[PATCH v4 0/5] NVMeoFC support on Grub
This patch series adds support of NVMeoFC on grub. It consists of five patches. Patch 1/5 (0001-ieee1275-powerpc-implements-fibre-channel-discovery-.patch): grub-ofpathname doesn't work with fibre channel because there is no function currently implemented for it. This patch enables it by prividing a function that looks for the port name, building the entire path for OF devices. Patch 2/5(0002-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch): This patch enables the fcp-targets and fcp-luns methods which are responsible to get WWPNs and LUNs for fibre channel devices. Those methods are specially necessary if the boot directory and grub installation are in different FCP disks, allowing the dev_iterate() to find the WWPNs and LUNs when called by searchfs.uuid tool. Patch 3/5(0003-change-partition-parser.patch): Usually grub will parse the PFW arguments by searching for the first occurence of the character ':'. However, we can have this char more than once on NQN. This patch changes the logic to find the last occurence of this char so we can get the proper values for NVMeoFC Patch 4/5(0004-ieee1275-add-support-for-NVMeoFC.patch): This patch implements the functions to scan and discovery of NVMeoFC. Patch 5/5(0005-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch): This patch add code to enable the translation of logical devices to the of NVMeoFC paths. Avnish Chouhan (4): ieee1275: implement FCP methods for WWPN and LUNs ieee1275: change the logic of ieee1275_get_devargs() ieee1275: add support for NVMeoFC ieee1275: ofpath enable NVMeoF logical device translate Diego Domingos (1): ieee1275/powerpc: implements fibre channel discovery for ofpathname grub-core/disk/ieee1275/ofdisk.c grub-core/kern/ieee1275/openfw.c grub-core/osdep/linux/ofpath.c include/grub/util/ofpath.h 4 files changed -- 2.31.1 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v4 1/5] ieee1275/powerpc: implements fibre channel discovery for ofpathname
grub-ofpathname doesn't work with fibre channel because there is no
function currently implemented for it.
This patch enables it by prividing a function that looks for the port
name, building the entire path for OF devices.
Signed-off-by: Diego Domingos
Signed-off-by: Avnish Chouhan
---
grub-core/osdep/linux/ofpath.c | 49 ++
1 file changed, 49 insertions(+)
diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c
index a6153d35954..0f5d54e9f2d 100644
--- a/grub-core/osdep/linux/ofpath.c
+++ b/grub-core/osdep/linux/ofpath.c
@@ -350,6 +350,38 @@ of_path_of_ide(const char *sys_devname
__attribute__((unused)), const char *devi
return ret;
}
+
+static void
+of_fc_port_name (const char *path, const char *subpath, char *port_name)
+{
+ char *bname, *basepath, *p;
+ int fd;
+
+ bname = xmalloc (sizeof (char) * 150);
+ basepath = xmalloc (strlen (path));
+
+ /* Generate the path to get port name information from the drive */
+ strncpy (basepath, path, subpath-path);
+ basepath[subpath-path - 1] = '\0';
+ p = get_basename (basepath);
+ snprintf (bname, sizeof (char) * 150, "%s/fc_transport/%s/port_name",
basepath, p);
+
+ /* Read the information from the port name */
+ fd = open (bname, O_RDONLY);
+ if (fd < 0)
+grub_util_error (_("cannot open `%s': %s"), bname, strerror (errno));
+
+ if (read (fd, port_name, sizeof (char) *19) < 0)
+grub_util_error (_("cannot read `%s': %s"), bname, strerror (errno));
+
+ sscanf (port_name, "0x%s", port_name);
+
+ close (fd);
+
+ free (bname);
+ free (basepath);
+}
+
#ifdef __sparc__
static char *
of_path_of_nvme(const char *sys_devname __attribute__((unused)),
@@ -577,6 +609,16 @@ of_path_of_scsi(const char *sys_devname
__attribute__((unused)), const char *dev
digit_string = trailing_digits (device);
