[PATCH 0/3] Refactor/improve cryptomount data passing to crypto modules

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Glenn Washburn <development@efficientek.com>
To: grub-devel@gnu.org, Daniel Kiper <daniel.kiper@oracle.com>,
	Patrick Steinhardt <ps@pks.im>
Cc: Glenn Washburn <development@efficientek.com>
Subject: [PATCH 0/3] Refactor/improve cryptomount data passing to crypto modules
Date: Thu, 26 Aug 2021 00:08:49 -0500	[thread overview]
Message-ID: <cover.1629950544.git.development@efficientek.com> (raw)

This patch series refactors the way cryptomount passes data to the crypto
modules. Currently, the method has been by global variable and function call
argument, neither of which are ideal. This method passes data via a
grub_cryptomount_args struct, which can be added to over time as opposed to
continually adding arguments to the cryptodisk recover_key (as is being
proposed in the keyfile and detached header patches).

The infrastructure is implemented in patch #1 along with adding a new -p
parameter to cryptomount partly as an example to show how a password would be
passed to the crypto module backends. The backends do nothing with this data
in this patch, but print a message saying that sending a password is
unimplemented.

Patch #2 takes advantage of this new data passing mechanism to refactor the
essentially duplicated code in each crypto backend module for inputting the
password and puts that functionality in the cryptodisk code. Conceptually,
the crypto backends should not be getting user input anyway.

Finally patch #3, gets rid of some long time globals in cryptodisk, moving them
into the passed struct.

My intention is for this patch series to lay the foundation for an improved
patch series providing detached header and keyfile support (I already have
the series updated and ready to send once this is accepted). I also believe
tha this will somewhat simplify the patch series by James Bottomley in
passing secrets to the crypto backends.

Glenn

Glenn Washburn (3):
  cryptodisk: Add infrastructure to pass data from cryptomount to
    cryptodisk modules
  cryptodisk: Refactor password input out of crypto dev modules into
    cryptodisk
  cryptodisk: Move global variables into grub_cryptomount_args struct

 grub-core/disk/cryptodisk.c | 109 ++++++++++++++++++++++++------------
 grub-core/disk/geli.c       |  24 ++------
 grub-core/disk/luks.c       |  25 ++-------
 grub-core/disk/luks2.c      |  24 ++------
 include/grub/cryptodisk.h   |  12 ++++
 5 files changed, 102 insertions(+), 92 deletions(-)

-- 
2.27.0

next             reply	other threads:[~2021-08-26  5:09 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-26  5:08 Glenn Washburn [this message]
2021-08-26  5:08 ` [PATCH 1/3] cryptodisk: Add infrastructure to pass data from cryptomount to cryptodisk modules Glenn Washburn
2021-08-30 17:55   ` Patrick Steinhardt
2021-09-07  4:43     ` Glenn Washburn
2021-09-12 11:14       ` Patrick Steinhardt
2021-08-26  5:08 ` [PATCH 2/3] cryptodisk: Refactor password input out of crypto dev modules into cryptodisk Glenn Washburn
2021-08-26  5:08 ` [PATCH 3/3] cryptodisk: Move global variables into grub_cryptomount_args struct Glenn Washburn
2021-08-30 18:02   ` Patrick Steinhardt
2021-09-07  2:34     ` Glenn Washburn
2021-09-12 11:17       ` Patrick Steinhardt
2021-09-13 21:05         ` Glenn Washburn
2021-10-04  8:55           ` Patrick Steinhardt
2021-10-04 18:32             ` Glenn Washburn
2021-10-05  4:51               ` Glenn Washburn
2021-10-10  8:09               ` Patrick Steinhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1629950544.git.development@efficientek.com \
    --to=development@efficientek.com \
    --cc=daniel.kiper@oracle.com \
    --cc=grub-devel@gnu.org \
    --cc=ps@pks.im \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.