All of lore.kernel.org
 help / color / mirror / Atom feed
From: Michael Chang <mchang@suse.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: Fabian Vogt <fvogt@suse.de>
Subject: Re: [PATCH 3/4] luks2: set up dummy sector size during scan
Date: Fri, 6 Aug 2021 12:51:10 +0800	[thread overview]
Message-ID: <20210806045110.GA4099@mercury> (raw)
In-Reply-To: <c8be399e5749446b644b84cfb2929e73f190d593.1590840835.git.ps@pks.im>

Hi,

Enclosed herewith please find the revised patch from openSUSE that could
also fix this very same problem.

According to Fabian, the author of this patch, the reason for having
this patch is that he found some problem in the posted one. I have added
him to the CC list so that he could provide more in detail later.

Thanks,
Michael

From: Fabian Vogt <fvogt@suse.de>
Date: Wed, 4 Aug 2021 14:56:16 +0200
Subject: [PATCH 1/2] disk/cryptodisk: When cheatmounting, use the sector info
 of the cheat device

When using grub-probe with cryptodisk, the mapped block device from the host
is used directly instead of decrypting the source device in GRUB code.
In that case, the sector size and count of the host device needs to be used.
This is especially important when using luks2, which does not assign
total_sectors and log_sector_size when scanning, but only later when the
segments in the JSON area are evaluated. With an unset log_sector_size,
grub_open_device complains.

This fixes grub-probe failing with
"error: sector sizes of 1 bytes aren't supported yet."

Signed-off-by: Fabian Vogt <fvogt@suse.de>
---
 grub-core/disk/cryptodisk.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 90f82b2d3..c2bb2b6eb 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1040,6 +1040,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
   grub_cryptodisk_t dev;
   grub_cryptodisk_dev_t cr;
   grub_disk_t source;
+  unsigned int cheat_sector_size;
 
   /* Try to open disk.  */
   source = grub_disk_open (sourcedev);
@@ -1062,6 +1063,25 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
     if (!dev)
       continue;
 
+    /* Use the sector size and count of the cheat device */
+    dev->cheat_fd = grub_util_fd_open (cheat, GRUB_UTIL_FD_O_RDONLY);
+    if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd))
+      {
+        grub_free (dev);
+        return grub_errno;
+      }
+    dev->total_sectors = grub_util_get_fd_size (dev->cheat_fd, cheat, &cheat_sector_size);
+    if (dev->total_sectors == -1)
+      {
+        grub_util_fd_close (dev->cheat_fd);
+        grub_free (dev);
+        return grub_errno;
+      }
+    dev->log_sector_size = cheat_sector_size;
+    dev->total_sectors >>= dev->log_sector_size;
+    grub_util_fd_close (dev->cheat_fd);
+    dev->cheat_fd = GRUB_UTIL_FD_INVALID;
+
     grub_util_info ("cheatmounted %s (%s) at %s", sourcedev, dev->modname,
 		    cheat);
     err = grub_cryptodisk_cheat_insert (dev, sourcedev, source, cheat);
-- 
2.32.0



On Sat, May 30, 2020 at 02:25:17PM +0200, Patrick Steinhardt wrote:
> GRUB currently only supports disk sector sizes of at least 9 bits. While
> not a problem when using decrypted LUKS2 disks, where we configure the
> sector size after we have decrypted the disk, it will cause failure as
> soon as we implement support for probing of LUKS2 encrypted disks: we
> only cheat-mount devices there and don't perform a real decryption, and
> thus the sector size will remain "0", causing errors at a later point.
> 
> The problem here is that we can only determine the sector size as soon
> as we have decrypted a key slot, as key slots may refer to different
> segments, where each segment in turn may have a different sector size.
> As we don't really need the sector size during cheat-mounting anyway,
> let's just specify the minimum value as dummy to fix such errors.
> 
> This patch is in preparation for probing support.
> 
> Signed-off-by: Patrick Steinhardt <ps@pks.im>
> ---
>  grub-core/disk/luks2.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index c847b4ac4..5c00d9775 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -374,6 +374,14 @@ luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot)
>    grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid));
>  
>    cryptodisk->modname = "luks2";
> +  /*
> +   * This dummy value is required when cheat-mounting and is overridden by
> +   * `luks2_verify_key ()`. We can't determine it here yet, as its value
> +   * depends on which disk sector we're going to open, which in turn depends on
> +   * the keyslot.
> +   */
> +  cryptodisk->log_sector_size = GRUB_DISK_SECTOR_BITS;
> +
>    return cryptodisk;
>  }
>  
> -- 
> 2.26.2
> 



> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel



  reply	other threads:[~2021-08-06  4:51 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-30 12:25 [PATCH 0/4] Probing support for LUKS2 Patrick Steinhardt
2020-05-30 12:25 ` [PATCH 1/4] luks: fix out-of-bounds copy of UUID Patrick Steinhardt
2020-06-06 23:32   ` Petr Vorel
2020-05-30 12:25 ` [PATCH 2/4] luks2: strip dashes off of the UUID Patrick Steinhardt
2020-09-15 14:30   ` Daniel Kiper
2020-05-30 12:25 ` [PATCH 3/4] luks2: set up dummy sector size during scan Patrick Steinhardt
2021-08-06  4:51   ` Michael Chang [this message]
2021-08-08 14:20     ` Patrick Steinhardt
2021-12-16 15:52       ` Fabian Vogt
2021-12-22 18:17         ` Josselin Poiret
2022-02-04 15:46           ` Fabian Vogt
2022-02-07 13:15             ` Josselin Poiret
2022-05-21  0:13               ` Glenn Washburn
2022-05-21 10:53                 ` Fabian Vogt
2022-06-13 14:29                 ` [PATCH v2] disk/cryptodisk: When cheatmounting, use the sector info of the cheat device Fabian Vogt
2022-06-14  2:19                   ` Glenn Washburn
2022-06-14 13:55                     ` [PATCH v3] " Fabian Vogt
2022-06-14 18:18                       ` Glenn Washburn
2022-06-21 15:40                       ` Patrick Steinhardt
2022-08-11 18:22                       ` Glenn Washburn
2020-05-30 12:25 ` [PATCH 4/4] osdep: detect LUKS2-encrypted devices Patrick Steinhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210806045110.GA4099@mercury \
    --to=mchang@suse.com \
    --cc=fvogt@suse.de \
    --cc=grub-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.