if (strncmp (of_path, "/vdevice/", sizeof ("/vdevice/") - 1) == 0)
{
+ if (strstr (of_path, "vfc-client"))
+{
+ char * port_name = xmalloc (sizeof (char) * 17);
+ of_fc_port_name (sysfs_path, p, port_name);
+
+ snprintf (disk, sizeof (disk), "/%s@%s", disk_name, port_name);
+ free (port_name);
+}
+ else
+{
unsigned long id = 0x8000 | (tgt << 8) | (bus << 5) | lun;
if (*digit_string == '\0')
{
@@ -590,6 +632,13 @@ of_path_of_scsi(const char *sys_devname
__attribute__((unused)), const char *dev
snprintf(disk, sizeof (disk),
"/%s@%04lx:%c", disk_name, id, 'a' + (part - 1));
}
+ }
+} else if (strstr (of_path, "fibre-channel") || (strstr (of_path,
"vfc-client"))){
+char * port_name = xmalloc (sizeof (char) * 17);
+of_fc_port_name (sysfs_path, p, port_name);
+
+snprintf (disk, sizeof (disk), "/%s@%s", disk_name, port_name);
+free (port_name);
}
else
{
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v4 2/5] ieee1275: implement FCP methods for WWPN and LUNs
This patch enables the fcp-targets and fcp-luns methods which are
responsible to get WWPNs and LUNs for fibre channel devices.
Those methods are specially necessary if the boot directory and grub
installation are in different FCP disks, allowing the dev_iterate()
to find the WWPNs and LUNs when called by searchfs.uuid tool.
Signed-off-by: Diego Domingos
Signed-off-by: Avnish Chouhan
---
grub-core/disk/ieee1275/ofdisk.c | 111
++-
1 file changed, 110 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 5534684..5958e5e 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -209,7 +209,116 @@ dev_iterate_real (const char *name, const char *path)
static void
dev_iterate (const struct grub_ieee1275_devalias *alias)
{
- if (grub_strcmp (alias->type, "vscsi") == 0)
+ if (grub_strcmp (alias->type, "fcp") == 0)
+{
+ /*
+ * If we are dealing with fcp devices, we need
+ * to find the WWPNs and LUNs to iterate them
+ */
+ grub_ieee1275_ihandle_t ihandle;
+ grub_uint64_t *ptr_targets, *ptr_luns, k, l;
+ unsigned int i, j, pos;
+ char *buf, *bufptr;
+ struct set_fcp_targets_args
+ {
+struct grub_ieee1275_common_hdr common;
+grub_ieee1275_cell_t method;
+grub_ieee1275_cell_t ihandle;
+grub_ieee1275_cell_t catch_result;
+grub_ieee1275_cell_t nentries;
+grub_ieee1275_cell_t table;
+ } args_targets;
+
+ struct set_fcp_luns_args
+ {
+struct grub_ieee1275_common_hdr common;
+grub_ieee1275_cell_t method;
+grub_ieee1275_cell_t ihandle;
+grub_ieee1275_cell_t wwpn_h;
+grub_ieee1275_cell_t wwpn_l;
+grub_ieee1275_cell_t catch_result;
+grub_ieee1275_cell_t nentries;
+grub_ieee1275_cell_t table;
+ } args_luns;
+
+ struct args_ret
+ {
+grub_uint64_t addr;
+grub_uint64_t len;
+ };
+
+ if (grub_ieee1275_open (alias->path, &ihandle))
+{
+ grub_dprintf ("disk", "failed to open the disk while iterating FCP
disk path=%s\n", alias->path);
+ return;
+}
+
+ /* Setup the fcp-targets method to call via pfw*/
+ INIT_IEEE1275_COMMON (&args_targets.common, "call-method", 2, 3);
+ args_targets.method = (grub_ieee1275_cell_t) "fcp-targets";
+ args_targets.ihandle = ihandle;
+
+ /* Setup the fcp-luns method to call via pfw */
+ INIT_IEEE1275_COMMON (&args_luns.common, "call-method", 4, 3);
+ args_luns.method = (grub_ieee1275_cell_t) "fcp-luns";
+ args_luns.ihandle = ihandle;
+ if (IEEE1275_CALL_ENTRY_FN (&args_targets) == -1)
+{
+ grub_dprintf ("disk", "failed to get the targets while iterating FCP
disk path=%s\n", alias->path);
+ grub_ieee1275_close (ihandle);
+ return;
+}
+ buf = grub_malloc (grub_strlen (alias->path) + 32 + 32);
+ if (!buf)
+{
+ grub_ieee1275_close (ihandle);
+ return;
+}
+ bufptr = grub_stpcpy (buf, alias->path);
+
+ /*
+ * Iterate over entries returned by pfw. Each entry contains a
+ * pointer to wwpn table and his length.
