From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1oPKNi-0006ML-KE for mharc-grub-devel@gnu.org; Sat, 20 Aug 2022 05:03:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50562) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oPKNg-0006Li-JD for grub-devel@gnu.org; Sat, 20 Aug 2022 05:03:00 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:54867) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oPKNd-0000Vt-Cr for grub-devel@gnu.org; Sat, 20 Aug 2022 05:03:00 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id AD73532000D9; Sat, 20 Aug 2022 05:02:53 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sat, 20 Aug 2022 05:02:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1660986173; x=1661072573; bh=Oo5r73ZLGm VCUHK3WIpTE4KEcsxMfkqGFZdNt4Ud+e4=; b=KKyNThsa/TO9NUkhIsYYsP8ShB 7u2GPhqCmY+MVP6C3+xrbvQot7NvmORJ57nFaj3a5hoQ9/97aHYVXwTpgoAMLOGZ nIjMguHUduV/xcs3sUGCN4iauklZQQ3aFLH3/sOcIRrxgXlU72I8Ma58JwXbzyjO c8TPhJQPsvTJfCGeMPsWqjdDYzg/vfTjZC4DcBCoddbVN0vC/n1oAWvdwFTQl50f y+HE3jTzpXu5GVmp79ik0sY0ur+JMYjk2V78P9OqEIYAfWE+Jz0id1ZJiyyz9zcV u2VRTitBUdnDk58lY/JZs/LuZ4lY6aH/6V6GiWso1vcmRRKEud247C+dm8Uw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1660986173; x=1661072573; bh=Oo5r73ZLGmVCUHK3WIpTE4KEcsxM fkqGFZdNt4Ud+e4=; b=ZGq9SHdbp1BuPkq5pA4cTJlB29hUq+diTgRa4mPsR81Z yafukR6g1YQvF89eY2vccd74Yi0aCMG/LQR1dY/XvSZ3qhqPlH0O+QfFniGoJjvB 0oWMm9bUxM7heeSYJVC3of+oaGl7MDhAPlrdhIQrt17ZLA2PT+ppUsb4uAZ2ful7 w78nxqo+LUkZpKubmeMnoUMZo/kZwqD009/kasmSZtKVBxrbz1zVPLXz+xIkTKl8 2VUcUZdJQlQAMMO+9amn8zvSol3l4n9z7xFvNNzT56ygJe2VxZw1hs+cqxr+qNp0 s3jSlO25Z9AHvLdzIsc0qsgQk35FSKzj31QTuOKRHw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdeifedguddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgrthhr ihgtkhcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvg hrnhepueektdevtdffveeljeetgfehheeigeekleduvdeffeeghefgledttdehjeelffet necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhsse hpkhhsrdhimh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 20 Aug 2022 05:02:52 -0400 (EDT) Received: from localhost (xps [10.192.0.12]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 78d526c5 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sat, 20 Aug 2022 09:02:44 +0000 (UTC) Date: Sat, 20 Aug 2022 11:02:57 +0200 From: Patrick Steinhardt To: The development of GNU GRUB Cc: Glenn Washburn Subject: Re: [PATCH] luks2: Continue trying all keyslots even if there are some failures Message-ID: References: <20220722080450.1289623-1-development@efficientek.com> <20220819141044.wyz7fjwmds4lz2th@tomti.i.net-space.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="EMk1eMURt/uLB0vg" Content-Disposition: inline In-Reply-To: <20220819141044.wyz7fjwmds4lz2th@tomti.i.net-space.pl> Received-SPF: pass client-ip=64.147.123.24; envelope-from=ps@pks.im; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2022 09:03:00 -0000 --EMk1eMURt/uLB0vg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 19, 2022 at 04:10:44PM +0200, Daniel Kiper wrote: > On Mon, Aug 15, 2022 at 05:23:15PM +0200, Patrick Steinhardt wrote: > > On Fri, Jul 22, 2022 at 03:04:50AM -0500, Glenn Washburn wrote: > > > luks2_get_keyslot can fail for a variety of reasons that do not necce= sarily > > > mean the next keyslot should not be tried (eg. a new kdf type). So al= ways > > > try the next slot. This will make GRUB more resilient to non-spec jso= n data > > > that 3rd party systems may add. We do not care if some of the keyslot= s are > > > unusable, only if there is at least one that is. > > > > > > Signed-off-by: Glenn Washburn > > > --- > > > grub-core/disk/luks2.c | 10 +++++++++- > > > 1 file changed, 9 insertions(+), 1 deletion(-) > > > > > > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > > > index bf741d70f..d8d3180ed 100644 > > > --- a/grub-core/disk/luks2.c > > > +++ b/grub-core/disk/luks2.c > > > @@ -610,7 +610,15 @@ luks2_recover_key (grub_disk_t source, > > > grub_errno =3D GRUB_ERR_NONE; > > > ret =3D luks2_get_keyslot (&keyslot, &digest, &segment, json, = json_idx); > > > if (ret) > > > - goto err; > > > + { > > > + /* > > > + * luks2_get_keyslot can fail for a variety of reasons that do not > > > + * neccesarily mean the next keyslot should not be tried (eg. a n= ew > > > + * kdf type). So always try the next slot. > > > + */ > > > + grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_= T "\n", keyslot.idx); > > > + continue; > > > + } > > > if (grub_errno !=3D GRUB_ERR_NONE) > > > grub_dprintf ("luks2", "Ignoring unhandled error %d from luks2_ge= t_keyslot\n", grub_errno); > > > > > > -- > > > 2.34.1 > > > > > > > Reviewed-by: Patrick Steinhardt >=20 > Thank you for review but I have merged this patch earlier and cannot add > your RB now... :-( >=20 > Daniel No worries! I assumed as much when I reviewed this but was too lazy to check ;) Patrick --EMk1eMURt/uLB0vg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAmMAo0EACgkQVbJhu7ck PpSoChAAkXvYX9kuSKjcBDo8qj5ubsbqc0rZj7vU1hrgEsx4aDeF8zmSatOCSzJ4 PgAAVCcrL8p9QujI1dzCDphpB06DlGQOEheX6xwfAa6PD2fo8qDZWpWp00DzZs32 hPwfURldVm4g2y0qpqEKMW1bViBKBQNiTKKFlHjVNS/AZaJ/6K8tPBks3qdSUWW+ VHI5ZhmxJCJIk1tvHZGQgT7PUCa7hdcGkFQBY6JnllGi+tF1jtc1xbXpAkZaMmzo SvH65NPthD+TFAHQrsxl5rj8mPbZrHj7Zodh6HiKqrLIOLNOadTWtC7uOfAnQ947 AJJNum95btSma2hJRS/34z240NoN0bZ+DyxJmu2ye+TNE1in1dRP5KUSO3z5DDSg SggNsIPuYCXeL9c11LmXON/6rfxV5voOxeVhw+icI7+s39PlduKiecAap1EPJk0N RHD1QZAop8x3RKrWk954UiQw1tyfljmvUqL/oUnVadKSRiANMsWreOU5YC81Tuv7 uvNtTjL5asRQ7fJi3fo2zHAQQN+VPoaq7+cb3LXmEZjZ1fnmy2rWReclFMtQHT+z jk4CWcBorAGhHFfPLZXFfLtgfVG8op4nmrhhawmNUBbMtmydMRm+W/f2608VKxi2 Q148kOgcg2dithINNwrUe49MvDLMvMaPUA+BVp44FtTZOpyRKPY= =e1g9 -----END PGP SIGNATURE----- --EMk1eMURt/uLB0vg--