From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1c2JlD-0002p1-OC
	for mharc-grub-devel@gnu.org; Thu, 03 Nov 2016 11:16:59 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49095)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1c2JlB-0002nW-2e
	for grub-devel@gnu.org; Thu, 03 Nov 2016 11:16:58 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1c2JlA-0004WP-3N
	for grub-devel@gnu.org; Thu, 03 Nov 2016 11:16:57 -0400
Received: from mail-qk0-x231.google.com ([2607:f8b0:400d:c09::231]:34315)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <arvidjaar@gmail.com>)
	id 1c2Jkx-0004Tm-FW; Thu, 03 Nov 2016 11:16:43 -0400
Received: by mail-qk0-x231.google.com with SMTP id q130so61010005qke.1;
	Thu, 03 Nov 2016 08:16:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc; bh=n3rY7krdHU56aIhgdoETP5QuMgQEfSJAIQLLpMHL4H0=;
	b=cMTw+U8Z70H7tXBImVIUjcrjRg6ij21wPb3GQYwT58YdisZ8LjIRoWDXjuIQtwuWv5
	k4C7Z16aa7qcRFKf1Z1qnJ3Rlq9ITY1uScd8q+8fTm5GnyZYsRms8lDC8yKljYOaQR/S
	Y8/GOvAbkOvqOye6yHjUI40TXVPqoYmLbA0XaHg3ZxRCjMtxqdvl8nUBz4ZnXBZWpnBi
	wP2eks7AMHONOweqBWzdxckMBISb4bENzJuEI4XeksLz/OIezEgku3IBc3ZfreOOcfMu
	8MtQp+LiDk/hx2yJPSXqatTL2VWNASmi3ZMrJmHqEm/pQyf0dz7x0A5RcZgiw8/Wp2r6
	xSAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc;
	bh=n3rY7krdHU56aIhgdoETP5QuMgQEfSJAIQLLpMHL4H0=;
	b=gpZevejO2adDzZv5v1uu/EV/s8zsNWorZacdRk9PQn67BMCZOYTHUsJFCN8wN/1gZS
	+TfRW9ciDUWrC7D3Q0fa7keu0hEz7dqvboFsn9lfFMDYmdqE6r7qDOq+09TVR0DXBEUX
	fbUSTMup0WlnW4/xX7HhfYYiz1HfEThlbi2Y24T5wT4bU8DcMKzez2b0OonGumr8nxn0
	XrEq5udJv0kbAIlUjhWiI5Q9yonM3Rnn7G8mSJ4o7X8K3eHPbEanL2ljf/dxrJtaHxzG
	xGN+z6HW49hljfOa05+pPN58zEJqHbb/kpvQL4vQKluPy5AE0/gnKWD5b9QjxRt/eaUv
	PmwA==
X-Gm-Message-State: ABUngveJ3oh5bq91CUMinteiocq+pzxfOuFAWcrNhH6x3gH52N8HsdHq2LMlxuO4SvKgn4m7xbvjNV73rC8rcA==
X-Received: by 10.55.94.135 with SMTP id s129mr5562958qkb.124.1478186202815;
	Thu, 03 Nov 2016 08:16:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.46.216 with HTTP; Thu, 3 Nov 2016 08:16:42 -0700 (PDT)
In-Reply-To: <CAP=G5ieRUztQ=kaVg9oFOeAdqUvqgU=e8J7MJ1Si9QP1hGCThw@mail.gmail.com>
References: <CAP=G5ieRUztQ=kaVg9oFOeAdqUvqgU=e8J7MJ1Si9QP1hGCThw@mail.gmail.com>
From: Andrei Borzenkov <arvidjaar@gmail.com>
Date: Thu, 3 Nov 2016 18:16:42 +0300
Message-ID: <CAA91j0Ubz1xphVaO-8kTCEw3dVDLUSst+gHrY=6jcKRYQtOfww@mail.gmail.com>
Subject: Re: Patch: Allow Ext4 partitions with encrypted directories.
To: Samee Zahur <szahur@google.com>
Cc: bug-grub <bug-grub@gnu.org>,
	The development of GNU GRUB <grub-devel@gnu.org>
Content-Type: text/plain; charset=UTF-8
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2607:f8b0:400d:c09::231
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 15:16:58 -0000

On Wed, Nov 2, 2016 at 12:22 AM, Samee Zahur <szahur@google.com> wrote:
> Ext4 filesystem now allows users to choose directory trees to be stored
> encrypted. However, GRUB refuses to boot from such partitions, even if none
> of the boot-critical files are actually affected. The following patch fixes
> this. It was tested on the latest release version of ext4.
>
> Please let me know if more information is needed.
>
> diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
> index cdce63b..eca10e4 100644
> --- a/grub-core/fs/ext2.c
> +++ b/grub-core/fs/ext2.c
> @@ -2,6 +2,7 @@
>  /*
>   *  GRUB  --  GRand Unified Bootloader
>   *  Copyright (C) 2003,2004,2005,2007,2008,2009  Free Software Foundation,
> Inc.
> + *  Copyright (C) 2016 Google, Inc.
>   *

Hmm ... I had to sign contributor agreement that transfers copyright
to FSF. Not that I care personally but that may be problem ...

>   *  GRUB is free software: you can redistribute it and/or modify
>   *  it under the terms of the GNU General Public License as published by
> @@ -102,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
>  #define EXT4_FEATURE_INCOMPAT_64BIT            0x0080
>  #define EXT4_FEATURE_INCOMPAT_MMP              0x0100
>  #define EXT4_FEATURE_INCOMPAT_FLEX_BG          0x0200
> +#define EXT4_FEATURE_INCOMPAT_ENCRYPT          0x10000
>
>  /* The set of back-incompatible features this driver DOES support. Add (OR)
>   * flags here as the related features are implemented into the driver.  */
> @@ -120,9 +122,12 @@ GRUB_MOD_LICENSE ("GPLv3+");
>   * mmp:            Not really back-incompatible - was added as such to
>   *                 avoid multiple read-write mounts. Safe to ignore for
> this
>   *                 RO driver.
> + * encrypt:        We assume boot files are not encrypted (grub config,
> kernel,
> + *                 initramd etc.). If we are wrong, boot will fail as it
> should.
>   */

Do not assume users won't try to access something else.

>  #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
> -                                    | EXT4_FEATURE_INCOMPAT_MMP)
> +                                    | EXT4_FEATURE_INCOMPAT_MMP     \
> +                                    | EXT4_FEATURE_INCOMPAT_ENCRYPT)
>

And what happens when grub does see encrypted content? Returning
garbage is not an option here.

>
>  #define EXT3_JOURNAL_MAGIC_NUMBER      0xc03b3998U
>
>
> _______________________________________________
> Bug-grub mailing list
> Bug-grub@gnu.org
> https://lists.gnu.org/mailman/listinfo/bug-grub
>