+ */
+ struct args_ret *targets_table = (struct args_ret *)
(args_targets.table);
+ for (i = 0; i < args_targets.nentries; i++)
+{
+ ptr_targets = (grub_uint64_t*) targets_table[i].addr;
+ /* Iterate over all wwpns in given table */
+ for(k = 0; k < targets_table[i].len; k++)
+{
+ args_luns.wwpn_l = (grub_ieee1275_cell_t) (*ptr_targets);
+ args_luns.wwpn_h = (grub_ieee1275_cell_t) (*ptr_targets >> 32);
+ pos = grub_snprintf (bufptr, 32, "/disk@%" PRIxGRUB_UINT64_T,
+ grub_get_unaligned64 (*ptr_targets++));
+ /* Get the luns for given wwpn target */
+ if (IEEE1275_CALL_ENTRY_FN (&args_luns) == -1)
+{
+ grub_dprintf ("disk", "failed to get the LUNS while
iterating FCP disk path=%s\n", buf);
+ grub_ieee1275_close (ihandle);
+ grub_free (buf);
+ return;
+}
+ struct args_ret *luns_table = (struct args_ret *)
(args_luns.table);
+
+ /* Iterate over all LUNs */
+ for(j = 0; j < args_luns.nentries; j++)
+{
+ ptr_luns = (grub_uint64_t*) luns_table[j].addr;
+ for(l = 0; l < luns_table[j].len; l++)
+{
+ grub_snprintf (&bufptr[pos], 30, ",%" PRIxGRUB_UINT64_T,
+grub_get_unaligned64 (*ptr_luns++));
+ dev_iterate_real (buf, buf);
+}
+}
+}
+}
+ grub_ieee1275_c
[PATCH v4 3/5] ieee1275: change the logic of ieee1275_get_devargs()
Usually grub will parse the PFW arguments by searching for the first occurence
of the character ':'.
However, we can have this char more than once on NQN.
This patch changes the logic to find the last occurence of this char so we can
get the proper values
for NVMeoFC
Signed-off-by: Diego Domingos
Signed-off-by: Avnish Chouhan
---
grub-core/kern/ieee1275/openfw.c | 19 +--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/ieee1275/openfw.c b/grub-core/kern/ieee1275/openfw.c
index 0278054..b97104c 100644
--- a/grub-core/kern/ieee1275/openfw.c
+++ b/grub-core/kern/ieee1275/openfw.c
@@ -324,7 +324,7 @@ grub_claimmap (grub_addr_t addr, grub_size_t size)
static char *
grub_ieee1275_get_devargs (const char *path)
{
- char *colon = grub_strchr (path, ':');
+ char *colon = grub_strrchr (path, ':');
if (! colon)
return 0;
@@ -339,6 +339,21 @@ grub_ieee1275_get_devname (const char *path)
char *colon = grub_strchr (path, ':');
int pathlen = grub_strlen (path);
struct grub_ieee1275_devalias curalias;
+
+ /* Check some special cases */
+ if (grub_strstr (path, "nvme-of"))
+{
+ char *namespace_split = grub_strstr (path, "/namespace@");
+ if (namespace_split)
+{
+ colon = grub_strchr (namespace_split, ':');
+}
+ else
+{
+ colon = NULL;
+}
+}
+
if (colon)
pathlen = (int)(colon - path);
@@ -579,7 +594,7 @@ grub_ieee1275_get_boot_dev (void)
return NULL;
}
- bootpath = (char *) grub_malloc ((grub_size_t) bootpath_size + 64);
+ bootpath = (char *) grub_malloc ((grub_size_t) bootpath_size + 64 + 256);
if (! bootpath)
{
grub_print_error ();
--
2.31.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v4 4/5] ieee1275: add support for NVMeoFC
This patch implements the functions to scan and discovery of NVMeoFC.
