* GRUB_CRYPTODISK_ENABLE undocumented @ 2013-03-29 12:43 Andrey Borzenkov 2013-08-28 7:04 ` Michael Chang 2013-08-28 7:05 ` GRUB_CRYPTODISK_ENABLE undocumented Michael Chang 0 siblings, 2 replies; 9+ messages in thread From: Andrey Borzenkov @ 2013-03-29 12:43 UTC (permalink / raw) To: grub-devel Is it intentional? I hit it when testing grub on encrypted partition. When no, I'll submit a patch. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: GRUB_CRYPTODISK_ENABLE undocumented 2013-03-29 12:43 GRUB_CRYPTODISK_ENABLE undocumented Andrey Borzenkov @ 2013-08-28 7:04 ` Michael Chang 2013-09-24 10:39 ` Andrey Borzenkov 2013-08-28 7:05 ` GRUB_CRYPTODISK_ENABLE undocumented Michael Chang 1 sibling, 1 reply; 9+ messages in thread From: Michael Chang @ 2013-08-28 7:04 UTC (permalink / raw) To: The development of GNU GRUB Hi Andrey, 2013/3/29 Andrey Borzenkov <arvidjaar@gmail.com>: > Is it intentional? I hit it when testing grub on encrypted partition. > When no, I'll submit a patch. Do you have any progress on this? Besides document it, IMHO why not we consider to remove it or make it default enable to receive more testing from downstream ? Is there any consequence to enable it or because it's not officially supported yet? Even if it's immature, more testing is welcome to get all bugs sorted and resolved. Thanks, Michael > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: GRUB_CRYPTODISK_ENABLE undocumented 2013-08-28 7:04 ` Michael Chang @ 2013-09-24 10:39 ` Andrey Borzenkov 2013-09-24 11:10 ` Vladimir 'φ-coder/phcoder' Serbinenko 0 siblings, 1 reply; 9+ messages in thread From: Andrey Borzenkov @ 2013-09-24 10:39 UTC (permalink / raw) To: The development of GNU GRUB; +Cc: mchang В Wed, 28 Aug 2013 15:04:44 +0800 Michael Chang <mchang@suse.com> пишет: > Hi Andrey, > > 2013/3/29 Andrey Borzenkov <arvidjaar@gmail.com>: > > Is it intentional? I hit it when testing grub on encrypted partition. > > When no, I'll submit a patch. > > Do you have any progress on this? Besides document it, IMHO why not we > consider to remove it or make it default enable to receive more > testing from downstream ? Is there any consequence to enable it or > because it's not officially supported yet? > > Even if it's immature, more testing is welcome to get all bugs sorted > and resolved. > Well, I'm not sure which progress can be. I do not have any preference whether it should be default or not, I just think it should be documented. Vladimir, is it OK? From: Andrey Borzenkov <arvidjaar@gmail.com> To: grub-devel@gnu.org Subject: [PATCH] document GRUB_ENABLE_CRYPTODISK configuration option Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com> --- docs/grub.texi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/grub.texi b/docs/grub.texi index 574f602..9903a36 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1354,6 +1354,12 @@ Normally, @command{grub-mkconfig} will try to use the external systems installed on the same system and generate appropriate menu entries for them. Set this option to @samp{true} to disable this. +@item GRUB_ENABLE_CRYPTODISK +If set to @samp{y}, @command{grub-mkconfig} and @command{grub-install} will +check for encrypted disks and generate additional commands needed to access +them during boot. Note that in this case unattended boot is not possible +because GRUB will wait for passphrase to unlock encrypted container. + @item GRUB_INIT_TUNE Play a tune on the speaker when GRUB starts. This is particularly useful for users unable to see the screen. The value of this option is passed -- tg: (321e011..) u/crypto_eable (depends on: master) ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: GRUB_CRYPTODISK_ENABLE undocumented 2013-09-24 10:39 ` Andrey Borzenkov @ 2013-09-24 11:10 ` Vladimir 'φ-coder/phcoder' Serbinenko 2013-09-27 16:19 ` GRUB_ENABLE_CRYPTODISK