From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1mkRc2-00056l-Su for mharc-grub-devel@gnu.org; Tue, 09 Nov 2021 08:56:34 -0500 Received: from eggs.gnu.org ([209.51.188.92]:42518) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mkRbt-0004wX-18 for grub-devel@gnu.org; Tue, 09 Nov 2021 08:56:27 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:16776) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mkRbp-0001Mw-Ue for grub-devel@gnu.org; Tue, 09 Nov 2021 08:56:24 -0500 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1A9CmNIX022597; Tue, 9 Nov 2021 13:56:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=z78clIpnn0vv7etuEosBf17yJiBgmSB3DmHRLIN+DHE=; b=VuqM6enalhL3BIUNRDtApieiuJKLRjAxCD5i4fAhByt3Rm4w8LLoNLonNxxgbnsQLBBq h95gFzmMZY1MoKJOKerGIQj1mszilCbA6kuR7sAhi+OFkIU3Pxlw4wc+B4AvONXrE0a4 EbCfQmzoRFJRaMC1QKcd32qfXUg69eHScBT9dyJzW6aG64wGQFcn6NPWwh9YGtMgImUw ZMmQUpqPz8CSfkTn3x7YDozRQHX4sei9j39GUmdhEX3FsdtimZKtQaTm6eWoAV9SrPKP +QgAZ44jICDdpEWl+BnZ/nGKI0lwZ8MxPX121d9NmjRApKCr9aAhCCodmq/DQhy/FqOz yw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3c7san1nr7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Nov 2021 13:56:14 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1A9DQWJN027257; Tue, 9 Nov 2021 13:56:14 GMT Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 3c7san1nqn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Nov 2021 13:56:14 +0000 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1A9DrPxE001281; Tue, 9 Nov 2021 13:56:12 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma05wdc.us.ibm.com with ESMTP id 3c5hbb9r3t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Nov 2021 13:56:12 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1A9DstOT56492316 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Nov 2021 13:54:56 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D48C0AE06D; Tue, 9 Nov 2021 13:54:55 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D7CEAE066; Tue, 9 Nov 2021 13:54:52 +0000 (GMT) Received: from jarvis.int.hansenpartnership.com (unknown [9.211.98.68]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Nov 2021 13:54:52 +0000 (GMT) From: James Bottomley To: grub-devel@gnu.org Cc: thomas.lendacky@amd.com, ashish.kalra@amd.com, brijesh.singh@amd.com, david.kaplan@amd.com, jejb@linux.ibm.com, jon.grimm@amd.com, tobin@ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, Javier Martinez Canillas Subject: [RESEND v3 1/3] cryptodisk: make the password getter and additional argument to recover_key Date: Tue, 9 Nov 2021 08:53:54 -0500 Message-Id: <20211109135356.10695-2-jejb@linux.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20211109135356.10695-1-jejb@linux.ibm.com> References: <20211109135356.10695-1-jejb@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: gaarxcZ54AN56fVHRFxnSjPM9DjYZOX0 X-Proofpoint-GUID: GCuq_BG1wOSFe-8gY2q7MjfD4mhm8Qd_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-09_03,2021-11-08_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 clxscore=1015 mlxscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111090082 Received-SPF: pass client-ip=148.163.156.1; envelope-from=jejb@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Nov 2021 13:56:27 -0000 For AMD SEV environments, the grub boot password has to be retrieved from a given memory location rather than prompted for. This means that the standard password getter needs to be replaced with one that gets the passphrase from the SEV area and uses that instead. Adding the password getter as a passed in argument to recover_key() makes this possible. Signed-off-by: James Bottomley --- v2: add conditional prompting to geli.c v3: make getter specify prompt requirement --- grub-core/disk/cryptodisk.c | 2 +- grub-core/disk/geli.c | 12 +++++++----- grub-core/disk/luks.c | 12 +++++++----- grub-core/disk/luks2.c | 12 +++++++----- grub-core/lib/crypto.c | 4 ++++ grub-core/osdep/unix/password.c | 4 ++++ grub-core/osdep/windows/password.c | 4 ++++ include/grub/cryptodisk.h | 6 +++++- 8 files changed, 39 insertions(+), 17 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index 90f82b2d3..b52a3cfd6 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -1015,7 +1015,7 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) if (!dev) continue; - err = cr->recover_key (source, dev); + err = cr->recover_key (source, dev, grub_password_get); if (err) { cryptodisk_close (dev); diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c index 2f34a35e6..3d826104d 100644 --- a/grub-core/disk/geli.c +++ b/grub-core/disk/geli.c @@ -398,7 +398,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, } static grub_err_t -recover_key (grub_disk_t source, grub_cryptodisk_t