Signed-off-by: Diego Domingos
Signed-off-by: Avnish Chouhan
---
grub-core/disk/ieee1275/ofdisk.c | 390
+--
1 file changed, 296 insertions(+), 94 deletions(-)
diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index afdc272..cea10e1 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -24,6 +24,8 @@
#include
#include
#include
+#define EXTEND_PATH_64 64
+#define EXTEND_PATH_512 512
static char *last_devpath;
static grub_ieee1275_ihandle_t last_ihandle;
@@ -207,116 +209,316 @@ dev_iterate_real (const char *name, const char *path)
}
static void
-dev_iterate (const struct grub_ieee1275_devalias *alias)
+dev_iterate_fcp_disks (const struct grub_ieee1275_devalias *alias)
{
- if (grub_strcmp (alias->type, "fcp") == 0)
+ /*
+ * If we are dealing with fcp devices, we need
+ * to find the WWPNs and LUNs to iterate them
+ */
+ grub_ieee1275_ihandle_t ihandle;
+ grub_uint64_t *ptr_targets, *ptr_luns, k, l;
+ unsigned int i, j, pos;
+ char *buf, *bufptr;
+ struct set_fcp_targets_args
+ {
+struct grub_ieee1275_common_hdr common;
+grub_ieee1275_cell_t method;
+grub_ieee1275_cell_t ihandle;
+grub_ieee1275_cell_t catch_result;
+grub_ieee1275_cell_t nentries;
+grub_ieee1275_cell_t table;
+ } args_targets;
+
+ struct set_fcp_luns_args
+ {
+struct grub_ieee1275_common_hdr common;
+grub_ieee1275_cell_t method;
+grub_ieee1275_cell_t ihandle;
+grub_ieee1275_cell_t wwpn_h;
+grub_ieee1275_cell_t wwpn_l;
+grub_ieee1275_cell_t catch_result;
+grub_ieee1275_cell_t nentries;
+grub_ieee1275_cell_t table;
+ } args_luns;
+
+ struct args_ret
+ {
+grub_uint64_t addr;
+grub_uint64_t len;
+ };
+ struct args_ret *targets_table;
+ struct args_ret *luns_table;
+
+ if (grub_ieee1275_open (alias->path, &ihandle))
{
- /*
- * If we are dealing with fcp devices, we need
- * to find the WWPNs and LUNs to iterate them
- */
- grub_ieee1275_ihandle_t ihandle;
- grub_uint64_t *ptr_targets, *ptr_luns, k, l;
- unsigned int i, j, pos;
- char *buf, *bufptr;
- struct set_fcp_targets_args
- {
-struct grub_ieee1275_common_hdr common;
-grub_ieee1275_cell_t method;
-grub_ieee1275_cell_t ihandle;
-grub_ieee1275_cell_t catch_result;
-grub_ieee1275_cell_t nentries;
-grub_ieee1275_cell_t table;
- } args_targets;
-
- struct set_fcp_luns_args
- {
