From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1o1KAG-0004x5-Qd for mharc-grub-devel@gnu.org; Tue, 14 Jun 2022 23:57:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51124) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1KAE-0004wu-TC for grub-devel@gnu.org; Tue, 14 Jun 2022 23:57:54 -0400 Received: from mail-he1eur01on0603.outbound.protection.outlook.com ([2a01:111:f400:fe1e::603]:35139 helo=EUR01-HE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o1KAB-0002ka-H3 for grub-devel@gnu.org; Tue, 14 Jun 2022 23:57:54 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b3EeWW6StTfpdJl2eBvf2TsOaAYos/b8EGfnGF0pOeC74ozVNETZGnMyGql98GH56oZaoxh9KzUWu3KqLY31G4Czryt7gaG3//Ku73YR670SlS8LpxGaRjTAHLzhlKt0KPPOLLT/I0obzosfbcFq+LDW9OAgJHaVhVh6WzvTwxl5/T5P3DOj6WVIcG0mR2+K87UIaO5qdVZmWrkVPv/xFqdjjI5CjqbUjtMypXNilhn+VgnfzRdHq9qnMMjOk2UZ4sHpbJhirHKcjzP44ku9sXFnOTtajiGhpCzoKKHv4j2Ak8uKm7oWITBjwW7GB4qtrImIih1wmt8xtsc75Yu69Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ajJByKk8WSSktDLGr0oUfJGWtOrZyvHXLZX8E6cDUtE=; b=KAuD0+ZrOSvTolIhTOfDOx3TQUefOV4mjMI/xhGdbXeERNLOq1vG5UxKyoDHODIqVYA/vVo48MzprPUyPYpCRLGBl2XxuY8cjcapSyg9TqarIaPcoZedEqT/tsKp87s0dY8o2/LbT9cxIAbCbWbgFIYn+M8bOG8Cz5nwLvTbVLZymsHp4eQyCO4ACq2sE7k8J3ExeThpMNEs6h/uZnf8lFmZv6FAZLWuM9es9t+K/2vpkxvT6et/bxXZUI2rePNcqFsmD9CqcVZeFTrDcc/eP1+W23jCP7ORSgRQapzM8/Lz1USeKOUJvQ+nkZb4looKERkpWQDUTLcnfgcm8viKAA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ajJByKk8WSSktDLGr0oUfJGWtOrZyvHXLZX8E6cDUtE=; b=lmYYhHMpP3oIYfCioLLH5TyfIYyv88mcUbpaU7ERpVVfcgdKw9WraIfI/Atgpm0iG+bruOZA2ZaoGWgvXc9/GTqoKZz8VskbdzbPdO7oEPgd/cBs57IVrexYvFVdGrySoyQJMSLNwAsbdWhypMqBABjAjRawwIcdAlt48whVvILShB4M/T1ajAeBFYwzfh/cpP3jF5Qv5UIUSDPn6sLclT65p/NLdyQ+Oll1s2FUXDaFAqEgME5UnPRKFKMWnzJ6b4piId5B6IUzDF4b1YNrN3J9SvEsJOkcqkaJYn9zs9l8UwcMhv2ZgTDUwT35HKBbvBYgsj9zTVvth62e/Q5gwA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DU2PR04MB9081.eurprd04.prod.outlook.com (2603:10a6:10:2f0::13) by VI1PR04MB6928.eurprd04.prod.outlook.com (2603:10a6:803:12e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.22; Wed, 15 Jun 2022 03:52:47 +0000 Received: from DU2PR04MB9081.eurprd04.prod.outlook.com ([fe80::bcf1:779a:12b7:ee7b]) by DU2PR04MB9081.eurprd04.prod.outlook.com ([fe80::bcf1:779a:12b7:ee7b%7]) with mapi id 15.20.5332.021; Wed, 15 Jun 2022 03:52:47 +0000 Date: Wed, 15 Jun 2022 11:52:41 +0800 From: Michael Chang To: The development of GNU GRUB Cc: Glenn Washburn , Josselin Poiret Subject: Re: [PATCH v4 2/2] devmapper/getroot: Set up cheated LUKS2 cryptodisk mount from DM parameters Message-ID: <20220615035241.GA21566@mazu> References: <20220520192035.313b5ede@crass-HP-ZBook-15-G2> <20220614134730.7439-1-dev@jpoiret.xyz> <20220614134730.7439-3-dev@jpoiret.xyz> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220614134730.7439-3-dev@jpoiret.xyz> User-Agent: Mutt/1.10.1 (2018-07-13) X-ClientProxiedBy: SG2PR01CA0195.apcprd01.prod.exchangelabs.com (2603:1096:4:189::17) To DU2PR04MB9081.eurprd04.prod.outlook.com (2603:10a6:10:2f0::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2e4cbe8d-59b6-4a27-7af4-08da4e82826f X-MS-TrafficTypeDiagnostic: VI1PR04MB6928:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bvP2YucQgFDxVFhww4nhfSB+a6HW7R/r9P03KSa2aQ0/V8/aKNS82ipMLjtwjGmTtHR3fE1IzcDpVrHmCUs3V8n/z0+ISC/KqK53a+QnEXrj0MEDnsEzN2ly1ZAKoYX1GWWn+eGa6ghwFHISuCet/gCGMS6eeX6Wp9QM0lnsvqhgv3PIUcJn/CD7kXju9NKabXRC5lQvtZdKb/yu3axC2ZG79MPZ+OjbC+EWeg9RLaXh0SbWYacECNabrFJ/2bb+VduUtXV8s7l52XLDlG/Nkz69v7X0UHvNTDfHxavOQgxM9+QiisQXx8sSwrfFKeqZJ0zhS75zLpqhg0F4lA7O6OF6M456XA6/6NN7dE7XBK3HZTAwj7XEzaodhJZ3zUtr3NfYbTXrr7CN5Ya0vzzaIE3DzTZ5vb+o9NnFZhH9THL/lWG724rqqsDni4amBICegSSWCLKDhvXyCL8iNM92VpfR+O9icBtITsQdQqkyNdvAaYc46w6rs9VFd8SBx6U6WPomjq+QpavQlabD8PPm3k8ah++uihZQ8K/RA2sY7PCT3f5GWgtWd9lD658xH65+3rkiSFUzVxzD65KNF20XRVI5ONyKryKik17/A0k6eBnVELwLxFAdgAmxjeJwNz2jOTaRqT059ZOsvvwnRLlMoFPCWxFX/mwccfdlFZY6uudMTZV50Lkx4o1xEDE1mL3jetN+Y5lOJBq0lpGM3Tlv/Zt/St7WYYkQLbgv2MyPuNw= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR04MB9081.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(7916004)(366004)(6666004)(2906002)(6486002)(966005)(86362001)(38100700002)(316002)(6916009)(33656002)(33716001)(6506007)(83380400001)(508600001)(66946007)(66476007)(4326008)(6512007)(66556008)(1076003)(186003)(9686003)(8936002)(5660300002)(8676002)(54906003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?zLTEd7pRey6Mhg4ihb0UqMwX+6HH5stA68ex0b9aXZqIeI2b9LMBE7ZqLz41?= =?us-ascii?Q?V5yZAmzrWQ7+9HxAzGtMbYZW4cHufpKZ4JGPe96jP1yvL4yZc52mVaj4QOnU?= =?us-ascii?Q?6v5MKa2uZIyOwY0px3pvsejYKMNe1cSOY7LFgzGZ544kG+b7W5mf268tyGTV?= =?us-ascii?Q?1bS1gwHKquN/ibf6kI58UxhhYqgE1x29vP0ZMBu3pWMJRUEh6yoB0eURmwJE?= =?us-ascii?Q?5q4gGMSGmGHnN6VA2as5eKvWez1qBd3GkfcXNPSIo5NHo4edq19YraDw2Xh8?= =?us-ascii?Q?t9DN1zrxQYtL91pdifs4xwtOGZB/xb6InEVEvM62E1vtzHeQmGt8aoVFPHNW?= =?us-ascii?Q?CDnn0LhrsYxkJ48+MRuXzBtawuwP1idiIdWwUPE7uVwgatDJ1NFXuygH84G8?= =?us-ascii?Q?ej+JQ3KZU1xw1nELajJCWjvk0aL7S/mh4E89XAiW/jJuoAXJLnsuS4rTR9iT?= =?us-ascii?Q?wjgEH3ZH24y1mRzf/2ZSHgMMeU6UsSwLC2j8O00wceg0ssxTFv3k/7S9HzGb?= =?us-ascii?Q?XexAZdI9/CsiSbIu7OpguD+CtPwG7kEPl0OFX7L2/yS7cP2NYHiCIwe7V53F?