[PATCH v18 21/25] cryptodisk: Fallback to passphrase

Fri, 28 Jun 2024 01:22:02 -0700 

From: Patrick Colp <patrick.c...@oracle.com>

If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
proceeding with the passphrase.

Signed-off-by: Patrick Colp <patrick.c...@oracle.com>
Signed-off-by: Gary Lin <g...@suse.com>
Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
---
 grub-core/disk/cryptodisk.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 6f7394942..1a994d935 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1167,6 +1167,10 @@ grub_cryptodisk_scan_device_real (const char *name,
          ret = cr->recover_key (source, dev, cargs);
          if (ret != GRUB_ERR_NONE)
            {
+             /* Reset key data to trigger the passphrase prompt later */
+             cargs->key_data = NULL;
+             cargs->key_len = 0;
+
              part = grub_partition_get_name (source->partition);
              grub_dprintf ("cryptodisk",
                            "recovered a key from key protector %s but it "
@@ -1192,7 +1196,6 @@ grub_cryptodisk_scan_device_real (const char *name,
                  source->name, source->partition != NULL ? "," : "",
                  part != NULL ? part : N_("UNKNOWN"), dev->uuid);
       grub_free (part);
-      goto error;
     }
 
   if (cargs->key_len)
@@ -1207,6 +1210,18 @@ grub_cryptodisk_scan_device_real (const char *name,
       unsigned long tries = 3;
       const char *tries_env;
 
+      /*
+       * Print the error from key protectors and clear grub_errno.
+       * Since '--protector' doesn't not coexist with '--password' and
+       * '--key-file', only "cargs->key_len == 0" is expected if all
+       * key protectors fail.
+       */
+      if (grub_errno)
+       {
+         grub_print_error ();
+         grub_errno = GRUB_ERR_NONE;
+       }
+
       askpass = 1;
       cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
       if (cargs->key_data == NULL)
-- 
2.35.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to