Re: Patch: Allow Ext4 partitions with encrypted directories.

Andrei Borzenkov Thu, 03 Nov 2016 08:17:42 -0700

On Wed, Nov 2, 2016 at 12:22 AM, Samee Zahur <sza...@google.com> wrote:
> Ext4 filesystem now allows users to choose directory trees to be stored
> encrypted. However, GRUB refuses to boot from such partitions, even if none
> of the boot-critical files are actually affected. The following patch fixes
> this. It was tested on the latest release version of ext4.
>
> Please let me know if more information is needed.
>
> diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
> index cdce63b..eca10e4 100644
> --- a/grub-core/fs/ext2.c
> +++ b/grub-core/fs/ext2.c
> @@ -2,6 +2,7 @@
>  /*
>   *  GRUB  --  GRand Unified Bootloader
>   *  Copyright (C) 2003,2004,2005,2007,2008,2009  Free Software Foundation,
> Inc.
> + *  Copyright (C) 2016 Google, Inc.
>   *


Hmm ... I had to sign contributor agreement that transfers copyright
to FSF. Not that I care personally but that may be problem ...

>   *  GRUB is free software: you can redistribute it and/or modify
>   *  it under the terms of the GNU General Public License as published by
> @@ -102,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
>  #define EXT4_FEATURE_INCOMPAT_64BIT            0x0080
>  #define EXT4_FEATURE_INCOMPAT_MMP              0x0100
>  #define EXT4_FEATURE_INCOMPAT_FLEX_BG          0x0200
> +#define EXT4_FEATURE_INCOMPAT_ENCRYPT          0x10000
>
>  /* The set of back-incompatible features this driver DOES support. Add (OR)
>   * flags here as the related features are implemented into the driver.  */
> @@ -120,9 +122,12 @@ GRUB_MOD_LICENSE ("GPLv3+");
>   * mmp:            Not really back-incompatible - was added as such to
>   *                 avoid multiple read-write mounts. Safe to ignore for
> this
>   *                 RO driver.
> + * encrypt:        We assume boot files are not encrypted (grub config,
> kernel,
> + *                 initramd etc.). If we are wrong, boot will fail as it
> should.
>   */

Do not assume users won't try to access something else.

>  #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
> -                                    | EXT4_FEATURE_INCOMPAT_MMP)
> +                                    | EXT4_FEATURE_INCOMPAT_MMP     \
> +                                    | EXT4_FEATURE_INCOMPAT_ENCRYPT)
>

And what happens when grub does see encrypted content? Returning
garbage is not an option here.

>
>  #define EXT3_JOURNAL_MAGIC_NUMBER      0xc03b3998U
>
>
> _______________________________________________
> Bug-grub mailing list
> bug-g...@gnu.org
> https://lists.gnu.org/mailman/listinfo/bug-grub
>

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: Patch: Allow Ext4 partitions with encrypted directories.

Reply via email to