= =?us-ascii?Q?MStiICoTQLZI5DRUef0dvaqTMBB1A3u0nE6jWuIY5w2syVWlHPncot0z9lWF?= =?us-ascii?Q?aMWM07S++i/9BZXH/k6OE2pugLEhaGzr2hsKN2WTJUNQ/tQJYHvmwfYLyqtC?= =?us-ascii?Q?2S4Lch+MDeot7CVpPOYkhQ+lOr/6qoLEJHKWtNYqTVP5eLBIW7uqigC9/5OD?= =?us-ascii?Q?BC+fJQECqi2NJmkvbYAHpwXGo9RgEqgHTB7bcVhDzaQzxTQp6gF1BzuR41La?= =?us-ascii?Q?xwi4QelRA0j6BJi7S9FA5rLV7eSg0lWUVYUUyUVjw7TgDZ3JyyLJ5GM65U3r?= =?us-ascii?Q?vLgrCpU1lqueadwXenhgThjqyqp6yDnFKD44OqANhgckNWTHUHplzDXYz5AO?= =?us-ascii?Q?F1Grv5D4aqx9q/KPHqEXe3v0NMUd1V9K9/Luu7nTVJw0V6PuRUcwcuOrFzJS?= =?us-ascii?Q?6O7FFtGrs9QasCZfZbxUkXuQK4a47R4KA0m5e8WpSd8fibTsUNstfShg8Mjx?= =?us-ascii?Q?6ELHn+TMcmQN6SVSjQF/PhAbHJVLNChH1tdZdwwmglCATuej83LNV9tZ8atw?= =?us-ascii?Q?bQelKPZmwxM7la+6EdNeBmwsiZSiLoQ/+gvHvxc3fppVC53i0c+0VPFwC//n?= =?us-ascii?Q?xzUIuYkMJe0Wttk89qinMcOZ4Gl0LWqsE0MBy13UD7wnSTSqBEiq/R1qLFZE?= =?us-ascii?Q?gI0Ij2qv48C4e2jXF4ea9HdkO7NDZx4ncyhKL7lpHfHjg5PAt3RXDoYlyfYg?= =?us-ascii?Q?JxFGfLIG/yvNOxx/Q8JoSJ/JrooCEqQNeLSQFjVJGNSjCOsxa8/2f10AsB+t?= =?us-ascii?Q?gSljA8/2/sH05FsSzQGUezeZbTGbnDgXIelPhOXo87j3NYccSdKoDUqCTcpQ?= =?us-ascii?Q?kd3kR9Y661z8MAXalxKlvZKm/TiUslZoCmvE8bpaHpWGWKgYFi8n5SzmMu2/?= =?us-ascii?Q?EHB5l78Ed7+LiORIPjq1ZwxCmHIfafF0xh8WOvdhKsy4HrKcopUolV2FWo/1?= =?us-ascii?Q?mrAD6ehzo1q3wY8kXPGsVX+3zBm9+ZxdXOmCm2gfFrN4uUlv3QOB/LlTmpq2?= =?us-ascii?Q?h5t1ajjhLS1T3gY0awvurtyUAWyrPgpQvD+K/fmfxoy1xg5j7+sqL6JjI815?= =?us-ascii?Q?uQQ0Bt4XGLZCYw8/bbEETQDjQRAB9783SP/n7OEgBn6ILqtWciA5UupPAcHF?= =?us-ascii?Q?Q3JNHgzLLzufcYFeCelhkSqZGm6b4sgQuhU+/pEWHTth++MLNu8uQrZyRtqy?= X-MS-Exchange-AntiSpam-MessageData-1: SMCAtSCd/bNvOg== X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2e4cbe8d-59b6-4a27-7af4-08da4e82826f X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB9081.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2022 03:52:47.1950 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dbGvEUDnlNmYnfOhjVpGM3BUMU/Q243/XFpRDlRmTSVXCBsukEpW30jPzvGk2o0Y X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB6928 Received-SPF: pass client-ip=2a01:111:f400:fe1e::603; envelope-from=MChang@suse.com; helo=EUR01-HE1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2022 03:57:55 -0000 On Tue, Jun 14, 2022 at 03:47:30PM +0200, The development of GNU GRUB wrote: > This lets a LUKS2 cryptodisk have its cipher and hash filled out, > otherwise they wouldn't be initialized if cheat mounted. > --- > grub-core/osdep/devmapper/getroot.c | 91 ++++++++++++++++++++++++++++- > 1 file changed, 90 insertions(+), 1 deletion(-) > > diff --git a/grub-core/osdep/devmapper/getroot.c b/grub-core/osdep/devmapper/getroot.c > index 2bf4264cf..ac90761ea 