-struct grub_ieee1275_common_hdr common;
-grub_ieee1275_cell_t method;
-grub_ieee1275_cell_t ihandle;
-grub_ieee1275_cell_t wwpn_h;
-grub_ieee1275_cell_t wwpn_l;
-grub_ieee1275_cell_t catch_result;
-grub_ieee1275_cell_t nentries;
-grub_ieee1275_cell_t table;
- } args_luns;
-
- struct args_ret
- {
-grub_uint64_t addr;
-grub_uint64_t len;
- };
+ grub_dprintf ("disk", "failed to open the disk while iterating FCP disk
path=%s\n", alias->path);
+ return;
+}
+
+ /* Setup the fcp-targets method to call via pfw*/
+ INIT_IEEE1275_COMMON (&args_targets.common, "call-method", 2, 3);
+ args_targets.method = (grub_ieee1275_cell_t) "fcp-targets";
+ args_targets.ihandle = ihandle;
- if (grub_ieee1275_open (alias->path, &ihandle))
+ /* Setup the fcp-luns method to call via pfw */
+ INIT_IEEE1275_COMMON (&args_luns.common, "call-method", 4, 3);
+ args_luns.method = (grub_ieee1275_cell_t) "fcp-luns";
+ args_luns.ihandle = ihandle;
+ if (IEEE1275_CALL_ENTRY_FN (&args_targets) == -1)
+{
+ grub_dprintf ("disk", "failed to get the targets while iterating FCP
disk path=%s\n", alias->path);
+ grub_ieee1275_close (ihandle);
+ return;
+}
+ /* Allocate memory for building the path */
+ buf = grub_malloc (grub_strlen (alias->path) + EXTEND_PATH_64);
+ if (!buf)
+{
+ grub_ieee1275_close (ihandle);
+ return;
+}
+ bufptr = grub_stpcpy (buf, alias->path);
+
+ /*
+ * Iterate over entries returned by pfw. Each entry contains a
+ * pointer to wwpn table and his length.
+ */
+ targets_table = (struct args_ret *) (args_targets.table);
+ for (i = 0; i < args_targets.nentries; i++)
+{
+ ptr_targets = (grub_uint64_t*) targets_table[i].addr;
+ /* Iterate over all wwpns in given table */
+ for (k = 0; k < targets_table[i].len; k++)
{
- grub_dprintf ("disk", "failed to open the disk while iterating FCP
disk path=%s\n", alias->path);
- return;
+ args_luns.wwpn_l = (grub_ieee1275_cell_t) (*ptr_targets);
+ args_luns.wwpn_h = (grub_ieee1275_cell_t) (*ptr_targets >> 32);
+ pos = grub_snprintf (bufptr, 32, "/disk@%" PRIxGRUB_UINT64_T,
+ grub_get_unaligned64 (*ptr_targets++));
+
[PATCH v4 5/5] ieee1275: ofpath enable NVMeoF logical device translate
This patch adds code to enable the translation of logical devices to the of
NVMeoFC paths.