vs GRUB_CRYPTODISK_ENABLE ? TJ 0 siblings, 1 reply; 9+ messages in thread From: Vladimir 'φ-coder/phcoder' Serbinenko @ 2013-09-24 11:10 UTC (permalink / raw) To: The development of GNU GRUB [-- Attachment #1: Type: text/plain, Size: 2074 bytes --] On 24.09.2013 12:39, Andrey Borzenkov wrote: > В Wed, 28 Aug 2013 15:04:44 +0800 > Michael Chang <mchang@suse.com> пишет: > >> Hi Andrey, >> >> 2013/3/29 Andrey Borzenkov <arvidjaar@gmail.com>: >>> Is it intentional? I hit it when testing grub on encrypted partition. >>> When no, I'll submit a patch. >> >> Do you have any progress on this? Besides document it, IMHO why not we >> consider to remove it or make it default enable to receive more >> testing from downstream ? Is there any consequence to enable it or >> because it's not officially supported yet? >> >> Even if it's immature, more testing is welcome to get all bugs sorted >> and resolved. >> > > Well, I'm not sure which progress can be. I do not have any preference > whether it should be default or not, I just think it should be > documented. > > Vladimir, is it OK? > Go ahead. > From: Andrey Borzenkov <arvidjaar@gmail.com> > To: grub-devel@gnu.org > Subject: [PATCH] document GRUB_ENABLE_CRYPTODISK configuration option > > Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com> > > --- > docs/grub.texi | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/docs/grub.texi b/docs/grub.texi > index 574f602..9903a36 100644 > --- a/docs/grub.texi > +++ b/docs/grub.texi > @@ -1354,6 +1354,12 @@ Normally, @command{grub-mkconfig} will try to use the external > systems installed on the same system and generate appropriate menu entries > for them. Set this option to @samp{true} to disable this. > > +@item GRUB_ENABLE_CRYPTODISK > +If set to @samp{y}, @command{grub-mkconfig} and @command{grub-install} will > +check for encrypted disks and generate additional commands needed to access > +them during boot. Note that in this case unattended boot is not possible > +because GRUB will wait for passphrase to unlock encrypted container. > + > @item GRUB_INIT_TUNE > Play a tune on the speaker when GRUB starts. This is particularly useful > for users unable to see the screen. The value of this option is passed > [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 291 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* GRUB_ENABLE_CRYPTODISK vs GRUB_CRYPTODISK_ENABLE ? 2013-09-24 11:10 ` Vladimir 'φ-coder/phcoder' Serbinenko @ 2013-09-27 16:19 ` TJ 2013-09-27 16:43 ` Andrey Borzenkov 0 siblings, 1 reply; 9+ messages in thread From: TJ @ 2013-09-27 16:19 UTC (permalink / raw) To: grub-devel What is the difference between GRUB_ENABLE_CRYPTODISK and GRUB_CRYPTODISK_ENABLE? GRUB_ENABLE_CRYPTODISK only seems to be used in an export in "util/grub-mkconfig.in" whereas GRUB_CRYPTODISK_ENABLE is used in "util/grub-{install,mkconfig_lib}.in". On Ubuntu 13.10 at least I found that I had to edit the export in 'grub-mkconfig' to be GRUB_CRYPTODISK_ENABLE in order for the installer scripts to correctly install for whole-disk encryption. Unless there's some Makefile or pre-processor magic going on which I've missed I believe this might be a bug. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: GRUB_ENABLE_CRYPTODISK vs GRUB_CRYPTODISK_ENABLE ? 