On Sat, 30 Jul 2022 11:54:32 +0200 (CEST) brutser--- via Grub-devel <grub-devel@gnu.org> wrote:
> Glenn, > > > > As I had no idea how to get the debug logs from qemu, I made screenshots, > find them attached. As this is probably something I am doing wrong, I hope it > shows from the logs. > > https://imgur.com/a/rAlfZ77 Getting the output to go to serial depends on the target. For i386 using seabios, use "-fw_cfg name=etc/sercon-port,string=0 -serial stdio". Unfortunately, I'm now seeing that there are no debug log messages in the luks2 module that would be shown in this case. How about putting the line 'grub_dprintf("entering luks_scan");' at the start of the function luks2_scan in grub-core/disk/luks2.c and then recompiling and getting the output? Glenn > > Van: Glenn Washburn <developm...@efficientek.com> > Aan: brut...@perso.be > Onderwerp: Re: [PATCH v3 0/3] Cryptomount detached headers > Datum: 29/07/2022 21:27:48 Europe/Paris > Cc: grub-devel@gnu.org; > dki...@net-space.pl; > p...@pks.im > > On Fri, 29 Jul 2022 20:56:18 +0200 (CEST) > brut...@perso.be wrote: > > > > > testing detached header failed: > > > > > > > > 1. built grub payload with following modules: ahci usb_keyboard part_msdos > > part_gpt at_keyboard cbfs cryptodisk luks2 lvm gcry_rijndael gcry_sha1 > > gcry_sha256 gcry_sha512 > > > > 2. encrypt a partition: cryptsetup luksFormat --type luks2 -q -h sha512 -s > > 512 --pbkdf pbkdf2 --header /path/to/header --luks2-metadata-size=16k > > --luks2-keyslots-size=512k /dev/sda1 > > > > (where --luks2-metadata-size=16k --luks2-keyslots-size=512k is optional, > > this is just to minimize header size, but I also tested without). > > > > 3. from the grub cmd, i try to decrypt this partition using: cryptomount -H > > /path/to/header (ahci0,msdos1) > > > > > > > > 4. I also tried luks1 encryption with detached header. > > > > > > > > whatever I try, I always get the same error: > > > > "no cryptodisk module can handle this device" > > > > > > > > Is this feature not 100% implemented yet, I saw people already verifying > > the patches and would expect this to be working, so if yes, this seems like > > a bug. > > This feature should be working in all cases, and if not there may be a > bug. I responded to your off-list email before seeing this one. I'll > repeat what I said there and let's continue this discussion on the list. > > I see nothing obviously wrong with what you're doing, given the > information above. To further debug this, would you be able to send a > log of the serial output when the GRUB envvar debug is set to "all" > while running the cryptomount command? If so, please send compressed in > a reply to this email on the list. > > If you can't because of hardware issues, would you be able to replicate > this in QEMU and grab the serial output from there? If you can boot the > system via other means, you should be able to use the raw disks (the > one with the LUKS volume and the other with the filesystem containing > the header file). > > Glenn > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
