Re: [PATCH] Test command
BTW, I think you can simplify test_parse. For example, you write "if (*argn +
2 < argc ...)" many times, but it should be possible to test this condition
only once per loop.
Optimised. Perhaps compiler optimised this anyway but it made code more
readable
Regards,
Okuji
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
--
Regards
Vladimir 'phcoder' Serbinenko
diff --git a/commands/test.c b/commands/test.c
index a9c8281..8a15d39 100644
--- a/commands/test.c
+++ b/commands/test.c
@@ -21,33 +21,390 @@
#include
#include
#include
+#include
+#include
+#include
#include
+/* A simple implementation for signed numbers. */
+static int
+grub_strtosl (char *arg, char **end, int base)
+{
+ if (arg[0] == '-')
+return -grub_strtoul (arg + 1, end, base);
+ return grub_strtoul (arg, end, base);
+}
+
+/* Parse a test expression startion from *argn. */
+static int
+test_parse (char **args, int *argn, int argc)
+{
+ int ret = 0, discard = 0, invert = 0;
+ int file_exists;
+ struct grub_dirhook_info file_info;
+
+ auto void update_val (int val);
+ auto void get_fileinfo (char *pathname);
+
+ /* Take care of discarding and inverting. */
+ void update_val (int val)
+ {
+if (! discard)
+ ret = invert ? ! val : val;
+invert = discard = 0;
+ }
+
+ /* Check if file exists and fetch its information. */
+ void get_fileinfo (char *pathname)
+ {
+char *filename, *path;
+char *device_name;
+grub_fs_t fs;
+grub_device_t dev;
+
+/* A hook for iterating directories. */
+auto int find_file (const char *cur_filename,
+ struct grub_dirhook_info info);
+int find_file (const char *cur_filename, struct grub_dirhook_info info)
+{
+ if ((info.case_insensitive ? grub_strcasecmp (cur_filename, filename)
+ : grub_strcmp (cur_filename, filename)) == 0)
+ {
+ file_info = info;
+ file_exists = 1;
+ return 1;
+ }
+ return 0;
+}
+
+file_exists = 0;
+device_name = grub_file_get_device_name (pathname);
+dev = grub_device_open (device_name);
+if (! dev)
+ {
+ grub_free (device_name);
+ return;
+ }
+
+fs = grub_fs_probe (dev);
+path = grub_strchr (pathname, ')');
+if (! path)
+ path = pathname;
+else
+ path++;
+
+/* Remove trailing '/'. */
+while (*pathname && pathname[grub_strlen (pathname) - 1] == '/')
+ pathname[grub_strlen (pathname) - 1] = 0;
+
+/* Split into path and filename. */
+filename = grub_strrchr (pathname, '/');
+if (! filename)
+ {
+ path = grub_strdup ("/");
+ filename = pathname;
+ }
+else
+ {
+ filename++;
+ path = grub_strdup (pathname);
+ path[filename - pathname] = 0;
+ }
+
+/* It's the whole device. */
+if (! *pathname)
+ {
+ file_exists = 1;
+ grub_memset (&file_info, 0, sizeof (file_info));
+ /* Root is always a directory. */
+ file_info.dir = 1;
+
+ /* Fetch writing time. */
+ file_info.mtimeset = 0;
+ if (fs->mtime)
+ {
+ if (! fs->mtime (dev, &file_info.mtime))
+ file_info.mtimeset = 1;
+ grub_errno = GRUB_ERR_NONE;
+ }
+ }
+else
+ (fs->dir) (dev, path, find_file);
+
+grub_device_close (dev);
+grub_free (path);
+grub_free (device_name);
+ }
+
+ /* Here we have the real parsing. */
+ while (*argn < argc)
+{
+ /* First try 3 argument tests. */
+ if (*argn + 2 < argc)
+ {
+ /* String tests. */
+ if (grub_strcmp (args[*argn + 1], "=") == 0
+ || grub_strcmp (args[*argn + 1], "==") == 0)
+ {
+ update_val (grub_strcmp (args[*argn], args[*argn + 2]) == 0);
+ (*argn) += 3;
+ continue;
+ }
+
+ if (grub_strcmp (args[*argn + 1], "!=") == 0)
+ {
+ update_val (grub_strcmp (args[*argn], args[*argn + 2]) != 0);
+ (*argn) += 3;
+ continue;
+ }
+
+ /* GRUB extension: lexicographical sorting. */
+ if (grub_strcmp (args[*argn + 1], "<") == 0)
+ {
+ update_val (grub_strcmp (args[*argn], args[*argn + 2]) < 0);
+ (*argn) += 3;
+ continue;
+ }
+
+ if (grub_strcmp (args[*argn + 1], "<=") == 0)
+ {
+ update_val (grub_strcmp (args[*argn], args[*argn + 2]) <= 0);
+ (*argn) += 3;
+ continue;
+ }
+
+ if (grub_strcmp (args[*argn + 1], ">") == 0)
+ {
+ update_val (grub_strcmp (args[*argn], args[*argn + 2]) > 0);
+ (*argn) += 3;
+ continue;
+ }
+