2013-09-27 16:19 ` GRUB_ENABLE_CRYPTODISK vs GRUB_CRYPTODISK_ENABLE ? TJ @ 2013-09-27 16:43 ` Andrey Borzenkov 0 siblings, 0 replies; 9+ messages in thread From: Andrey Borzenkov @ 2013-09-27 16:43 UTC (permalink / raw) To: The development of GNU GRUB; +Cc: grub-devel В Fri, 27 Sep 2013 17:19:47 +0100 TJ <grub-devel@iam.tj> пишет: > What is the difference between GRUB_ENABLE_CRYPTODISK and GRUB_CRYPTODISK_ENABLE? > > GRUB_ENABLE_CRYPTODISK only seems to be used in an export in "util/grub-mkconfig.in" whereas GRUB_CRYPTODISK_ENABLE is used in "util/grub-{install,mkconfig_lib}.in". > > On Ubuntu 13.10 at least I found that I had to edit the export in 'grub-mkconfig' to be GRUB_CRYPTODISK_ENABLE in order for the installer scripts to correctly install for whole-disk encryption. > > Unless there's some Makefile or pre-processor magic going on which I've missed I believe this might be a bug. > Looks like it. From: Andrey Borzenkov <arvidjaar@gmail.com> To: grub-devel@gnu.org Subject: [PATCH] consistently use GRUB_ENABLE_CRYPTODISK everywhere Both GRUB_ENABLE_CRYPTODISK and GRUB_CRYPTODISK_ENABLE were used in different places. Use GRUB_ENABLE_CRYPTODISK everywhere for consistency with other GRUB_ENABLE_* or GRUB_DISABLE_* parameters. Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com> --- util/grub-install.in | 2 +- util/grub-mkconfig_lib.in | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/util/grub-install.in b/util/grub-install.in index ce8f840..7cd089b 100644 --- a/util/grub-install.in +++ b/util/grub-install.in @@ -632,7 +632,7 @@ if [ "x${devabstraction_module}" = "x" ] ; then fi fi else - if [ x$GRUB_CRYPTODISK_ENABLE = xy ]; then + if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then for uuid in "`echo "${grub_device}" | xargs "${grub_probe}" --target=cryptodisk_uuid --device`"; do echo "cryptomount -u $uuid" >> "${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/load.cfg" done diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in index 016d8c5..98d8a77 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -71,7 +71,7 @@ is_path_readable_by_grub () return 1 fi - if [ x$GRUB_CRYPTODISK_ENABLE = xy ]; then + if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then return 0 fi @@ -138,7 +138,7 @@ prepare_grub_to_access_device () echo "insmod ${module}" done - if [ x$GRUB_CRYPTODISK_ENABLE = xy ]; then + if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then for uuid in "`"${grub_probe}" --device "$@" --target=cryptodisk_uuid`"; do echo "cryptomount -u $uuid" done -- tg: (144214a..) u/grub_cryptodisk_enable (depends on: master) ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: GRUB_CRYPTODISK_ENABLE undocumented 2013-03-29 12:43 GRUB_CRYPTODISK_ENABLE undocumented Andrey Borzenkov 2013-08-28 7:04 ` Michael Chang @ 2013-08-28 7:05 ` Michael Chang 2013-08-28 14:51 ` Vladimir 'φ-coder/phcoder' Serbinenko 1 sibling, 1 reply; 9+ messages in thread From: Michael Chang @ 2013-08-28 7:05 UTC (permalink / raw) To: The development of GNU GRUB Hi Andrey, 2013/3/29 Andrey Borzenkov <arvidjaar@gmail.com>: > Is it intentional? I hit it when testing grub on encrypted partition. > When no, I'll submit a patch. Do you have any progress on this? Besides document it, IMHO why not we consider to remove it or make it default enable to receive more testing from downstream ? Is there any consequence to enable it or because it's not officially supported yet? Even if it's immature, more testing is welcome to get all bugs sorted and resolved. Thanks, Michael > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: GRUB_CRYPTODISK_ENABLE undocumented 2013-08-28 7:05 ` GRUB_CRYPTODISK_ENABLE undocumented Michael Chang @ 2013-08-28 14:51 ` Vladimir 'φ-coder/phcoder' Serbinenko 2013-08-29 7:37 ` Michael Chang 0 siblings, 1 reply; 9+ messages in thread From: Vladimir 'φ-coder/phcoder' Serbinenko @ 2013-08-28 14:51 UTC (permalink / raw) To: grub-devel [-- Attachment #1: Type: text/plain, Size: 1274 bytes --] On 28.08.2013 09:05, Michael Chang wrote: > Hi Andrey, > > 2013/3/29 Andrey Borzenkov <arvidjaar@gmail.com>: >> Is it intentional? I hit it when testing grub on encrypted partition. >> When no, I'll submit a patch. > > Do you have any progress on this? Besides document it, IMHO why not we > consider to remove it or make it default enable to receive more > testing from downstream ? Is there any consequence to enable it or > because it's not officially supported yet? > This option authorizes GRUB to ask user for password and wait until the password is supplied which can break unattended and remote boot. Think of theme in /usr. With the option disabled GRUB would simply skip theme and boot successfully. But with this option enabled it will wait for password until user supplies it or presses ESC. > Even if it's immature, more testing is welcome to get all bugs sorted > and resolved. > > Thanks, > Michael > >> >> _______________________________________________ >> Grub-devel mailing list >> Grub-devel@gnu.org >> https://lists.gnu.org/mailman/listinfo/grub-devel >> > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 291 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: GRUB_CRYPTODISK_ENABLE undocumented 2013-08-28 14:51 ` Vladimir 'φ-coder/phcoder' Serbinenko @ 2013-08-29 7:37 ` Michael Chang 0 siblings, 0 replies; 9+ messages in thread From: Michael Chang @ 2013-08-29 7:37 UTC (permalink / raw) To: The development of GNU GRUB On Wed, Aug 28, 2013 at 04:51:00PM +0200, Vladimir 'φ-coder/phcoder' Serbinenko wrote: > On 28.08.2013 09:05, Michael Chang wrote: > > Hi Andrey, > > > > 2013/3/29 Andrey Borzenkov <arvidjaar@gmail.com>: > >> Is it intentional? I hit it when testing grub on encrypted partition. > >> When no, I'll submit a patch. > > > > Do you have any progress on this? Besides document it, IMHO why not we > > consider to remove it or make it default enable to receive more > > testing from downstream ? Is there any consequence to enable it or > > because it's not officially supported yet? > > > This option authorizes GRUB to ask user for password and wait until the > password is supplied which can break unattended and remote boot. Think > of theme in /usr. With the option disabled GRUB would simply skip theme > and boot successfully. But with this option enabled it will wait for > password until user supplies it or presses ESC. In this case we shouldn't blame GRUB to interrupt the boot, instead it's why the policy been made to place theme file in /usr (which's supposed be encrypted) and expecting it to work on unattended or remote boot. As long as GRUB offers the option to on or off it (OK we don't remove it as we know it's required now), it's the system setup program's responsibity to make sure that the correct option is set for his setup to work as intended. I do really hope that the default can be changed for the reason that I have supplied. Thanks, Michael > > Even if it's immature, more testing is welcome to get all bugs sorted > > and resolved. > > > > Thanks, > > Michael > > > >> > >> _______________________________________________ > >> Grub-devel mailing list > >> Grub-devel@gnu.org > >> https://lists.gnu.org/mailman/listinfo/grub-devel > >> > > > > _______________________________________________ > > Grub-devel mailing list > > Grub-devel@gnu.org > > https://lists.gnu.org/mailman/listinfo/grub-devel > > > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel -- Michael Chang Software Engineer Rm. B, 26F, No.216, Tun Hwa S. Rd., Sec.2 Taipei 106, Taiwan, R.O.C +886223760030 mchang@suse.com SUSE ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2013-09-27 16:43 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-03-29 12:43 GRUB_CRYPTODISK_ENABLE undocumented Andrey Borzenkov 2013-08-28 7:04 ` Michael Chang 2013-09-24 10:39 ` Andrey Borzenkov 2013-09-24 11:10 ` Vladimir 'φ-coder/phcoder' Serbinenko 2013-09-27 16:19 ` GRUB_ENABLE_CRYPTODISK vs GRUB_CRYPTODISK_ENABLE ? TJ 2013-09-27 16:43 ` Andrey Borzenkov 2013-08-28 7:05 ` GRUB_CRYPTODISK_ENABLE undocumented Michael Chang 2013-08-28 14:51 ` Vladimir 'φ-coder/phcoder' Serbinenko 2013-08-29 7:37 ` Michael Chang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).