From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1c3HZJ-0002W9-DH
	for mharc-grub-devel@gnu.org; Sun, 06 Nov 2016 02:08:41 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37604)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1c3HZH-0002W3-Ge
	for grub-devel@gnu.org; Sun, 06 Nov 2016 02:08:40 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1c3HZC-00038R-HM
	for grub-devel@gnu.org; Sun, 06 Nov 2016 02:08:39 -0500
Received: from mail-lf0-x244.google.com ([2a00:1450:4010:c07::244]:35720)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <arvidjaar@gmail.com>)
	id 1c3HZC-00037o-8o; Sun, 06 Nov 2016 02:08:34 -0500
Received: by mail-lf0-x244.google.com with SMTP id p100so7183898lfg.2;
	Sun, 06 Nov 2016 00:08:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=subject:to:references:cc:from:message-id:date:user-agent
	:mime-version:in-reply-to:content-transfer-encoding;
	bh=x5Q+gmwF+Rh/B0wvLFyiqILcw40GzuL22r8OmF61m0w=;
	b=SdXLsBEasj79eZJhqZWTObdKoATxER+nG3KpL6wf9np7g/4MVEg2SR3a4JjViQPSTI
	xbdNL0M4S6ne2zIJEvFX8/EdgyQcjSRI5QSbtQc+54mVXCPx8vdII0nnGpQ8X9t2K8Yw
	N46LtvshBxUjD3iou2vY8w2LWFp3+E7/lon4yDdGjKg2TMqTxdyY7/QZGHtkYINyU0iS
	9/NDefbyAgQGZ7c/jNJ8sg5ayHTmM4QioWo3GQa6N6yOIiAp0NN3Zo7fOyLwnenCXqo9
	C1+OrVMiTS0Nr0JbMzCe02qpaTPSiXUwowHeKwafoPhPA13IsLhuuhPQYGghcVCyhyFZ
	Kytg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:subject:to:references:cc:from:message-id:date
	:user-agent:mime-version:in-reply-to:content-transfer-encoding;
	bh=x5Q+gmwF+Rh/B0wvLFyiqILcw40GzuL22r8OmF61m0w=;
	b=Sd3VKg7+gm9CobFcRj6Ity6mxTQ1gXPShnPH6pZ1KP0+/6h0s8icOtDJE6lp8sgACL
	H9Y3M2Om6uQPBHRlyQ5jo8ip/dkYftw2ViblKkL46VB9UHx1UuKMA9VfvHrN7YtJ6XoI
	XzAqUOe3xzCaooMG/jjU5VieiYUCfzclP+Y5RkuBqSkdj9IciQcxZTefGzQRxNaVkGXG
	Gr+XSkWtnb+MNJc5RxU8u5NkyzcrnCaSbXDui8RcBBN5i1RucFfDTsNQdImQ04gTbS9s
	yTa8naNAaqwZIaIJpf6KLVjRgxAHUgabSWzeRYszyFtQC5wCWuVNPzfu163PxYLBRZ+c
	ICOw==
X-Gm-Message-State: ABUngvdN8KGhUT0uVRfYUGKeW+cLzJzpCNh2J2MsO95WWqyJTLgisG6gmMHdUmlehNgH8w==
X-Received: by 10.25.17.88 with SMTP id g85mr511587lfi.10.1478416112805;
	Sun, 06 Nov 2016 00:08:32 -0700 (PDT)
Received: from [192.168.1.44] (ppp109-252-90-55.pppoe.spdop.ru.
	[109.252.90.55]) by smtp.gmail.com with ESMTPSA id
	r20sm3872537lfr.19.2016.11.06.00.08.32
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 06 Nov 2016 00:08:32 -0700 (PDT)
Subject: Re: Patch: Allow Ext4 partitions with encrypted directories.
To: Samee Zahur <szahur@google.com>
References: <CAP=G5ieRUztQ=kaVg9oFOeAdqUvqgU=e8J7MJ1Si9QP1hGCThw@mail.gmail.com>
	<CAA91j0Ubz1xphVaO-8kTCEw3dVDLUSst+gHrY=6jcKRYQtOfww@mail.gmail.com>
	<CAP=G5icnk-kdsurFdP_5UcL5QNhr7SvWv0w7suG+j+mWvs9xSQ@mail.gmail.com>
Cc: bug-grub <bug-grub@gnu.org>,
	The development of GNU GRUB <grub-devel@gnu.org>
From: Andrei Borzenkov <arvidjaar@gmail.com>
Message-ID: <ff7f1fd9-f487-0909-ab23-b5b8a767851f@gmail.com>
Date: Sun, 6 Nov 2016 10:08:31 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CAP=G5icnk-kdsurFdP_5UcL5QNhr7SvWv0w7suG+j+mWvs9xSQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2a00:1450:4010:c07::244
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Nov 2016 07:08:40 -0000

