From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1oNbvz-000529-2N
	for mharc-grub-devel@gnu.org; Mon, 15 Aug 2022 11:23:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:49570)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ps@pks.im>) id 1oNbvx-00051p-LE
 for grub-devel@gnu.org; Mon, 15 Aug 2022 11:23:17 -0400
Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:60913)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ps@pks.im>) id 1oNbvs-0005LJ-Hv
 for grub-devel@gnu.org; Mon, 15 Aug 2022 11:23:17 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.west.internal (Postfix) with ESMTP id 36A823200937;
 Mon, 15 Aug 2022 11:23:09 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Mon, 15 Aug 2022 11:23:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc
 :content-type:date:date:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to; s=fm1; t=1660576988; x=1660663388; bh=HHOvjwycr/
 THSiTow4zZ+sQgcn+QMOuGC1hixh8Iw2w=; b=ZdxoCe3H9YNOT0F8aygYwqs2fb
 nfhuLyo91Am470vVu9Fnnw5v32EAcviWbfTwwau7K3N4zdGpjc/O2Q6f0T1dSs4U
 1Xd4MyT+e2u+CXWu/lOP9FwHm2Q0TbNbLwr3AxZW6BA0NZ1Ykz7yZNxNPT4cFdR5
 pbjkDxto0uzaNBMz1+zCPEJX6L/bfsAYBqcI2SBhfpGkTvZBtg2VXREE1yQyqBIF
 rg1ghZdIIgtOO/DSdLGckr3ZizKgD81efJqFr8nlKQS64m3lDE5k4ETlEdCtJd2C
 +ctTZS4cftJ9Tnsg3gxWNaW51EY5uf2IvTroBhb1Fz2gV6dYEZ2yMyIpzF3w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:date:date:feedback-id
 :feedback-id:from:from:in-reply-to:in-reply-to:message-id
 :mime-version:references:reply-to:sender:subject:subject:to:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm1; t=1660576988; x=1660663388; bh=HHOvjwycr/THSiTow4zZ+sQgcn+Q
 MOuGC1hixh8Iw2w=; b=0J4r2z6pl1QqjsZiT+oqZTlT1JfTqXwd39Mw0dEMtXyn
 vKltNomC4yh/sqQolyK+663Weqgic5vhRXLSom0kQ4qRi22kBwaNhphMTmLft5iS
 Z/NIDJvDKhh8dU7fd9wr6WSwz1u4oeDOIexJe4JIXQ4etfJuBSp13Qnu4Sdqy8GS
 pAnX8geq1dqlxLreNwGAF6SK4o7jPnSrlkh0tLHYSUv78EEcyD3JGpbxGhjwwTeE
 OrNqgB3tVqppqwTaYDc4aAudc9cIsBbqq2EcS2UtYaPMOGs4Wby9JcWnTF3tYm2T
 wECIB5SXmR+SJhLaacwrwxzgchDVeOTq33c+bhgu2Q==
X-ME-Sender: <xms:3GT6YoiQNxtE4zjrAPsLBQkwDVLW8n4DaQ5iUTv9QZ5MCkeriYhMYg>
 <xme:3GT6YhDW2PdPUVZpl4EXyP6dFQNu9BYmyKiu4I3ajqkz9j7glq6raExaY4dDnUCOK
 f9oagayr1JNjGlRrQ>
X-ME-Received: <xmr:3GT6YgHdxYXDPoRaVJIKpNxWh2nU1NZaRNoLv4paqbvmp_Emk2J5NFX2suqrHW-7py9TtQc_X8u6M6aXqN9KE0NbjngyKaniZQWDE5zkf6EWa9nDer54ZfI>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdehvddgkeekucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgrthhr
 ihgtkhcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvg
 hrnhepueektdevtdffveeljeetgfehheeigeekleduvdeffeeghefgledttdehjeelffet
 necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhsse
 hpkhhsrdhimh
X-ME-Proxy: <xmx:3GT6YpRrnZk2hxhXHbznW0p-KbSgfdfWRWMckAG6YERrvKnEC304sw>
 <xmx:3GT6YlyKYZdOqYkalspe4zQNnJM6u0i2KENoaNCRc8abSt3WBVpyWw>
 <xmx:3GT6Yn4tjez80iiUv8Al3HNNbd7lJOLCwmjEd1DRnixeBoG5mc4rKw>
 <xmx:3GT6YmrV1iZ_awLf4sVHG7we_TMTO-vCLLyVIbScDWn9_oj7WlU2mg>
Feedback-ID: i197146af:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 15 Aug 2022 11:23:07 -0400 (EDT)
Received: from localhost (xps [10.192.0.12])
 by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 46ac2215
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); 
 Mon, 15 Aug 2022 15:23:03 +0000 (UTC)
Date: Mon, 15 Aug 2022 17:23:15 +0200
From: Patrick Steinhardt <ps@pks.im>
To: Glenn Washburn <development@efficientek.com>
Cc: grub-devel@gnu.org, Daniel Kiper <dkiper@net-space.pl>
Subject: Re: [PATCH] luks2: Continue trying all keyslots even if there are
 some failures
Message-ID: <Yvpk41plfgQkN2TP@xps>
References: <20220722080450.1289623-1-development@efficientek.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="ryENA7qXeFOf/UGO"
Content-Disposition: inline
In-Reply-To: <20220722080450.1289623-1-development@efficientek.com>
Received-SPF: pass client-ip=64.147.123.25; envelope-from=ps@pks.im;
 helo=wout2-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
 T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 15:23:17 -0000


