Hi, while basic LUKS2 support is there already, there is currently no support yet for auto-detection of LUKS2 for of grub-probe, grub-install and companions. As a result, users have to manually configure GRUB to include required modules. This series is a first step towards auto-detection and implements probing support for LUKS2:
$ grub-probe -d /dev/mapper/luks2 -t cryptodisk_uuid
b2e7039b5dd0bdd4d476f4467c1f7168
Noticably missing is auto-detection of required cryptographic modules,
but this will require some refactoring of the cryptodisk code as the
current assumption is that there will be always exactly one cipher, KDF
and hash, which doesn't hold true for LUKS2. I'll thus do this as a
follow up at a later point.
The first two patches make sense on their own and are worthwhile to be
included in GRUB 2.06. The first one is an out-of-bounds read in LUKS
code, while the second one adjusts the internal UUID format of the
cryptodisk to match the dash-less format that we currently use for LUKS1
disks. As such, it breaks current configs using the dashed format, so
including it pre-2.06 would make sense from my point of view.
The latter two patches are required to implement probing. I'm fine with
deferring them until after 2.06.
@Daniel: please let me know if you want me to split up this series into
two. I didn't think it necessary as you can just apply the first two
patches separately.
Patrick
Patrick Steinhardt (4):
luks: fix out-of-bounds copy of UUID
luks2: strip dashes off of the UUID
luks2: set up dummy sector size during scan
osdep: detect LUKS2-encrypted devices
grub-core/disk/luks.c | 2 +-
grub-core/disk/luks2.c | 21 ++++++++++++++++++---
grub-core/osdep/devmapper/getroot.c | 23 +++++++++++++++++++++--
include/grub/emu/getroot.h | 1 +
util/getroot.c | 1 +
5 files changed, 42 insertions(+), 6 deletions(-)
--
2.26.2
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
