luks2_get_keyslot can fail for a variety of reasons that do not neccesarily
mean the next keyslot should not be tried (eg. a new kdf type). So always
try the next slot. This will make GRUB more resilient to non-spec json data
that 3rd party systems may add. We do not care if some of the keyslots are
unusable, only if there is at least one that is.
Signed-off-by: Glenn Washburn <developm...@efficientek.com>
---
grub-core/disk/luks2.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index bf741d70f..d8d3180ed 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -610,7 +610,15 @@ luks2_recover_key (grub_disk_t source,
grub_errno = GRUB_ERR_NONE;
ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, json_idx);
if (ret)
- goto err;
+ {
+ /*
+ * luks2_get_keyslot can fail for a variety of reasons that do not
+ * neccesarily mean the next keyslot should not be tried (eg. a new
+ * kdf type). So always try the next slot.
+ */
+ grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_T
"\n", keyslot.idx);
+ continue;
+ }
if (grub_errno != GRUB_ERR_NONE)
grub_dprintf ("luks2", "Ignoring unhandled error %d from
luks2_get_keyslot\n", grub_errno);
--
2.34.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