03.11.2016 20:24, Samee Zahur пишет:
>> Hmm ... I had to sign contributor agreement that transfers copyright
>> to FSF. Not that I care personally but that may be problem ...
> 
> Yeah, I don't personally care either. If someone at FSF raises an issue, I
> can reach out to legal experts here. But this is not the first time Google
> (C) has been checked into GRUB. We patch FSF GNU code all the time.
> 
>> And what happens when grub does see encrypted content? Returning
>> garbage is not an option here.
> 
> Good question. The files simply won't be found. The filenames are also
> garbled, so GRUB won't find the files it's looking for.
> 

Do you mean that if grub tries to open this garbled name it succeeds? Is
it possible to detect that directory is encrypted? Then we should refuse
to access this directory with clear explanation.

> On Thu, Nov 3, 2016 at 8:16 AM, Andrei Borzenkov <arvidjaar@gmail.com>
> wrote:
> 
>> On Wed, Nov 2, 2016 at 12:22 AM, Samee Zahur <szahur@google.com> wrote:
>>> Ext4 filesystem now allows users to choose directory trees to be stored
>>> encrypted. However, GRUB refuses to boot from such partitions, even if
>> none
>>> of the boot-critical files are actually affected. The following patch
>> fixes
>>> this. It was tested on the latest release version of ext4.
>>>
>>> Please let me know if more information is needed.
>>>
>>> diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
>>> index cdce63b..eca10e4 100644
>>> --- a/grub-core/fs/ext2.c
>>> +++ b/grub-core/fs/ext2.c
>>> @@ -2,6 +2,7 @@
>>>  /*
>>>   *  GRUB  --  GRand Unified Bootloader
>>>   *  Copyright (C) 2003,2004,2005,2007,2008,2009  Free Software
>> Foundation,
>>> Inc.
>>> + *  Copyright (C) 2016 Google, Inc.
>>>   *
>>
>> Hmm ... I had to sign contributor agreement that transfers copyright
>> to FSF. Not that I care personally but that may be problem ...
>>
>>>   *  GRUB is free software: you can redistribute it and/or modify
>>>   *  it under the terms of the GNU General Public License as published by
>>> @@ -102,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
>>>  #define EXT4_FEATURE_INCOMPAT_64BIT            0x0080
>>>  #define EXT4_FEATURE_INCOMPAT_MMP              0x0100
>>>  #define EXT4_FEATURE_INCOMPAT_FLEX_BG          0x0200
>>> +#define EXT4_FEATURE_INCOMPAT_ENCRYPT          0x10000
>>>
>>>  /* The set of back-incompatible features this driver DOES support. Add
>> (OR)
>>>   * flags here as the related features are implemented into the driver.
>> */
>>> @@ -120,9 +122,12 @@ GRUB_MOD_LICENSE ("GPLv3+");
>>>   * mmp:            Not really back-incompatible - was added as such to
>>>   *                 avoid multiple read-write mounts. Safe to ignore for
>>> this
>>>   *                 RO driver.
>>> + * encrypt:        We assume boot files are not encrypted (grub config,
>>> kernel,
>>> + *                 initramd etc.). If we are wrong, boot will fail as it
>>> should.
>>>   */
>>
>> Do not assume users won't try to access something else.
>>
>>>  #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
>>> -                                    | EXT4_FEATURE_INCOMPAT_MMP)
>>> +                                    | EXT4_FEATURE_INCOMPAT_MMP     \
>>> +                                    | EXT4_FEATURE_INCOMPAT_ENCRYPT)
>>>
>>
>> And what happens when grub does see encrypted content? Returning
>> garbage is not an option here.
>>
>>>
>>>  #define EXT3_JOURNAL_MAGIC_NUMBER      0xc03b3998U
>>>
>>>
>>> _______________________________________________
>>> Bug-grub mailing list
>>> Bug-grub@gnu.org
>>> https://lists.gnu.org/mailman/listinfo/bug-grub
>>>
>>
>