Signed-off-by: Diego Domingos
Signed-off-by: Avnish Chouhan
---
grub-core/osdep/linux/ofpath.c | 371
+--
include/grub/util/ofpath.h | 28
2 files changed, 390 insertions(+), 9 deletions(-)
diff --git a/grub-core/osdep/linux/ofpath.c b/grub-core/osdep/linux/ofpath.c
index 0f5d54e..f0e7dcc 100644
--- a/grub-core/osdep/linux/ofpath.c
+++ b/grub-core/osdep/linux/ofpath.c
@@ -37,6 +37,7 @@
#include
#include
#include
+#include
#ifdef __sparc__
typedef enum
@@ -136,7 +137,7 @@ trim_newline (char *path)
*end-- = '\0';
}
-#define MAX_DISK_CAT64
+#define MAX_DISK_CAT512
static char *
find_obppath (const char *sysfs_path_orig)
@@ -312,6 +313,91 @@ get_basename(char *p)
return ret;
}
+int
+add_filename_to_pile (char *filename, struct ofpath_files_list_root* root)
+{
+ struct ofpath_files_list_node* file;
+
+ file = malloc (sizeof (struct ofpath_files_list_node));
+ if (!file)
+return -1;
+
+ file->filename = malloc (sizeof (char) * 1024);
+ if (!file->filename)
+{
+ free (file);
+ return -1;
+}
+
+ grub_strcpy (file->filename, filename);
+ if (root->first == NULL)
+{
+ root->items = 1;
+ root->first = file;
+ file->next = NULL;
+}
+ else
+{
+ root->items++;
+ file->next = root->first;
+ root->first = file;
+}
+
+ return 0;
+}
+
+void
+find_file (char* filename, char* directory, struct ofpath_files_list_root*
root, int max_depth, int depth)
+{
+ struct dirent *ep;
+ struct stat statbuf;
+ DIR *dp;
+ int ret_val=0;
+ char* full_path;
+
+ if (depth > max_depth)
+{
+ return;
+}
+
+ if ((dp = opendir (directory)) == NULL)
+{
+ return;
+}
+
+ full_path = malloc (1024 * sizeof (char));
+ if (!full_path)
+return;
+
+ while ((ep = readdir(dp)) != NULL)
+{
+ snprintf (full_path, 1024, "%s/%s", directory, ep->d_name);
+ lstat (full_path, &statbuf);
+
+ if (S_ISLNK (statbuf.st_mode))
+{
+ continue;
+}
+
+ if (!strcmp (ep->d_name, ".") || !strcmp(ep->d_name, ".."))
+{
+ continue;
+}
+
+ if (!strcmp (ep->d_name, filename))
+{
+ ret_val = add_filename_to_pile (full_path, root);
+ if (ret_val == -1)
+continue;
+}
+
+ find_file (filename, full_path, root, max_depth, depth+1);
+}
+
+ free (full_path);
+ closedir (dp);
+}
+
static char *
of_path_of_vdisk(const char *sys_devname __attribute__((unused)),
const char *device,
@@ -382,7 +468,200 @@ of_fc_port_name (const char *path, const char *subpath,
char *port_name)
free (basepath);
}
-#ifdef __sparc__
+void
+free_ofpath_files_list (struct ofpath_files_list_root* root)
+{
+ struct ofpath_files_list_node* node = root->first;
+ struct ofpath_files_list_node* next;
+
+ while (node!=NULL)
+{
+ next = node->next;
+ free (node->filename);
+ free (node);
+ node = next;
+}
+
+ free (root);
+ return;
+}
+
+char*
+of_find_fc_host (char* host_wwpn)
+{
+ FILE* fp;
+ char *buf;
+ char *ret_val;
+ char portname_filename[sizeof ("port_name")] = "port_name";
+ char devices_path[sizeof ("/sys/devices")] = "/sys/devices";
+ struct ofpath_files_list_root* portnames_file_list;
+ struct ofpath_files_list_node* node;
+
+ ret_val = malloc (sizeof (char) * 1024);
+ if (!ret_val)
+return NULL;
+
+ portnames_file_list = malloc (sizeof (struct ofpath_files_list_root));
+ if (!portnames_file_list)
+{
+ free (ret_val);
+ return NULL;
+}
+
+ portnames_file_list->items = 0;
+ portnames_file_list->first = NULL;
+ find_file (portname_filename, devices_path, portnames_file_list, 10, 0);
+ node = portnames_file_list->first;
+
+ while (node != NULL)
+{
+ fp = fopen(node->filename, "r");
+ buf = malloc (sizeof (char) * 512);
+ if (!buf)
+break;
+
+ fscanf (fp, "%s", buf);
+ fclose (fp);
