From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1pG6dk-0000xf-Jb for mharc-grub-devel@gnu.org; Thu, 12 Jan 2023 18:05:44 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pG6dh-0000wc-Jt for grub-devel@gnu.org; Thu, 12 Jan 2023 18:05:42 -0500 Received: from mail-yw1-x1136.google.com ([2607:f8b0:4864:20::1136]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pG6df-00055e-Hk for grub-devel@gnu.org; Thu, 12 Jan 2023 18:05:41 -0500 Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-4b6255ce5baso260882857b3.11 for ; Thu, 12 Jan 2023 15:05:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficientek-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gPbzoz6feFT1YL/94XLYgNUpasEhpxqEhMFti1/oBLU=; b=jxALJj4MDKvKctifalcdSgVWzhJKH0NLh0nm+94o/AQ3OOUPuGo2d8ikbdodRfQazx Cff0K9BqiuEzT3t07UzleeGFJx44H6R8PxHajexU6fgQ365ZUEO6iUBgTs60zD0QeRte mSFPkcjZ6SWV2SdjbMUEfKHm0Se7w8az1aih/5J9K6F59qRqB7doFxYX7Np9575Vv0pk HXcs1OYeQdtPj4aMtjs+uOy/rmjx2HY0bHrWvob6APVlQ1sonknngCf/3oB7Y6j6ppS7 SKgIA7PCZukX2HpGNCqZA+GqqGO5yTmJLWJnV1xUHvgJAYyurDzYNlfjWrlShaYNTjdw u0Zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gPbzoz6feFT1YL/94XLYgNUpasEhpxqEhMFti1/oBLU=; b=Q2pQOIDW/nRFJg4fROArMo+NegKn+4nNJRgZfiY2bwFzIsfD7GjAotI3cbqPT8WxX3 JoZqJqWhZw+T0MBDhtHydvxPzHMZ19JiB0dLIa7jnh393HO7s6rrFlGycTixK7bkZsEJ LB1Q6n35NIZGnYmqyaCi7GCnqzPpWvLUgxdt2SijcPGynUrEzwTbMlZqRlpau+KUCbpc hlWDaXpGMKPkyggGuEOAr43SACPXXBvsoP790ot8QoHSR6F2x8QE/bddREwZ4PEQPhIk TfB1aD6+x92ugEh7cjrLDnz5ZyZLsoJXKhNaM9/NzkJtq9fv6kyy2rarcvSeIJm0pyrN 2iig== X-Gm-Message-State: AFqh2kpbZAL1YHrWdemhMBJ5X9Ta/eqMC6phh+KZ6XshvPPAz9hkICg7 57AH+wlcU77KK029qF62HFSg/kVlXSae/OU/ X-Google-Smtp-Source: AMrXdXs4bxMTUFjGU5e4IIPWI30RmcSiS9J6gFi+OgitoYRL0JDf4gnX5sTnt+U1KSs0jepI2jRrXA== X-Received: by 2002:a05:690c:306:b0:3f4:cc48:1c9d with SMTP id bg6-20020a05690c030600b003f4cc481c9dmr29832373ywb.50.1673564737906; Thu, 12 Jan 2023 15:05:37 -0800 (PST) Received: from crass-HP-ZBook-15-G2.lan ([37.218.244.251]) by smtp.gmail.com with ESMTPSA id bq35-20020a05620a46a300b00704c9015e68sm11704446qkb.116.2023.01.12.15.05.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jan 2023 15:05:37 -0800 (PST) From: Glenn Washburn To: grub-devel@gnu.org, Daniel Kiper Cc: Patrick Steinhardt , Pierre-Louis Bonicoli , Josselin Poiret , Fabian Vogt , Glenn Washburn Subject: [PATCH 4/4] grub-fs-tester: Add luks1 and luks2 support Date: Thu, 12 Jan 2023 17:05:10 -0600 Message-Id: <20230112230510.1319896-5-development@efficientek.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230112230510.1319896-1-development@efficientek.com> References: <20230112230510.1319896-1-development@efficientek.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::1136; envelope-from=development@efficientek.com; helo=mail-yw1-x1136.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2023 23:05:43 -0000 From: Pierre-Louis Bonicoli The logical sector size used by LUKS1 is 512 bytes and LUKS2 uses 512 to 4069 bytes. The deafualt password used is "pass", but can be overridden by setting the PASS environment variable. The device mapper name is set to the name of the temp directory so that its easy to corrolate device mapper name with a particular test run. Also since this name is unique per test run, multiple simultaneous test runs are allowed. Note that cryptsetup is passing the --disable-locks parameter to allow cryptsetup run successfully when /run/lock/cryptsetup is not accessible. Since the device mapper name is unique per test run, there is no