[PATCH] cryptodisk: Support encrypted volumes using detached headers on a partition

[PATCH] cryptodisk: Support encrypted volumes using detached headers on a partition

[Glenn Washburn]

Update the read hook to take into account encrypted volumes on a partition.
Grub disk read hooks supply an absolute sector number at which the read is
started from. If the encrypted volume is in a partition, the sector number
given to the read hook will be offset by the number of the sector at the
start of the partition. The read hook then needs to subtract the partition
start from the supplied sector to get the correct start sector for the read
into the detached header file.

Signed-off-by: Glenn Washburn <development@efficientek.com>
---
 grub-core/disk/cryptodisk.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index f1fe0d390..e89430812 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -64,6 +64,7 @@ static const struct grub_arg_option options[] =
 struct cryptodisk_read_hook_ctx
 {
   grub_file_t hdr_file;
+  grub_disk_addr_t part_start;
 };
 typedef struct cryptodisk_read_hook_ctx *cryptodisk_read_hook_ctx_t;
 
@@ -1022,7 +1023,7 @@ cryptodisk_read_hook (grub_disk_addr_t sector, unsigned offset,
     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("header file not found"));
 
   if (grub_file_seek (ctx->hdr_file,
-		      (sector * GRUB_DISK_SECTOR_SIZE) + offset)
+		      ((sector - ctx->part_start) * GRUB_DISK_SECTOR_SIZE) + offset)
       == (grub_off_t) -1)
     return grub_errno;
 
@@ -1078,6 +1079,7 @@ grub_cryptodisk_scan_device_real (const char *name,
        * times by a backend. This is fine because of the assumptions mentioned
        * and the read hook reads from absolute offsets and is stateless.
        */
+      read_hook_data.part_start = grub_partition_get_start (source->partition);
       read_hook_data.hdr_file = cargs->hdr_file;
       source->read_hook = cryptodisk_read_hook;
       source->read_hook_data = (void *) &read_hook_data;
-- 
2.34.1

Re: [PATCH] cryptodisk: Support encrypted volumes using detached headers on a partition

[brutser]

[-- Attachment #1: Type: text/plain, Size: 2605 bytes --]

This patch fixed the issue I had and now makes it possible to decrypt a partition with cryptomount when using a detached header.

Glenn, thanks for the patience with my not always efficient approach, but at least I reported something that needed a fix ;-)



Van: Glenn Washburn <development@efficientek.com>
Aan: grub-devel@gnu.org;
   Daniel Kiper <dkiper@net-space.pl>
Onderwerp: [PATCH] cryptodisk: Support encrypted volumes using detached headers on a partition
Datum: 07/08/2022 07:18:52 Europe/Paris
Cc: brutser@perso.be;
   Glenn Washburn <development@efficientek.com>

Update the read hook to take into account encrypted volumes on a partition.
Grub disk read hooks supply an absolute sector number at which the read is
started from. If the encrypted volume is in a partition, the sector number
given to the read hook will be offset by the number of the sector at the
start of the partition. The read hook then needs to subtract the partition
start from the supplied sector to get the correct start sector for the read
into the detached header file.

Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/cryptodisk.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index f1fe0d390..e89430812 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -64,6 +64,7 @@ static const struct grub_arg_option options[] =
struct cryptodisk_read_hook_ctx
{
grub_file_t hdr_file;
+ grub_disk_addr_t part_start;
};
typedef struct cryptodisk_read_hook_ctx *cryptodisk_read_hook_ctx_t;

@@ -1022,7 +1023,7 @@ cryptodisk_read_hook (grub_disk_addr_t sector, unsigned offset,
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("header file not found"));

if (grub_file_seek (ctx->hdr_file,
- (sector * GRUB_DISK_SECTOR_SIZE) + offset)
+ ((sector - ctx->part_start) * GRUB_DISK_SECTOR_SIZE) + offset)
== (grub_off_t) -1)
return grub_errno;

@@ -1078,6 +1079,7 @@ grub_cryptodisk_scan_device_real (const char *name,
* times by a backend. This is fine because of the assumptions mentioned
* and the read hook reads from absolute offsets and is stateless.
*/
+ read_hook_data.part_start = grub_partition_get_start (source->partition);
read_hook_data.hdr_file = cargs->hdr_file;
source->read_hook = cryptodisk_read_hook;
source->read_hook_data = (void *) &read_hook_data;
-- 
2.34.1


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel


[-- Attachment #2: Type: text/html, Size: 3209 bytes --]

Re: [PATCH] cryptodisk: Support encrypted volumes using detached headers on a partition

[Daniel Kiper]

On Sun, Aug 07, 2022 at 12:18:52AM -0500, Glenn Washburn wrote:
> Update the read hook to take into account encrypted volumes on a partition.
> Grub disk read hooks supply an absolute sector number at which the read is
> started from. If the encrypted volume is in a partition, the sector number
> given to the read hook will be offset by the number of the sector at the
> start of the partition. The read hook then needs to subtract the partition
> start from the supplied sector to get the correct start sector for the read
> into the detached header file.
>
> Signed-off-by: Glenn Washburn <development@efficientek.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

brutser, may I add on your behalf:
  Reported-by: brutser <brutser@perso.be>
  Tested-by: brutser <brutser@perso.be>

Glenn, thank you for fixing this issue!

Daniel

Re: [PATCH] cryptodisk: Support encrypted volumes using detached headers on a partition

[brutser]

[-- Attachment #1: Type: text/plain, Size: 1244 bytes --]

Hi Daniel! No problem, I will do some more testing end of this week with different setups. 



Van: Daniel Kiper <dkiper@net-space.pl>
Aan: Glenn Washburn <development@efficientek.com>
Onderwerp: Re: [PATCH] cryptodisk: Support encrypted volumes using detached headers on a partition
Datum: 09/08/2022 15:17:59 Europe/Paris
Cc: grub-devel@gnu.org;
   brutser@perso.be

On Sun, Aug 07, 2022 at 12:18:52AM -0500, Glenn Washburn wrote:
> Update the read hook to take into account encrypted volumes on a partition.
> Grub disk read hooks supply an absolute sector number at which the read is
> started from. If the encrypted volume is in a partition, the sector number
> given to the read hook will be offset by the number of the sector at the
> start of the partition. The read hook then needs to subtract the partition
> start from the supplied sector to get the correct start sector for the read
> into the detached header file.
>
> Signed-off-by: Glenn Washburn <development@efficientek.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

brutser, may I add on your behalf:
Reported-by: brutser <brutser@perso.be>
Tested-by: brutser <brutser@perso.be>

Glenn, thank you for fixing this issue!

Daniel


[-- Attachment #2: Type: text/html, Size: 1541 bytes --]