+
+ if ((strcmp (buf, host_wwpn) == 0) && grub_strstr (node->filename,
"fc_host"))
+{
+ free (buf);
+ grub_strcpy (ret_val, node->filename);
+ free_ofpath_files_list (portnames_file_list);
+ return ret_val;
+}
+
+ node = node->next;
+ free (buf);
+}
+ free_ofpath_files_list (portnames_file_list);
+ free (ret_val);
+ return NULL;
+}
+
+int
+of_path_get_nvmeof_adapter_info (char* sysfs_path,
+ struct ofpath_nvmeof_info* nvmeof_info)
+{
+ FILE *fp;
+ char *buf, *buf2, *buf3;
+
+ nvmeof_info->host_wwpn = malloc (sizeof (char) * 256);
+ nvmeof_info->target_wwpn = malloc (sizeof (char) * 256);
+ nvmeof_info->nqn = malloc (sizeof (char) * 256);
+
+ if (nvmeof_info->host_wwpn == NULL || nvmeof_info->target_wwpn == NULL ||
nvmeof_info->nqn =
[PATCH 0/1] Allow to autogeneratd fdt entry via grub-mkconfig
From: Alexey Shvetsov Some platforms like arm, arm64, risc-v and others need fdt entry to boot linux kernel. This patch allow to generate fdt records in grub.cfg via grub-mkconfig if GRUB_DEFAULT_DTB is set Alexey Shvetsov (1): fdt: allow to autogenerate entry for fdt files in grub.cfg util/grub-mkconfig.in | 3 ++- util/grub.d/10_linux.in | 14 ++ 2 files changed, 16 insertions(+), 1 deletion(-) -- 2.45.2 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 1/1] fdt: allow to autogenerate entry for fdt files in grub.cfg
From: Alexey Shvetsov
Some platforms like arm, arm64, riscv and other need fdt files to boot.
This change allow to autogenerate entry for them if GRUB_DEFAULT_DTB is
set
Signed-off-by: Alexey Shvetsov
---
util/grub-mkconfig.in | 3 ++-
util/grub.d/10_linux.in | 14 ++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 32c480dae..d1bf4983b 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -255,7 +255,8 @@ export GRUB_DEFAULT \
GRUB_ENABLE_CRYPTODISK \
GRUB_BADRAM \
GRUB_OS_PROBER_SKIP_LIST \
- GRUB_DISABLE_SUBMENU
+ GRUB_DISABLE_SUBMENU \
+ GRUB_DEFAULT_DTB
if test "x${grub_cfg}" != "x"; then
rm -f "${grub_cfg}.new"
diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
index cc393be7e..dbd9a9155 100644
--- a/util/grub.d/10_linux.in
+++ b/util/grub.d/10_linux.in
@@ -144,6 +144,12 @@ linux_entry ()
sed "s/^/$submenu_indentation/" << EOF
echo'$(echo "$message" | grub_quote)'
linux ${rel_dirname}/${basename}
root=${linux_root_device_thisversion} ro ${args}
+EOF
+ if test -n "${fdt}" ; then
+ message="$(gettext_printf "Loading fdt ...")"
+ sed "s/^/$submenu_indentation/" << EOF
+echo'$(echo "$message" | grub_quote)'
+devicetree ${rel_dirname}/${fdt}
EOF
if test -n "${initrd}" ; then
# TRANSLATORS: ramdisk isn't identifier. Should be translated.
@@ -250,6 +256,14 @@ for linux in ${reverse_sorted_list}; do
gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
fi
+ fdt=
+ for i in "dtb-${version}" "dtb-${alt_version}" "dtbs/${version}"; do
+if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then
+ fdt="${i}/${GRUB_DEFAULT_DTB}"
+ break
+fi
+ done
+
config=
for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}"
"/etc/kernels/kernel-config-${version}" ; do
if test -e "${i}" ; then
--
2.45.2
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v18 18/25] util/grub-protect: Add new tool
On Fri, Jun 28, 2024 at 04:19:01PM +0800, Gary Lin via Grub-devel wrote:
> From: Hernan Gatta
>
> To utilize the key protectors framework, there must be a way to protect
> full-disk encryption keys in the first place. The grub-protect tool
> includes support for the TPM2 key protector but other protectors that
> require setup ahead of time can be supported in the future.
