From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1dLNWG-0005eA-Fu
	for mharc-grub-devel@gnu.org; Thu, 15 Jun 2017 01:40:36 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34276)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ebiggers3@gmail.com>) id 1dLNWA-0005da-VN
	for grub-devel@gnu.org; Thu, 15 Jun 2017 01:40:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ebiggers3@gmail.com>) id 1dLNW7-0005yH-Re
	for grub-devel@gnu.org; Thu, 15 Jun 2017 01:40:30 -0400
Received: from mail-pg0-x244.google.com ([2607:f8b0:400e:c05::244]:36018)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ebiggers3@gmail.com>) id 1dLNW7-0005wR-Jw
	for grub-devel@gnu.org; Thu, 15 Jun 2017 01:40:27 -0400
Received: by mail-pg0-x244.google.com with SMTP id v18so660456pgb.3
	for <grub-devel@gnu.org>; Wed, 14 Jun 2017 22:40:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=1iuFAuO+WS7DF3u6hy6X4ODHGau8shjIWvTW5iVH3Hc=;
	b=qwZTeUirGYMumlzEKyzoL8cIkeS6RgI9yPDSvG9w4JJHsvOXuTZMG51Y0UxdyC3I3B
	+wlEMjRkytSqyfprttYCTvKRpiZix3+bsyNlSj1DyCayuB/ONu8R4NL1tA9hQrG1PcC8
	jyCbmu5yHmRIAsTKLNwINbqVxHEoTgKt1zltzAkYUC3kqzt8MxU5HdykaYYpYq9FNTkK
	jWifd0ljLCxQ2fVNoLJHC+0TT+39P+9i7TBxfvKV7ZM5vV8xgRX1kJhl+UYXskeTfe4p
	95l2TbJ0r0ZGYLAgG667dwx9O2M9UL1H5AChR3GXdDYP5nO2HCgpeT3I5u6FhGlqWmnl
	s6Qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=1iuFAuO+WS7DF3u6hy6X4ODHGau8shjIWvTW5iVH3Hc=;
	b=ZmO7L/YD7oJ9UJp47xzma4gCEmmfeDElg4K3YhdJHCJ5rbFzE5PeUMDHNfyHQXn28r
	+FapuuxKQPZJQpOvnIDc7n4JO+L/9HHuOCLf9KKCXGc47iIu0x/jK76khc0Wtdzqg2x2
	1HMhvLazIxmUCmfaWL0KXyOJxhtc/YQKl4ni53s3eKdsFRqjWYb3w1ALPHYzPC842ZR2
	YxwJq+o/emnk/XPi7FcsFQ0T437/KfLf2dKDSpahQZ9Q7HsNrX/SiFjyPYGeBzhEzUfE
	fFzyEwmWuPme4PBPP/t+sAwgbeeTvxgrldv6+yrEqfO9GSGxpW4ZVtUIVeEtXVukT1P0
	FkCw==
X-Gm-Message-State: AKS2vOxL90CyhtmnA3nclAr6w/USSoN0jJYLI7k1MrLcSfraT1GDrLLv
	76eC+enSNSSK4ynV9Xs=
X-Received: by 10.98.202.68 with SMTP id n65mr3531337pfg.158.1497505224670;
	Wed, 14 Jun 2017 22:40:24 -0700 (PDT)
Received: from zzz.hsd1.wa.comcast.net (c-73-239-167-150.hsd1.wa.comcast.net.
	[73.239.167.150]) by smtp.gmail.com with ESMTPSA id
	u74sm3312249pfg.20.2017.06.14.22.40.24
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 14 Jun 2017 22:40:24 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: grub-devel@gnu.org
Cc: Eric Biggers <ebiggers@google.com>
Subject: [PATCH] ext2: support EXT4_FEATURE_INCOMPAT_ENCRYPT
Date: Wed, 14 Jun 2017 22:36:35 -0700
Message-Id: <20170615053635.1756-1-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.13.1
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:400e:c05::244
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2017 05:40:32 -0000

From: Eric Biggers <ebiggers@google.com>

Allow GRUB to mount ext2/3/4 filesystems that have the encryption
feature.  On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
For a regular file, this means its contents are encrypted; for a
directory, this means the filenames in its directory entries are
encrypted; and for a symlink, this means its target is encrypted.  Since
GRUB cannot decrypt encrypted contents or filenames, just issue an error
if it would need to do so.  This is sufficient to allow unencrypted boot
files to co-exist with encrypted files elsewhere on the filesystem.

(Note that encrypted regular files and symlinks will not normally be
encountered outside an encrypted directory; however, it's possible via
hard links, so they still need to be handled.)

Tested by booting from an ext4 /boot partition on which I had run
'tune2fs -O encrypt'.  I also verified that the expected error messages
are printed when trying to access encrypted directories, files, and
symlinks from the GRUB command line.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 grub-core/fs/ext2.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index cdce63bcc..51ccf0066 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -102,6 +102,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 #define EXT4_FEATURE_INCOMPAT_64BIT		0x0080
 #define EXT4_FEATURE_INCOMPAT_MMP		0x0100
 #define EXT4_FEATURE_INCOMPAT_FLEX_BG		0x0200
+#define EXT4_FEATURE_INCOMPAT_ENCRYPT		0x10000
 
 /* The set of back-incompatible features this driver DOES support. Add (OR)
  * flags here as the related features are implemented into the driver.  */
@@ -109,7 +110,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
                                        | EXT4_FEATURE_INCOMPAT_EXTENTS  \
                                        | EXT4_FEATURE_INCOMPAT_FLEX_BG \
                                        | EXT2_FEATURE_INCOMPAT_META_BG \
-                                       | EXT4_FEATURE_INCOMPAT_64BIT)
+                                       | EXT4_FEATURE_INCOMPAT_64BIT \
+                                       | EXT4_FEATURE_INCOMPAT_ENCRYPT)
 /* List of rationales for the ignored "incompatible" features:
  * needs_recovery: Not really back-incompatible - was added as such to forbid
  *                 ext2 drivers from mounting an ext3 volume with a dirty
@@ -138,6 +140,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 #define EXT3_JOURNAL_FLAG_DELETED	4
 #define EXT3_JOURNAL_FLAG_LAST_TAG	8
 
+#define EXT4_ENCRYPT_FLAG		0x800
 #define EXT4_EXTENTS_FLAG		0x80000
 
 /* The ext2 superblock.  */
@@ -706,6 +709,12 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
       grub_ext2_read_inode (diro->data, diro->ino, &diro->inode);
       if (grub_errno)
 	return 0;
+
+      if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
+	{
+	  grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, N_("symlink is encrypted"));
+	  return 0;
+	}
     }
 
   symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1);
@@ -749,6 +758,12 @@ grub_ext2_iterate_dir (grub_fshelp_node_t dir,
 	return 0;
     }
 
+  if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
+    {
+      grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, N_("directory is encrypted"));
+      return 0;
+    }
+
   /* Search the file.  */
   while (fpos < grub_le_to_cpu32 (diro->inode.size))
     {
@@ -859,6 +874,12 @@ grub_ext2_open (struct grub_file *file, const char *name)
 	goto fail;
     }
 
+  if (fdiro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
+    {
+      err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, N_("file is encrypted"));
+      goto fail;
+    }
+
   grub_memcpy (data->inode, &fdiro->inode, sizeof (struct grub_ext2_inode));
   grub_free (fdiro);
 
-- 
2.13.1