[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 4/4] osdep: detect LUKS2-encrypted devices
|
From: |
Patrick Steinhardt |
|
Subject: |
[PATCH 4/4] osdep: detect LUKS2-encrypted devices |
|
Date: |
Sat, 30 May 2020 14:25:22 +0200 |
While support for LUKS2 has landed already, grub-install(1) doesn't yet
detect it as an installation target. Users of grub-install(1) may thus
end up with a bootloader that cannot read the encrypted disk, rendering
it unusable.
As a first step towards auto-detection, this patch implements detection
for device-mappers LUKS2 signature. As it's mostly similar to LUKS'
original signature except for the incremented version number, detection
mostly echoes what we have for LUKS already.
Note that this doesn't yet implement auto-detection of required
cryptographic modules. This is due to some limitations in the current
implementation, where the assumption is that there's exactly one
encrypted segment and KDF for a given crypto disk. Existing
implementations for LUKS and Geli thus set up ciphers, hashes and KDFs
during the scanning phase, which isn't possible for LUKS2 as there may
be multiple ones. As a result, auto-detecting required modules will
require additional refactoring and is thus postponed to a later point.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
grub-core/osdep/devmapper/getroot.c | 23 +++++++++++++++++++++--
include/grub/emu/getroot.h | 1 +
util/getroot.c | 1 +
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/grub-core/osdep/devmapper/getroot.c
b/grub-core/osdep/devmapper/getroot.c
index a13a39c96..74401fd5a 100644
--- a/grub-core/osdep/devmapper/getroot.c
+++ b/grub-core/osdep/devmapper/getroot.c
@@ -148,6 +148,11 @@ grub_util_get_dm_abstraction (const char *os_dev)
grub_free (uuid);
return GRUB_DEV_ABSTRACTION_LUKS;
}
+ if (strncmp (uuid, "CRYPT-LUKS2-", 12) == 0)
+ {
+ grub_free (uuid);
+ return GRUB_DEV_ABSTRACTION_LUKS2;
+ }
grub_free (uuid);
return GRUB_DEV_ABSTRACTION_NONE;
@@ -184,8 +189,9 @@ grub_util_pull_devmapper (const char *os_dev)
grub_util_pull_device (subdev);
}
}
- if (uuid && strncmp (uuid, "CRYPT-LUKS1-", sizeof ("CRYPT-LUKS1-") - 1) == 0
- && lastsubdev)
+ if (uuid && lastsubdev
+ && (strncmp (uuid, "CRYPT-LUKS1-", sizeof ("CRYPT-LUKS1-") - 1) == 0
+ || strncmp (uuid, "CRYPT-LUKS2-", sizeof ("CRYPT-LUKS2-") - 1) == 0))
{
char *grdev = grub_util_get_grub_dev (lastsubdev);
dm_tree_free (tree);
@@ -267,6 +273,19 @@ grub_util_get_devmapper_grub_dev (const char *os_dev)
return grub_dev;
}
+ case GRUB_DEV_ABSTRACTION_LUKS2:
+ {
+ char *dash;
+
+ dash = grub_strchr (uuid + sizeof ("CRYPT-LUKS2-") - 1, '-');
+ if (dash)
+ *dash = 0;
+ grub_dev = grub_xasprintf ("cryptouuid/%s",
+ uuid + sizeof ("CRYPT-LUKS2-") - 1);
+ grub_free (uuid);
+ return grub_dev;
+ }
+
default:
grub_free (uuid);
return NULL;
diff --git a/include/grub/emu/getroot.h b/include/grub/emu/getroot.h
index 73fa2d34a..be3faf500 100644
--- a/include/grub/emu/getroot.h
+++ b/include/grub/emu/getroot.h
@@ -30,6 +30,7 @@ enum grub_dev_abstraction_types {
GRUB_DEV_ABSTRACTION_LVM,
GRUB_DEV_ABSTRACTION_RAID,
GRUB_DEV_ABSTRACTION_LUKS,
+ GRUB_DEV_ABSTRACTION_LUKS2,
GRUB_DEV_ABSTRACTION_GELI,
};
diff --git a/util/getroot.c b/util/getroot.c
index 847406fba..07ad92317 100644
--- a/util/getroot.c
+++ b/util/getroot.c
@@ -101,6 +101,7 @@ grub_util_pull_device (const char *os_dev)
grub_util_pull_lvm_by_command (os_dev);
/* Fallthrough - in case that lvm-tools are unavailable. */
case GRUB_DEV_ABSTRACTION_LUKS:
+ case GRUB_DEV_ABSTRACTION_LUKS2:
grub_util_pull_devmapper (os_dev);
return;
--
2.26.2
signature.asc
Description: PGP signature