While support for LUKS2 has landed already, grub-install(1) doesn't yet detect it as an installation target. Users of grub-install(1) may thus end up with a bootloader that cannot read the encrypted disk, rendering it unusable.
As a first step towards auto-detection, this patch implements detection
for device-mappers LUKS2 signature. As it's mostly similar to LUKS'
original signature except for the incremented version number, detection
mostly echoes what we have for LUKS already.
Note that this doesn't yet implement auto-detection of required
cryptographic modules. This is due to some limitations in the current
implementation, where the assumption is that there's exactly one
encrypted segment and KDF for a given crypto disk. Existing
implementations for LUKS and Geli thus set up ciphers, hashes and KDFs
during the scanning phase, which isn't possible for LUKS2 as there may
be multiple ones. As a result, auto-detecting required modules will
require additional refactoring and is thus postponed to a later point.
Signed-off-by: Patrick Steinhardt <p...@pks.im>
---
grub-core/osdep/devmapper/getroot.c | 23 +++++++++++++++++++++--
include/grub/emu/getroot.h | 1 +
util/getroot.c | 1 +
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/grub-core/osdep/devmapper/getroot.c
b/grub-core/osdep/devmapper/getroot.c
index a13a39c96..74401fd5a 100644
--- a/grub-core/osdep/devmapper/getroot.c
+++ b/grub-core/osdep/devmapper/getroot.c
@@ -148,6 +148,11 @@ grub_util_get_dm_abstraction (const char *os_dev)
grub_free (uuid);
return GRUB_DEV_ABSTRACTION_LUKS;
}
+ if (strncmp (uuid, "CRYPT-LUKS2-", 12) == 0)
+ {
+ grub_free (uuid);
+ return GRUB_DEV_ABSTRACTION_LUKS2;
+ }
grub_free (uuid);
return GRUB_DEV_ABSTRACTION_NONE;
@@ -184,8 +189,9 @@ grub_util_pull_devmapper (const char *os_dev)
grub_util_pull_device (subdev);
}
}
- if (uuid && strncmp (uuid, "CRYPT-LUKS1-", sizeof ("CRYPT-LUKS1-") - 1) == 0
- && lastsubdev)
+ if (uuid && lastsubdev
+ && (strncmp (uuid, "CRYPT-LUKS1-", sizeof ("CRYPT-LUKS1-") - 1) == 0
+ || strncmp (uuid, "CRYPT-LUKS2-", sizeof ("CRYPT-LUKS2-") - 1) == 0))
{
char *grdev = grub_util_get_grub_dev (lastsubdev);
dm_tree_free (tree);
@@ -267,6 +273,19 @@ grub_util_get_devmapper_grub_dev (const char *os_dev)
return grub_dev;
}
+ case GRUB_DEV_ABSTRACTION_LUKS2:
+ {
+ char *dash;
+
+ dash = grub_strchr (uuid + sizeof ("CRYPT-LUKS2-") - 1, '-');
+ if (dash)
+ *dash = 0;
+ grub_dev = grub_xasprintf ("cryptouuid/%s",
+ uuid + sizeof ("CRYPT-LUKS2-") - 1);
+ grub_free (uuid);
+ return grub_dev;
+ }
+
default:
grub_free (uuid);
return NULL;
diff --git a/include/grub/emu/getroot.h b/include/grub/emu/getroot.h
index 73fa2d34a..be3faf500 100644
--- a/include/grub/emu/getroot.h
+++ b/include/grub/emu/getroot.h
@@ -30,6 +30,7 @@ enum grub_dev_abstraction_types {
GRUB_DEV_ABSTRACTION_LVM,
GRUB_DEV_ABSTRACTION_RAID,
GRUB_DEV_ABSTRACTION_LUKS,
+ GRUB_DEV_ABSTRACTION_LUKS2,
GRUB_DEV_ABSTRACTION_GELI,
};
diff --git a/util/getroot.c b/util/getroot.c
index 847406fba..07ad92317 100644
--- a/util/getroot.c
+++ b/util/getroot.c
@@ -101,6 +101,7 @@ grub_util_pull_device (const char *os_dev)
grub_util_pull_lvm_by_command (os_dev);
/* Fallthrough - in case that lvm-tools are unavailable. */
case GRUB_DEV_ABSTRACTION_LUKS:
+ case GRUB_DEV_ABSTRACTION_LUKS2:
grub_util_pull_devmapper (os_dev);
return;
--
2.26.2
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