dev) +recover_key (grub_disk_t source, grub_cryptodisk_t dev, + grub_passwd_cb *password_get) { grub_size_t keysize; grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN]; @@ -438,11 +439,12 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev) tmp = NULL; if (source->partition) tmp = grub_partition_get_name (source->partition); - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition ? "," : "", tmp ? : "", - dev->uuid); + if (password_get (NULL, 0)) + grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, + source->partition ? "," : "", tmp ? : "", + dev->uuid); grub_free (tmp); - if (!grub_password_get (passphrase, MAX_PASSPHRASE)) + if (!password_get (passphrase, MAX_PASSPHRASE)) return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); /* Calculate the PBKDF2 of the user supplied passphrase. */ diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 13103ea6a..13eee2a18 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -152,7 +152,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, static grub_err_t luks_recover_key (grub_disk_t source, - grub_cryptodisk_t dev) + grub_cryptodisk_t dev, + grub_passwd_cb *password_get) { struct grub_luks_phdr header; grub_size_t keysize; @@ -187,11 +188,12 @@ luks_recover_key (grub_disk_t source, tmp = NULL; if (source->partition) tmp = grub_partition_get_name (source->partition); - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition ? "," : "", tmp ? : "", - dev->uuid); + if (password_get (NULL, 0)) + grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, + source->partition ? "," : "", tmp ? : "", + dev->uuid); grub_free (tmp); - if (!grub_password_get (passphrase, MAX_PASSPHRASE)) + if (!password_get (passphrase, MAX_PASSPHRASE)) { grub_free (split_key); return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index 371a53b83..7625c1768 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -542,7 +542,8 @@ luks2_decrypt_key (grub_uint8_t *out_key, static grub_err_t luks2_recover_key (grub_disk_t source, - grub_cryptodisk_t crypt) + grub_cryptodisk_t crypt, + grub_passwd_cb *password_get) { grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN]; char passphrase[MAX_PASSPHRASE], cipher[32]; @@ -584,10 +585,11 @@ luks2_recover_key (grub_disk_t source, /* Get the passphrase from the user. */ if (source->partition) part = grub_partition_get_name (source->partition); - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition ? "," : "", part ? : "", - crypt->uuid); - if (!grub_password_get (passphrase, MAX_PASSPHRASE)) + if (password_get (NULL, 0)) + grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, + source->partition ? "," : "", part ? : "", + crypt->uuid); + if (!password_get (passphrase, MAX_PASSPHRASE)) { ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); goto err; diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c index ca334d5a4..34272a7ad 100644 --- a/grub-core/lib/crypto.c +++ b/grub-core/lib/crypto.c @@ -456,6 +456,10 @@ grub_password_get (char buf[], unsigned buf_size) unsigned cur_len = 0; int key; + if (!buf) + /* want prompt */ + return 1; + while (1) { key = grub_getkey (); diff --git a/grub-core/osdep/unix/password.c b/grub-core/osdep/unix/password.c index 9996b244b..365ac4bad 100644 --- a/grub-core/osdep/unix/password.c +++ b/grub-core/osdep/unix/password.c @@ -34,6 +34,10 @@ grub_password_get (char buf[], unsigned buf_size) int tty_changed = 0; char *ptr; + if (!buf) + /* want prompt */ + return 1; + grub_refresh (); /* Disable echoing. Based on glibc. */ diff --git a/grub-core/osdep/windows/password.c b/grub-core/osdep/windows/password.c index 1d3af0c2c..2a6615611 100644 --- a/grub-core/osdep/windows/password.c +++ b/grub-core/osdep/windows/password.c @@ -33,6 +33,10 @@ grub_password_get (char buf[], unsigned buf_size) DWORD mode = 0; char *ptr; + if (!buf) + /* want prompt */ + return 1; + grub_refresh (); GetConsoleMode (hStdin, &mode); diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h index dcf17fbb3..737487bb4 100644 --- a/include/grub/cryptodisk.h +++ b/include/grub/cryptodisk.h @@ -112,6 +112,9 @@ struct grub_cryptodisk }; typedef struct grub_cryptodisk *grub_cryptodisk_t; +/* must match prototype for grub_password_get */ +typedef int (grub_passwd_cb)(char buf[], unsigned buf_size); + struct grub_cryptodisk_dev { struct grub_cryptodisk_dev *next; @@ -119,7 +122,8 @@ struct grub_cryptodisk_dev grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid, int boot_only); - grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev); + grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, + grub_passwd_cb *get_password); }; typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t; -- 2.26.2