need to worry about locking the device to serialize access. Signed-off-by: Pierre-Louis Bonicoli Tested-by: Glenn Washburn Signed-off-by: Glenn Washburn --- .gitignore | 2 ++ Makefile.util.def | 12 ++++++++ tests/luks1_test.in | 23 +++++++++++++++ tests/luks2_test.in | 23 +++++++++++++++ tests/util/grub-fs-tester.in | 57 ++++++++++++++++++++++++++++++++++-- 5 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 tests/luks1_test.in create mode 100644 tests/luks2_test.in diff --git a/.gitignore b/.gitignore index f6a1bd0517..4064d3d1ec 100644 --- a/.gitignore +++ b/.gitignore @@ -230,6 +230,8 @@ widthspec.bin /lib/libgcrypt-grub /libgrub_a_init.c /lzocompress_test +/luks1_test +/luks2_test /m4/ /minixfs_test /missing diff --git a/Makefile.util.def b/Makefile.util.def index d919c562c4..3f1162b765 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -1213,6 +1213,18 @@ script = { common = tests/syslinux_test.in; }; +script = { + testcase = native; + name = luks1_test; + common = tests/luks1_test.in; +}; + +script = { + testcase = native; + name = luks2_test; + common = tests/luks2_test.in; +}; + program = { testcase = native; name = example_unit_test; diff --git a/tests/luks1_test.in b/tests/luks1_test.in new file mode 100644 index 0000000000..cd28fd7149 --- /dev/null +++ b/tests/luks1_test.in @@ -0,0 +1,23 @@ +#!@BUILD_SHEBANG@ + +set -e + +if [ "x$EUID" = "x" ] ; then + EUID=`id -u` +fi + +if [ "$EUID" != 0 ] ; then + exit 99 +fi + +if ! which mkfs.ext2 >/dev/null 2>&1; then + echo "mkfs.ext2 not installed; cannot test luks." + exit 99 +fi + +if ! which cryptsetup >/dev/null 2>&1; then + echo "cryptsetup not installed; cannot test luks." + exit 99 +fi + +"@builddir@/grub-fs-tester" luks1 diff --git a/tests/luks2_test.in b/tests/luks2_test.in new file mode 100644 index 0000000000..6a26ba6266 --- /dev/null +++ b/tests/luks2_test.in @@ -0,0 +1,23 @@ +#!@BUILD_SHEBANG@ + +set -e + +if [ "x$EUID" = "x" ] ; then + EUID=`id -u` +fi + +if [ "$EUID" != 0 ] ; then + exit 99 +fi + +if ! which mkfs.ext2 >/dev/null 2>&1; then + echo "mkfs.ext2 not installed; cannot test luks2." + exit 99 +fi + +if ! which cryptsetup >/dev/null 2>&1; then + echo "cryptsetup not installed; cannot test luks2." + exit 99 +fi + +"@builddir@/grub-fs-tester" luks2 diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in index 7a48c4399c..3fbec2c255 100644 --- a/tests/util/grub-fs-tester.in +++ b/tests/util/grub-fs-tester.in @@ -9,6 +9,7 @@ unset SOURCE_DATE_EPOCH fs="$1" GRUBFSTEST="@builddir@/grub-fstest" +GRUBPROBE="@builddir@/grub-probe" tempdir=`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(date '+%Y%m%d%H%M%S%N').${fs}.XXX"` || { echo "Failed to make temporary directory"; exit 99; } @@ -16,6 +17,8 @@ tempdir=`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(date '+%Y%m%d%H%M%S%N').${fs}.XXX # xorriso -as mkisofs options to ignore locale when processing file names and # FSLABEL. This is especially needed for the conversion to Joliet UCS-2. XORRISOFS_CHARSET="-input-charset UTF-8 -output-charset UTF-8" +DMNAME="${tempdir##*/}" +PASS="${PASS:-pass}" MOUNTS= LODEVICES= @@ -31,6 +34,10 @@ cleanup() { umount "$i" || : done + if [ -e /dev/mapper/"$DMNAME" ]; then + cryptsetup close --disable-locks "$DMNAME" + fi + for lodev in $LODEVICES; do local i=600 while losetup -l -O NAME | grep -q "^$lodev\$"; do @@ -71,7 +78,12 @@ run_grubfstest () { need_images="$need_images $FSIMAGEP${i}.img"; done - run_it -c $NEED_IMAGES_N $need_images "$@" + case x"$fs" in + xluks*) + echo -n "$PASS" | run_it -C -c $NEED_IMAGES_N $need_images "$@";; + *) + run_it -c $NEED_IMAGES_N $need_images "$@";; + esac } # OS LIMITATION: GNU/Linux has no AFS support, so we use a premade image and a reference tar file. I.a. no multiblocksize test @@ -79,6 +91,8 @@ run_grubfstest () { MINLOGSECSIZE=9 MAXLOGSECSIZE=9 case x"$fs" in + xluks2) + MAXLOGSECSIZE=12;; xntfs*) MINLOGSECSIZE=8 MAXLOGSECSIZE=12;; @@ -366,7 +380,7 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do #FSLABEL="g;/_é莭莽😁кит u" ;; # FS LIMITATION: reiserfs, extN and jfs label is at most 16 UTF-8 characters - x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"mdraid"* | x"jfs" | x"jfs_caseins") + x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"luks"* | x"mdraid"* | x"jfs" | x"jfs_caseins") FSLABEL="g;/éт 莭😁";; # FS LIMITATION: No underscore, space, semicolon, slash or international characters in UFS* in label. Limited to 32 UTF-8 characters x"ufs1" | x"ufs1_sun" | x"ufs2") @@ -835,6 +849,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do MOUNTDEVICE="/dev/mapper/grub_test-testvol" MOUNTFS=ext2 "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; + x"luks"*) + echo -n "$PASS" | cryptsetup luksFormat --type "$fs" --sector-size $SECSIZE --pbkdf pbkdf2 --force-password --disable-locks $LODEVICE + echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$DMNAME" + MOUNTDEVICE="/dev/mapper/${DMNAME}" + MOUNTFS=ext2 + "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; xf2fs) "mkfs.f2fs" -l "$FSLABEL" -q "${MOUNTDEVICE}" ;; xnilfs2) @@ -947,6 +967,22 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do GRUBDEVICE="mduuid/`mdadm --detail --export $MOUNTDEVICE | grep MD_UUID=|sed 's,MD_UUID=,,g;s,:,,g'`";; xlvm*) GRUBDEVICE="lvm/grub_test-testvol";; + xluks*) + if test x"$fs" = xluks2 && ! (cryptsetup luksDump --debug-json --disable-locks $LODEVICE | grep -q "\"sector_size\":$SECSIZE"); then + echo "Unexpected sector size for $LODEVICE (expected: $SECSIZE)" + exit 1 + fi + + UUID=$(cryptsetup luksUUID --disable-locks $LODEVICE | tr -d '-') + PROBE_UUID=$("$GRUBPROBE" --device $MOUNTDEVICE --target=cryptodisk_uuid | tr -d '-') + if [ x"$UUID" != x"$PROBE_UUID" ]; then + echo "UUID FAIL" + echo "$UUID" + echo "$PROBE_UUID" + exit 1 + fi + GRUBDEVICE="cryptouuid/${UUID}" + ;; esac GRUBDIR="($GRUBDEVICE)" case x"$fs" in @@ -1105,6 +1141,15 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do sleep 1 vgchange -a n grub_test ;; + xluks*) + for try in $(range 0 20 1); do + if umount "$MNTPOINTRW" ; then + break; + fi + done + UMOUNT_TIME=$(date -u "+%Y-%m-%d %H:%M:%S") + cryptsetup close --disable-locks "$DMNAME" + ;; xmdraid*) sleep 1 for try in $(range 0 20 1); do @@ -1155,6 +1200,11 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}${SELINUXOPTS}ro MOUNTS="$MOUNTS $MNTPOINTRO" ;; + xluks*) + echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$DMNAME" + mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}${SELINUXOPTS}ro + MOUNTS="$MOUNTS $MNTPOINTRO" + ;; xmdraid*) mdadm --assemble /dev/md/"${fs}_$NDEVICES" $LODEVICES sleep 1 @@ -1603,6 +1653,9 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do vgchange -a n grub_test sleep 1 ;; + xluks*) + cryptsetup close --disable-locks "$DMNAME" + ;; esac case x"$fs" in x"tarfs" | x"cpio_"* | x"iso9660" | xrockridge | xjoliet | xrockridge_joliet | x"ziso9660" | x"romfs" | x"squash4_"* | x"iso9660_1999" | xrockridge_1999 | xjoliet_1999 | xrockridge_joliet_1999) ;; -- 2.34.1