+ if (grub_strcmp (args[*argn + 1], ">=") == 0)
+ {
+ update_val (grub_strcmp (args[*argn], args[*argn + 2]) >= 0);
+ (*argn) += 3;
+ continue;
+ }
+
+ /* Number tests. */
+ if (grub_strcmp (args[*argn + 1], "-eq") == 0)
+ {
+ update_val (grub_strtosl (args[*argn], 0, 0)
+ == grub_strtosl (args[*argn + 2], 0, 0));
+ (*argn) += 3;
+ continue;
+ }
+
+ if (grub_strcmp (args[*argn + 1], "-ge") == 0)
+ {
+ update_val
Re: truecrypt support in grub ?
On Wed, 15 Apr 2009 18:25:27 +0200 phcoder wrote: > Michael Gorven has already implemented LUKS support for grub2. ^ really nice to know. But does it still required /boot partition as un-encrypted ? >Using > truecrypt with linux partitions is a bad idea - this encryption isn't > native to it in any way and also truecrypt is under GPL-incompatible > licence which means it's unlikely to be incorporated to grub (you > need to figure out the on-disk layout of truecrypt and then > reimplement it from scratch (but you can reuse ciphers from luks > implementation)). If all you want is boot windows installed on > truecrypt partition then the best way is to chainload truecrypt > booter. I haven't yet looked in it myself but it seems that truecrypt > booter uses mbr gap too which conflicts with grub. However it can be > workarounded by dumping contents of mbr gap created by truecrypt and > replicating the action of tc-mbr (can't be difficult) eagerly waiting to see that grub2 support that Thanks > J. Bakshi wrote: > > Hello list, > > > > GRUB2 is a robust boot loader. Is it possible to have truecrypt > > encryption support dirctly in GRUB2 ? Then we can have truecrypt > > encrypted partition with linux installed and GRUB2 just decrypt it > > and load the kernel. > > > > Thanks > > > > > > ___ > > Grub-devel mailing list > > Grub-devel@gnu.org > > http://lists.gnu.org/mailman/listinfo/grub-devel > > ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
Re: truecrypt support in grub ?
J. Bakshi wrote: On Wed, 15 Apr 2009 18:25:27 +0200 phcoder wrote: Michael Gorven has already implemented LUKS support for grub2. ^ really nice to know. But does it still required /boot partition as un-encrypted ? It's already able to load kernels from encrypted partition. For the moment it's too big to fit to mbr gap but in perspective it could be squeezed enough. Then you don't need unencrypted partitions at all. For now if you want to do this you need to leave some space before the first partition. Be aware that even if such configuration is nice it doesn't increase security in any way. The easiest attack is to replace grub with a recompiled grub which additionally writes password somewhere on the disk Using truecrypt with linux partitions is a bad idea - this encryption isn't native to it in any way and also truecrypt is under GPL-incompatible licence which means it's unlikely to be incorporated to grub (you need to figure out the on-disk layout of truecrypt and then reimplement it from scratch (but you can reuse ciphers from luks implementation)). If all you want is boot windows installed on truecrypt partition then the best way is to chainload truecrypt booter. I haven't yet looked in it myself but it seems that truecrypt booter uses mbr gap too which conflicts with grub. However it can be workarounded by dumping contents of mbr gap created by truecrypt and replicating the action of tc-mbr (can't be difficult) eagerly waiting to see that grub2 support that Why don't you help us with that? Install truecrypt, dump mbr and mbr gap. Disassemble mbr and send an explanation of what it does in plain english here Thanks J. Bakshi wrote: Hello list, GRUB2 is a robust boot loader. Is it possible to have truecrypt encryption support dirctly in GRUB2 ? Then we can have truecrypt encrypted partition with linux installed and GRUB2 just decrypt it and load the kernel. Thanks ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel -- Regards Vladimir 'phcoder' Serbinenko ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
Re: truecrypt support in grub ?
On Thursday 16 April 2009 18:27:33 phcoder wrote: > Why don't you help us with that? Install truecrypt, dump mbr and mbr > gap. Disassemble mbr and send an explanation of what it does in plain > english here There seems to be a decent specification[1] of the TrueCrypt format on their website. It would probably need an additional hash (Whirlpool) and cipher modes (XTS and LRW). Michael [1] http://www.truecrypt.org/docs/technical-details -- http://michael.gorven.za.net PGP Key ID 6612FE85 S/MIME Key ID AAF09E0E signature.asc Description: This is a digitally signed message part. ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
Re: truecrypt support in grub ?
Is there any info about the truecrypt booting process too? This is more important than being able to read truecrypted files because I don't think that anyone wants to boot linux from truecrypt when luks is faster, better integrated and provides similar set of features I don't see it on the link you provided. Whirlpool is based on tweaked rijndael which is already a part of your patch. And LRW and xts are used (and recommended) for luks too. Michael Gorven wrote: On Thursday 16 April 2009 18:27:33 phcoder wrote: Why don't you help us with that? Install truecrypt, dump mbr and mbr gap. Disassemble mbr and send an explanation of what it does in plain english here There seems to be a decent specification[1] of the TrueCrypt format on their website. It would probably need an additional hash (Whirlpool) and cipher modes (XTS and LRW). Michael [1] http://www.truecrypt.org/docs/technical-details ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel -- Regards Vladimir 'phcoder' Serbinenko ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
Re: truecrypt support in grub ?
Correct. Stronger encryption is offered by loop-aes [1], and it also has a simper on-disk format. The main problem an encryption solution should address is where the keys are stored. A password only based encryption is considered weak. Placing the keys on external media, such as USB Mass storage device is better, protecting the key on the USB Mass storage device is even better. Placing keys on cryptographic hardware is almost the best solution... The best solution is to have a cryptographic device with no extractable keys on the SATA/IDE bus... The main problem is that to support all these sequences and devices in a boot loader is somewhat difficult. I use decrypted boot partition with loop-aes and cryptographic hardware [2]. When the Linux kexec method will be actually usable, I may consider to kexec a kernel within the encrypted partition. The problem is how to guarantee a clean hand-over. Alon [1] http://loop-aes.sourceforge.net/ [2] http://wiki.tuxonice.net/EncryptedSwapAndRoot On 4/16/09, phcoder wrote: > Is there any info about the truecrypt booting process too? This is more > important than being able to read truecrypted files because I don't think > that anyone wants to boot linux from truecrypt when luks is faster, better > integrated and provides similar set of features > I don't see it on the link you provided. Whirlpool is based on tweaked > rijndael which is already a part of your patch. And LRW and xts are used > (and recommended) for luks too. > Michael Gorven wrote: > > > On Thursday 16 April 2009 18:27:33 phcoder wrote: > > > > > Why don't you help us with that? Install truecrypt, dump mbr and mbr > > > gap. Disassemble mbr and send an explanation of what it does in plain > > > english here > > > > > > > There seems to be a decent specification[1] of the TrueCrypt format on > their website. It would probably need an additional hash (Whirlpool) and > cipher modes (XTS and LRW). > > > > Michael > > > > [1] http://www.truecrypt.org/docs/technical-details > > > > > > > > > > > > > ___ > > Grub-devel mailing list > > Grub-devel@gnu.org > > http://lists.gnu.org/mailman/listinfo/grub-devel > > > > > -- > > Regards > Vladimir 'phcoder' Serbinenko > > > ___ > Grub-devel mailing list > Grub-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/grub-devel > ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
