While we already set up error messages in both `luks2_verify_key()` and `luks2_decrypt_key()`, we do not ever print them. This makes it really hard to discover why a given key actually failed to decrypt a disk.
Improve this by including the error message in the user-visible output.
Signed-off-by: Patrick Steinhardt <p...@pks.im>
---
grub-core/disk/luks2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 5f15a4d2c..26e1126b1 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -612,14 +612,16 @@ luks2_recover_key (grub_disk_t disk,
(const grub_uint8_t *) passphrase, grub_strlen
(passphrase));
if (ret)
{
- grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE"
failed\n", i);
+ grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE"
failed: %s\n",
+ i, grub_errmsg);
continue;
}
ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
if (ret)
{
- grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE"\n",
i);
+ grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE":
%s\n",
+ i, grub_errmsg);
continue;
}
--
2.28.0
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