100644 > --- a/grub-core/osdep/devmapper/getroot.c > +++ b/grub-core/osdep/devmapper/getroot.c > @@ -51,6 +51,8 @@ > #include > #include > > +#include > + > static int > grub_util_open_dm (const char *os_dev, struct dm_tree **tree, > struct dm_tree_node **node) > @@ -186,7 +188,6 @@ grub_util_pull_devmapper (const char *os_dev) > && lastsubdev) > { > char *grdev = grub_util_get_grub_dev (lastsubdev); > - dm_tree_free (tree); > if (grdev) > { > grub_err_t err; > @@ -194,7 +195,95 @@ grub_util_pull_devmapper (const char *os_dev) > if (err) > grub_util_error (_("can't mount encrypted volume `%s': %s"), > lastsubdev, grub_errmsg); > + if (strncmp (uuid, "CRYPT-LUKS2-", sizeof ("CRYPT-LUKS2-") - 1) == 0) > + { > + /* set LUKS2 cipher from dm parameters, since it is not > + * possible to determine the correct one without > + * unlocking, as there might be multiple segments. > + */ > + grub_disk_t source; > + grub_cryptodisk_t cryptodisk; > + grub_addr_t start, length; Just a heads up. This failed to build on 32-bit architectures (i586, armv7l) with following error: [ 141s] ../grub-core/osdep/devmapper/getroot.c: In function 'grub_util_pull_devmapper': [ 141s] ../grub-core/osdep/devmapper/getroot.c:234:46: error: passing argument 3 of 'dm_get_next_target' from incompatible pointer type [-Werror=incompatible-pointer-types] [ 141s] 234 | dm_get_next_target (dmt, NULL, &start, &length, [ 141s] | ^~~~~~ [ 141s] | | [ 141s] | grub_addr_t * {aka unsigned int *} [ 141s] In file included from ../grub-core/osdep/devmapper/getroot.c:44: [ 141s] /usr/include/libdevmapper.h:288:48: note: expected 'uint64_t *' {aka 'long long unsigned int *'} but argument is of type 'grub_addr_t *' {aka 'unsigned int *'} [ 141s] 288 | void *next, uint64_t *start, uint64_t *length, [ 141s] | ~~~~~~~~~~^~~~~ [ 141s] ../grub-core/osdep/devmapper/getroot.c:234:54: error: passing argument 4 of 'dm_get_next_target' from incompatible pointer type [-Werror=incompatible-pointer-types] [ 141s] 234 | dm_get_next_target (dmt, NULL, &start, &length, [ 141s] | ^~~~~~~ [ 141s] | | [ 141s] | grub_addr_t * {aka unsigned int *} [ 141s] /usr/include/libdevmapper.h:288:65: note: expected 'uint64_t *' {aka 'long long unsigned int *'} but argument is of type 'grub_addr_t *' {aka 'unsigned int *'} [ 141s] 288 | void *next, uint64_t *start, uint64_t *length, [ 141s] | ~~~~~~~~~~^~~~~~ Apparently changing to use 'grub_uint64_t' for both start and length fixed the problem for me. Thanks, Michael > + char *target_type; > + char *params; > + const char *name; > + char *cipher, *cipher_mode; > + struct dm_task *dmt; > + char *seek_head, *c; > + unsigned int remaining; > + > + source = grub_disk_open (grdev); > + cryptodisk = grub_cryptodisk_get_by_source_disk (source); > + grub_disk_close (source); > + > + name = dm_tree_node_get_name (node); > + > + grub_util_info ("populating parameters of cryptomount `%s' from DM device `%s'", > + uuid, name); > + > + dmt = dm_task_create (DM_DEVICE_TABLE); > + if (dmt == 0) > + grub_util_error (_("can't create dm task DM_DEVICE_TABLE")); > + if (dm_task_set_name (dmt, name) == 0) > + grub_util_error (_("can't set dm task name to `%s'"), name); > + if (dm_task_run (dmt) == 0) > + grub_util_error (_("can't run dm task for `%s'"), name); > + /* dm_get_next_target doesn't have any error modes, everything has > + * been handled by dm_task_run. > + */ > + dm_get_next_target (dmt, NULL, &start, &length, > + &target_type, ¶ms); > + if (strncmp (target_type, "crypt", sizeof ("crypt")) != 0) > + grub_util_error (_("dm target of type `%s' is not `crypt'"), > + target_type); > + > + /* dm target parameters for dm-crypt is > + * [<#opt_params> ...] > + */ > + c = params; > + remaining = grub_strlen (c); > + > + /* first, get the cipher name from the cipher */ > + if (!(seek_head = grub_memchr (c, '-', remaining))) > + grub_util_error (_("can't get cipher from dm-crypt parameters `%s'"), > + params); > + cipher = grub_strndup (c, seek_head - c); > + remaining -= seek_head - c + 1; > + c = seek_head + 1; > + > + /* now, the cipher mode */ > + if (!(seek_head = grub_memchr (c, ' ', remaining))) > + grub_util_error (_("can't get cipher mode from dm-crypt parameters `%s'"), > + params); > + cipher_mode = grub_strndup (c, seek_head - c); > + remaining -= seek_head - c + 1; > + c = seek_head + 1; > + > + err = grub_cryptodisk_setcipher (cryptodisk, cipher, cipher_mode); > + if (err) > + { > + grub_util_error (_("can't set cipher of cryptodisk `%s' to `%s' with mode `%s'"), > + uuid, cipher, cipher_mode); > + } > + > + grub_free (cipher); > + grub_free (cipher_mode); > + > + /* This is the only hash usable by PBKDF2, and we don't > + * have Argon2 support yet, so set it by default, > + * otherwise grub-probe would miss the required > + * abstraction > + */ > + cryptodisk->hash = grub_crypto_lookup_md_by_name ("sha256"); > + if (cryptodisk->hash == 0) > + { > + grub_util_error (_("can't lookup hash sha256 by name")); > + } > + > + dm_task_destroy (dmt); > + } > } > + dm_tree_free (tree); > grub_free (grdev); > } > else > -- > 2.36.1 > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel