From: "Vladimir 'φ-coder/phcoder' Serbinenko" <phcoder@gmail.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: cryptodisk: teach grub_cryptodisk_insert() about partitions (bug #45889)
Date: Tue, 8 Sep 2015 09:38:19 -0700 [thread overview]
Message-ID: <55EF0EFB.5060103@gmail.com> (raw)
In-Reply-To: <a46a1edd9b7d13bcde8779dfaf795cea@iam.tj>
[-- Attachment #1: Type: text/plain, Size: 4362 bytes --]
On 06.09.2015 21:10, TJ wrote:
> https://savannah.gnu.org/bugs/index.php?45889
>
> Boot disk with 3 LUKS/dm-crypt GPT partitions
>
> (hd0,gpt3) (hd0,gpt4) (hd0,gpt5)
>
> grub is in (hd0,gpt3). The others have a LVM VG each.
>
> Using GRUB_ENABLE_CRYPTODISK=y I deliberately fail the first pass-phrase
> entry to get the rescue environment. I then
>
> cryptomount hd0,gpt3
>
> (crypto0) device is now present and prefix/root are set correctly. I
> insmod some other modules (exploring available functions) and
>
> set debug=cryptodisk
>
> I try to
>
> cryptomount hd0,gpt4
> cryptomount hd0,gpt4
>
> and see the message
>
> disk/cryptodisk.c:978: already mounted as crypto0
>
> But ls shows only (crypto0)
>
> With the attached patch the mounts now work:
>
> Attempting to decrypt master key...
> Enter passphrase for hd0,gpt3 ( ...UUID...)
> Slot 0 opened
> <<<< next line comes from temporary grub_dprintf() not included in patch
>>>>>
> disk/cryptodisk.c:718: insert 0, source 'hd0,gpt3', id 128, dev_id 0
> grub rescue> ls
> (hd0) (hd0,gpt5) (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1) (crypto0)
> (proc)
> grub rescue> cryptomount hd0,gpt4
> Attempting to decrypt master key...
> Enter passphrase for hd0,gpt4 (...UUID...)
> Slot 0 opened
> disk/cryptodisk.c:718: insert 1, source 'hd0,gpt4', id 128, dev_id 0
> grub rescue> cryptomount hd0,gpt5
> Attempting to decrypt master key...
> Enter passphrase for hd0,gpt5 (...UUID...)
> Slot 0 opened
> disk/cryptodisk.c:718: insert 2, source 'hd0,gpt4', id 128, dev_id 0
> grub rescue> insmod lvm
> grub rescue> ls
> (lvm/VG_OS-x86_64.usr_local) (lvm/VG_OS-ubuntu_15.10_var)
> (lvm/VG_OS-ubuntu_15.10_rootfs) (lvm/VG_DATA-home) (hd0) (hd0,gpt5)
> (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1) (crypto2) (crypto1)
> (crypto0) (proc)
>
> ---
> grub-core/disk/cryptodisk.c | 7 ++++++-
> include/grub/cryptodisk.h | 1 +
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 82a3dcb..0e6bc3f 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -25,6 +25,7 @@
> #include <grub/fs.h>
> #include <grub/file.h>
> #include <grub/procfs.h>
> +#include <grub/partition.h>
>
> #ifdef GRUB_UTIL
> #include <grub/emu/hostdisk.h>
> @@ -718,6 +719,7 @@ grub_cryptodisk_insert (grub_cryptodisk_t newdev,
> const char *name,
> newdev->id = last_cryptodisk_id++;
> newdev->source_id = source->id;
> newdev->source_dev_id = source->dev->id;
> + newdev->partition_number = source->partition ?
> source->partition->number : 0;
> newdev->next = cryptodisk_list;
> cryptodisk_list = newdev;
>
> @@ -740,7 +742,9 @@ grub_cryptodisk_get_by_source_disk (grub_disk_t disk)
> grub_cryptodisk_t dev;
> for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
> if (dev->source_id == disk->id && dev->source_dev_id == disk->dev->id)
> - return dev;
> + if ((disk->partition && disk->partition->number ==
> dev->partition_number) ||
> + (!disk->partition && dev->partition_number == 0))
> + return dev;
Please store and compare partition start, not parition number as the
same partition can be available several times through different partiton
schemes under different numbers. Additionally this allows to use
get_partition_start which already has the logic of handling empty partitions
> return NULL;
> }
>
> @@ -761,6 +765,7 @@ grub_cryptodisk_cheat_insert (grub_cryptodisk_t
> newdev, const char *name,
> newdev->cheat_fd = GRUB_UTIL_FD_INVALID;
> newdev->source_id = source->id;
> newdev->source_dev_id = source->dev->id;
> + newdev->partition_number = source->partition ?
> source->partition->number : 0;
> newdev->id = last_cryptodisk_id++;
> newdev->next = cryptodisk_list;
> cryptodisk_list = newdev;
> diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
> index f2ad2a7..b638f2e 100644
> --- a/include/grub/cryptodisk.h
> +++ b/include/grub/cryptodisk.h
> @@ -97,6 +97,7 @@ struct grub_cryptodisk
> grub_uint8_t rekey_key[64];
> grub_uint64_t last_rekey;
> int rekey_derived_size;
> + int partition_number;
> };
> typedef struct grub_cryptodisk *grub_cryptodisk_t;
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 213 bytes --]
next prev parent reply other threads:[~2015-09-08 16:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-07 4:10 cryptodisk: teach grub_cryptodisk_insert() about partitions (bug #45889) TJ
2015-09-08 16:38 ` Vladimir 'φ-coder/phcoder' Serbinenko [this message]
2015-09-09 1:18 ` TJ
2015-09-11 14:11 ` Andrei Borzenkov
2015-09-11 14:54 ` TJ
2015-11-07 15:54 ` Andrei Borzenkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55EF0EFB.5060103@gmail.com \
--to=phcoder@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.