Hi, as you probably know, the cryptsetup project has introduced a new format LUKS2 in 2017 which is incompatible with the previous format. GRUB is thus currently not able to boot from disks encrypted with the newer format.
Both formats do in fact differ quite a lot. While the old one used a single binary header, LUKS2 one uses a binary header to identify a JSON header that contains all encryption parameters. The intent of the cryptsetup project is to be more flexible than they have previously been with the binary header, but that also required me to pull in a JSON parser. I hope to have found one that doesn't generate too much controversy, but let's see. Anyway. This patch set implements support for key derival via PBKDF2, only. LUKS2 has also introduced the Argon2i/Argon2id KDFs, but as libgcrypt does not currently support these I've decided to first go the simple route of adding PBKDF2, only. GRUB could probably pull in Argon2i as another dependency, but I focussed on getting basic support for LUKS2 ready first. So the result is a new module "luks2" that is able to decrypt and read LUKS2-encrypted partitions that use PBKDF2 as KDF. Regards Patrick Patrick Steinhardt (6): jsmn: Add JSON parser jsmn: Add convenience functions bootstrap: Add gnulib's base64 module afsplitter: Move into its own module luks: Move configuration of ciphers into cryptodisk disk: Implement support for LUKS2 Makefile.util.def | 1 + bootstrap.conf | 3 +- conf/Makefile.extra-dist | 1 + docs/grub.texi | 2 +- grub-core/Makefile.core.def | 14 +- grub-core/disk/AFSplitter.c | 3 + grub-core/disk/cryptodisk.c | 163 ++++- grub-core/disk/luks.c | 188 +---- grub-core/disk/luks2.c | 685 ++++++++++++++++++ grub-core/lib/gnulib-patches/fix-base64.patch | 26 + include/grub/cryptodisk.h | 3 + include/grub/jsmn.h | 579 +++++++++++++++ 12 files changed, 1491 insertions(+), 177 deletions(-) create mode 100644 grub-core/disk/luks2.c create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch create mode 100644 include/grub/jsmn.h -- 2.23.0 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
