at 03:04:50AM -0500, Glenn Washburn wrote:
> luks2_get_keyslot can fail for a variety of reasons that do not neccesarily
> mean the next keyslot should not be tried (eg. a new kdf type). So always
> try the next slot. This will make GRUB more resilient to non-spec json data
> that 3rd party systems may add. We do not care if some of the keyslots are
> unusable, only if there is at least one that is.
>
> Signed-off-by: Glenn Washburn <development@efficientek.com>
> ---
> grub-core/disk/luks2.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index bf741d70f..d8d3180ed 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -610,7 +610,15 @@ luks2_recover_key (grub_disk_t source,
> grub_errno = GRUB_ERR_NONE;
> ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, json_idx);
> if (ret)
> - goto err;
> + {
> + /*
> + * luks2_get_keyslot can fail for a variety of reasons that do not
> + * neccesarily mean the next keyslot should not be tried (eg. a new
> + * kdf type). So always try the next slot.
> + */
> + grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_T
> "\n", keyslot.idx);
> + continue;
> + }
> if (grub_errno != GRUB_ERR_NONE)
> grub_dprintf ("luks2", "Ignoring unhandled error %d from
> luks2_get_keyslot\n", grub_errno);
>
> --
> 2.34.1
>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
signature.asc
Description: PGP signature