From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1o1PYk-0006MM-GI for mharc-grub-devel@gnu.org; Wed, 15 Jun 2022 05:43:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37736) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1PYi-0006Lb-0y for grub-devel@gnu.org; Wed, 15 Jun 2022 05:43:32 -0400 Received: from smtp-out2.suse.de ([195.135.220.29]:38528) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o1PYf-00042c-Hw for grub-devel@gnu.org; Wed, 15 Jun 2022 05:43:31 -0400 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 834951F9DE; Wed, 15 Jun 2022 09:43:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1655286206; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6CysSrgOdV9uzfLT8rlMx/Q0xVxv2Pw63J+v1sdl4vc=; b=0I6qVxZC5x4Y0T44C/GYHlOczgG9sI1Z6KqrV2xkH4dHbDfuSDtL21DUG0Ou5cc46ukS0U qoSeAIw3i4OU/g/+BalW1Ex6HLy6I32rhOlH67rDz37QxKiGyjEyZaw77qGAOpE1MEQbx+ 9EqCojYj73gQjjkO1KRKbj0E0MpKUuA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1655286206; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6CysSrgOdV9uzfLT8rlMx/Q0xVxv2Pw63J+v1sdl4vc=; b=oE/3svecNvmkEPHnEd1SJeQ2IphS4jeD7lvjWgzUBlLs5E9pomYl2OVkxDnCYqnZ2uFhZt MjxONEwczqGT2CDA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 4B76B139F3; Wed, 15 Jun 2022 09:43:26 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id t9OWEL6pqWLHRQAAMHmgww (envelope-from ); Wed, 15 Jun 2022 09:43:26 +0000 From: Fabian Vogt To: grub-devel@gnu.org, Daniel Kiper , Glenn Washburn Cc: Pierre-Louis Bonicoli Subject: Re: [PATCH v3] grub-fs-tester: Add luks1 and luks2 support Date: Wed, 15 Jun 2022 11:43:25 +0200 Message-ID: <11998985.O9o76ZdvQC@linux-e202.suse.de> In-Reply-To: <20220615024303.59354-1-development@efficientek.com> References: <20220615024303.59354-1-development@efficientek.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=195.135.220.29; envelope-from=fvogt@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2022 09:43:33 -0000 Hi, Am Mittwoch, 15. Juni 2022, 04:43:03 CEST schrieb Glenn Washburn: > From: Pierre-Louis Bonicoli >=20 > The logical sector size used by LUKS1 is 512 bytes and LUKS2 uses 512 to > 4069 bytes. The deafualt password used is "pass", but can be overridden > by setting the PASS environment variable. The device mapper name is set > to the name of the temp directory so that its easy to corrolate device > mapper name with a particular test run. Also since this name is unique > per test run, multiple simultaneous test runs are allowed. >=20 > Note that cryptsetup is passing the --disable-locks parameter to allow > cryptsetup run successfully when /run/lock/cryptsetup is not accessible. > Since the device mapper name is unique per test run, there is no need to > worry about locking the device to serialize access. >=20 > Signed-off-by: Pierre-Louis Bonicoli > Signed-off-by: Glenn Washburn > --- > This is a heavily modified version of Pierre-Louis's v2 patch. It has been > tested with Fabian's v3 and Josselin's v4 series. Some notable differences > from the previous version: > * Rebase on to master accounting for cleanup() changes > * Allow multple tests runs to run simultaneously > * Allow specifying alternate password with environment variable > * Fixed bug in previous version where LC_ALL=3DC was being set for echo = and > not run_it > * Make output on UUID fail consistent with other filesystems > * Allow tests to work with older cryptsetups > * Fixed bug where luks1 tests were actually testing luks2 > * Address my review comments >=20 > Note: The luks2 test will fail without some form of working grub-probe > support for luks2. This patch is independent of the above mentioned > patch series, will apply without them just fine, and can be reviewed > independently. >=20 > Glenn > --- > .gitignore | 2 ++ > Makefile.util.def | 12 ++++++++ > tests/luks1_test.in | 23 +++++++++++++++ > tests/luks2_test.in | 23 +++++++++++++++ > tests/util/grub-fs-tester.in | 57 ++++++++++++++++++++++++++++++++++-- > 5 files changed, 115 insertions(+), 2 deletions(-) > create mode 100644 tests/luks1_test.in > create mode 100644 tests/luks2_test.in >=20 > diff --git a/.gitignore b/.gitignore > index f6a1bd051..4064d3d1e 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -230,6 +230,8 @@ widthspec.bin > /lib/libgcrypt-grub > /libgrub_a_init.c > /lzocompress_test > +/luks1_test > +/luks2_test > /m4/ > /minixfs_test > /missing > diff --git a/Makefile.util.def b/Makefile.util.def > index d919c562c..3f1162b76 100644 > --- a/Makefile.util.def > +++ b/Makefile.util.def > @@ -1213,6 +1213,18 @@ script =3D { > common =3D tests/syslinux_test.in; > }; > =20 > +script =3D { > + testcase =3D native; > + name =3D luks1_test; > + common =3D tests/luks1_test.in; > +}; > + > +script =3D { > + testcase =3D native; > + name =3D luks2_test; > + common =3D tests/luks2_test.in; > +}; > + > program =3D { > testcase =3D native; > name =3D example_unit_test; > diff --git a/tests/luks1_test.in b/tests/luks1_test.in > new file mode 100644 > index 000000000..cd28fd714 > --- /dev/null > +++ b/tests/luks1_test.in > @@ -0,0 +1,23 @@ > +#!@BUILD_SHEBANG@ > + > +set -e > + > +if [ "x$EUID" =3D "x" ] ; then > + EUID=3D`id -u` > +fi > + > +if [ "$EUID" !=3D 0 ] ; then > + exit 99 > +fi > + > +if ! which mkfs.ext2 >/dev/null 2>&1; then > + echo "mkfs.ext2 not installed; cannot test luks." > + exit 99 > +fi > + > +if ! which cryptsetup >/dev/null 2>&1; then > + echo "cryptsetup not installed; cannot test luks." > + exit 99 > +fi > + > +"@builddir@/grub-fs-tester" luks1 > diff --git a/tests/luks2_test.in b/tests/luks2_test.in > new file mode 100644 > index 000000000..6a26ba626 > --- /dev/null > +++ b/tests/luks2_test.in > @@ -0,0 +1,23 @@ > +#!@BUILD_SHEBANG@ > + > +set -e > + > +if [ "x$EUID" =3D "x" ] ; then > + EUID=3D`id -u` > +fi > + > +if [ "$EUID" !=3D 0 ] ; then > + exit 99 > +fi > + > +if ! which mkfs.ext2 >/dev/null 2>&1; then > + echo "mkfs.ext2 not installed; cannot test luks2." > + exit 99 > +fi > + > +if ! which cryptsetup >/dev/null 2>&1; then > + echo "cryptsetup not installed; cannot test luks2." > + exit 99 > +fi > + > +"@builddir@/grub-fs-tester" luks2 > diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in > index 43f6175c3..e488c0e41 100644 > --- a/tests/util/grub-fs-tester.in > +++ b/tests/util/grub-fs-tester.in > @@ -6,6 +6,7 @@ export BLKID_FILE=3D/dev/null > fs=3D"$1" > =20 > GRUBFSTEST=3D"@builddir@/grub-fstest" > +GRUBPROBE=3D"@builddir@/grub-probe" > =20 > tempdir=3D`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(date '+%Y%m%d%H%M%S%N')= =2E${fs}.XXX"` || > { echo "Failed to make temporary directory"; exit 99; } > @@ -13,6 +14,8 @@ tempdir=3D`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(date '= +%Y%m%d%H%M%S%N').${fs}.XXX > # xorriso -as mkisofs options to ignore locale when processing file name= s and > # FSLABEL. This is especially needed for the conversion to Joliet UCS-2. > XORRISOFS_CHARSET=3D"-input-charset UTF-8 -output-charset UTF-8" > +DMNAME=3D"${tempdir##*/}" > +PASS=3D"${PASS:-pass}" > =20 > MOUNTS=3D > LODEVICES=3D > @@ -28,6 +31,10 @@ cleanup() { > umount "$i" || : > done > =20 > + if [ -e /dev/mapper/"$DMNAME" ]; then > + cryptsetup close --disable-locks "$DMNAME" > + fi > + > for lodev in $LODEVICES; do > local i=3D600 > while losetup -l -O NAME | grep -q "^$lodev\$"; do > @@ -68,7 +75,12 @@ run_grubfstest () { > need_images=3D"$need_images $FSIMAGEP${i}.img"; > done > =20 > - run_it -c $NEED_IMAGES_N $need_images "$@" > + case x"$fs" in > + xluks*) > + echo -n "$PASS" | run_it -C -c $NEED_IMAGES_N $need_images "$@";; > + *) > + run_it -c $NEED_IMAGES_N $need_images "$@";; > + esac > } > =20 > # OS LIMITATION: GNU/Linux has no AFS support, so we use a premade image= and a reference tar file. I.a. no multiblocksize test > @@ -76,6 +88,8 @@ run_grubfstest () { > MINLOGSECSIZE=3D9 > MAXLOGSECSIZE=3D9 > case x"$fs" in > + xluks2) > + MAXLOGSECSIZE=3D12;; > xntfs*) > MINLOGSECSIZE=3D8 > MAXLOGSECSIZE=3D12;; > @@ -363,7 +377,7 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSE= CSIZE" 1); do > #FSLABEL=3D"g;/_=C3=A9=F0=AF=A6=9B=F0=AF=A6=9D=F0=9F=98=81=D0=BA= =D0=B8=D1=82 u" > ;; > # FS LIMITATION: reiserfs, extN and jfs label is at most 16 UTF-8 char= acters > - x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"mdraid"* | x"jfs= " | x"jfs_caseins") > + x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"luks"* | x"mdrai= d"* | x"jfs" | x"jfs_caseins") > FSLABEL=3D"g;/=C3=A9=D1=82 =F0=AF=A6=9B=F0=9F=98=81";; > # FS LIMITATION: No underscore, space, semicolon, slash or internation= al characters in UFS* in label. Limited to 32 UTF-8 characters > x"ufs1" | x"ufs1_sun" | x"ufs2") > @@ -832,6 +846,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGS= ECSIZE" 1); do > MOUNTDEVICE=3D"/dev/mapper/grub_test-testvol" > MOUNTFS=3Dext2 > "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; > + x"luks"*) > + echo -n "$PASS" | cryptsetup luksFormat --type "$fs" --sector-size= $SECSIZE --pbkdf pbkdf2 --disable-locks $LODEVICE With the default "pass" password this fails here due to pwquality checks. Can you add "--force-password"? With that it works fine here, both LUKS1 and with the required patches also LUKS2. Thanks, =46abian > + echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$DMNA= ME" > + MOUNTDEVICE=3D"/dev/mapper/${DMNAME}" > + MOUNTFS=3Dext2 > + "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; > xf2fs) > "mkfs.f2fs" -l "$FSLABEL" -q "${MOUNTDEVICE}" ;; > xnilfs2) > @@ -944,6 +964,22 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGS= ECSIZE" 1); do > GRUBDEVICE=3D"mduuid/`mdadm --detail --export $MOUNTDEVICE | grep = MD_UUID=3D|sed 's,MD_UUID=3D,,g;s,:,,g'`";; > xlvm*) > GRUBDEVICE=3D"lvm/grub_test-testvol";; > + xluks*) > + if test x"$fs" =3D xluks2 && ! (cryptsetup luksDump --debug-json -= =2Ddisable-locks $LODEVICE | grep -q "\"sector_size\":$SECSIZE"); then > + echo "Unexpected sector size for $LODEVICE (expected: $SECSIZE)" > + exit 1 > + fi > + > + UUID=3D$(cryptsetup luksUUID --disable-locks $LODEVICE | tr -d '-') > + PROBE_UUID=3D$("$GRUBPROBE" --device $MOUNTDEVICE --target=3Dcrypt= odisk_uuid) > + if [ x"$UUID" !=3D x"$PROBE_UUID" ]; then > + echo "UUID FAIL" > + echo "$UUID" > + echo "$PROBE_UUID" > + exit 1 > + fi > + GRUBDEVICE=3D"cryptouuid/${UUID}" > + ;; > esac > GRUBDIR=3D"($GRUBDEVICE)" > case x"$fs" in > @@ -1102,6 +1138,15 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLO= GSECSIZE" 1); do > sleep 1 > vgchange -a n grub_test > ;; > + xluks*) > + for try in $(range 0 20 1); do > + if umount "$MNTPOINTRW" ; then > + break; > + fi > + done > + UMOUNT_TIME=3D$(date -u "+%Y-%m-%d %H:%M:%S") > + cryptsetup close --disable-locks "$DMNAME" > + ;; > xmdraid*) > sleep 1 > for try in $(range 0 20 1); do > @@ -1152,6 +1197,11 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLO= GSECSIZE" 1); do > mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}= ${SELINUXOPTS}ro > MOUNTS=3D"$MOUNTS $MNTPOINTRO" > ;; > + xluks*) > + echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$DMNA= ME" > + mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}= ${SELINUXOPTS}ro > + MOUNTS=3D"$MOUNTS $MNTPOINTRO" > + ;; > xmdraid*) > mdadm --assemble /dev/md/"${fs}_$NDEVICES" $LODEVICES > sleep 1 > @@ -1600,6 +1650,9 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOG= SECSIZE" 1); do > vgchange -a n grub_test > sleep 1 > ;; > + xluks*) > + cryptsetup close --disable-locks "$DMNAME" > + ;; > esac > case x"$fs" in > x"tarfs" | x"cpio_"* | x"iso9660" | xrockridge | xjoliet | xrockridge_= joliet | x"ziso9660" | x"romfs" | x"squash4_"* | x"iso9660_1999" | xrockrid= ge_1999 | xjoliet_1999 | xrockridge_joliet_1999) ;; >=20