On Fri, Feb 2, 2024 at 9:10 AM Daniel Kiper <dki...@net-space.pl> wrote: > > On Tue, Jan 30, 2024 at 10:18:20AM -0500, Nikolaos Chatzikonstantinou wrote: > > I want to share a small update: > > > > I'm reading the GRUB source code for the memory manager to get a bit > > acclimated. I was surprised to see libgcrypt depend on <stdio.h>. > > Hmmm... > > > Asking around, the monocypher library was brought to my attention, > > <https://monocypher.org/>. No external dependencies, the license is > > compatible, just two files monocypher.c and .h that can be bundled, > > supports argon2, and it's already used by some bootloaders/firmware > > (ArduPilot Project, Joulescope). It is however written in pure C99; it > > seems to me that it supports architectures that a C99 compiler can > > target. > > > > While the goal of upgrading libgcrypt is noble, it is a bit scary as > > libgcrypt seems difficult to navigate for me, the import_gcry.py > > script also being hard to read. So I have the following questions: > > > > 1) What are the cryptographic requirements of GRUB? I.e. which > > features and algorithms does GRUB require right now? > > 2) Can we include monocypher just for the purpose of unlocking > > argon2-configured luks2 partitions? > > 3) Is it of interest to replace libgcrypt entirely (if possible, with > > monocypher e.g.?) > > If this change will not break (much) currently existing features and > simplify the code I am OK with doing this experiment. > > > If the best plan to go ahead with is to upgrade libgcrypt, as I've > > said before, it would be good to know the version currently bundled > > with GRUB (I'm just reiterating this point.) But from my viewpoint, > > Let me poke Vladimir once again... > > > libgcrypt is a userland library with a wide range of features; perhaps > > not the most appropriate for a bootloader. I'm wondering if the > > reasons that led to choosing libgcrypt in the past for GRUB can be > > reevaluated now that there are more options for cryptographic > > libraries. > > As I said above, I am OK with reevaluating current libgcrypt approach.
Ping on this; Vladimir if you are busy that is ok, just give me a later date and I can ping you later. You said something about the end of the week, so I keep thinking about this... But for me it's not urgent. If you want to respond in 2 months, that's fine too, but just let me know so that I can put it past me for now. Regards, Nikolaos Chatzikonstantinou _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