--ryENA7qXeFOf/UGO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 22, 2022 at 03:04:50AM -0500, Glenn Washburn wrote:
> luks2_get_keyslot can fail for a variety of reasons that do not neccesari=
ly
> mean the next keyslot should not be tried (eg. a new kdf type). So always
> try the next slot. This will make GRUB more resilient to non-spec json da=
ta
> that 3rd party systems may add. We do not care if some of the keyslots are
> unusable, only if there is at least one that is.
>=20
> Signed-off-by: Glenn Washburn <development@efficientek.com>
> ---
>  grub-core/disk/luks2.c | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
>=20
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index bf741d70f..d8d3180ed 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -610,7 +610,15 @@ luks2_recover_key (grub_disk_t source,
>        grub_errno =3D GRUB_ERR_NONE;
>        ret =3D luks2_get_keyslot (&keyslot, &digest, &segment, json, json=
_idx);
>        if (ret)
> -	goto err;
> +	{
> +	  /*
> +	   * luks2_get_keyslot can fail for a variety of reasons that do not
> +	   * neccesarily mean the next keyslot should not be tried (eg. a new
> +	   * kdf type). So always try the next slot.
> +	   */
> +	  grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_T "\=
n", keyslot.idx);
> +	  continue;
> +	}
>        if (grub_errno !=3D GRUB_ERR_NONE)
>  	  grub_dprintf ("luks2", "Ignoring unhandled error %d from luks2_get_ke=
yslot\n", grub_errno);
> =20
> --=20
> 2.34.1
>=20

Reviewed-by: Patrick Steinhardt <ps@pks.im>

--ryENA7qXeFOf/UGO
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAmL6ZOIACgkQVbJhu7ck
PpQnDg/+MF0P6vGvniRmPAth6HaMgwezT5zz7DVWDg8MqKGy10J+y7F43wINpMVW
VU5eZBBLZJuL6sCe0XoAprAqFFPkAP38KH7FZjtV8DKgZk9sefRU6opXW/5hGIjR
EOrcxNKGPcrFxqQv/PI8KAY9NTaTxQZHb/abDeozX1EhcNJ8Z6ieIT9uHERQMsRL
Z//bKkHtOpJB2WTAgKMEfBcV+kK3JNtQG9JU/MRFIJfxTxMG+3fgFlizGnf1JAto
Qwv+GWItZL6J1iSUgK8RGEwjCWEFrzkfsQv64j1olDAg8pZ+EndKsz+nnwfqMyHm
YjDIqu1UBuRjD9Z+NFdWQlvYPDBKLtC+8t0ATKkhBGe4TPvtPS5jV7vyLbrs/ASV
PrdivpFV7z1/gObc699EEMTRsnQOEsv/eB6VFnnbXYKzO/2h/voVMX4KkLJjDiXf
7/gpjgdUrB3+p5aT7mqKS/D/aDiMbabIdJPVt/4aie1Z/mfH2VgGcJJ1NP7FuJIf
rzXR8ziwjrDJLEcgF/kcAsLxier2I7noDmSPEqMUOSWnv9mSkq6vV1W2toea4eyI
2EEySxBp9kEKKtTnYuZq/eiVPLMKq/dFtEFpytLenuyBiOBEuv5zGOa/bbnl29n9
Tk++2N3UxQFh2wX5HwQ0KApfymlgeakUwVjaCduiv9mAg0YoaB4=
=ZRSn
-----END PGP SIGNATURE-----

--ryENA7qXeFOf/UGO--