>
> For the TPM2 key protector, the intended flow is for a user to have a
> LUKS 1 or LUKS 2-protected fully-encrypted disk. The user then creates a
> new LUKS key file, say by reading /dev/urandom into a file, and creates
> a new LUKS key slot for this key. Then, the user invokes the grub-protect
> tool to seal this key file to a set of PCRs using the system's TPM 2.0.
> The resulting sealed key file is stored in an unencrypted partition such
> as the EFI System Partition (ESP) so that GRUB may read it. The user also
> has to ensure the cryptomount command is included in GRUB's boot script
> and that it carries the requisite key protector (-P) parameter.
>
> Sample usage:
>
> $ dd if=/dev/urandom of=luks-key bs=1 count=32
> $ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2 --hash=sha512
>
> To seal the key with TPM 2.0 Key File (recommended):
>
> $ sudo grub-protect --action=add \
> --protector=tpm2 \
> --tpm2-pcrs=0,2,4,7,9 \
> --tpm2key \
> --tpm2-keyfile=luks-key \
> --tpm2-outfile=/boot/efi/boot/grub2/sealed.tpm
>
> Or, to seal the key with the raw sealed key:
>
> $ sudo grub-protect --action=add \
> --protector=tpm2 \
> --tpm2-pcrs=0,2,4,7,9 \
> --tpm2-keyfile=luks-key \
> --tpm2-outfile=/boot/efi/boot/grub2/sealed.key
>
> Then, in the boot script, for TPM 2.0 Key File:
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
> cryptomount -u -P tpm2
>
> Or, for the raw sealed key:
>
> tpm2_key_protector_init --keyfile=(hd0,gpt1)/boot/grub2/sealed.key
> --pcrs=0,2,4,7,9
> cryptomount -u -P tpm2
>
> The benefit of using TPM 2.0 Key File is that the PCR set is already
> written in the key file, so there is no need to specify PCRs when
> invoking tpm2_key_protector_init.
I think most if not all of this commit message should go to the GRUB
documentation too.
> Cc: Stefan Berger
> Signed-off-by: Hernan Gatta
> Signed-off-by: Gary Lin
> ---
> .gitignore|2 +
> Makefile.util.def | 26 +
> configure.ac | 30 +
> docs/man/grub-protect.h2m |4 +
> util/grub-protect.c | 1423 +
> 5 files changed, 1485 insertions(+)
> create mode 100644 docs/man/grub-protect.h2m
> create mode 100644 util/grub-protect.c
>
> diff --git a/.gitignore b/.gitignore
> index 4c1f91db8..2105d87c8 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -169,6 +169,8 @@ widthspec.bin
> /grub-ofpathname.exe
> /grub-probe
> /grub-probe.exe
> +/grub-protect
> +/grub-protect.exe
> /grub-reboot
> /grub-render-label
> /grub-render-label.exe
> diff --git a/Makefile.util.def b/Makefile.util.def
> index fb82f59a0..074c0aff7 100644
> --- a/Makefile.util.def
> +++ b/Makefile.util.def
> @@ -208,6 +208,32 @@ program = {
>ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
> };
>
> +program = {
> + name = grub-protect;
> + mansection = 1;
> +
> + common = grub-core/kern/emu/argp_common.c;
> + common = grub-core/osdep/init.c;
> + common = grub-core/lib/tss2/buffer.c;
> + common = grub-core/lib/tss2/tss2_mu.c;
> + common = grub-core/lib/tss2/tpm2_cmd.c;
> + common = grub-core/commands/tpm2_key_protector/args.c;
> + common = grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c;
> + common = util/grub-protect.c;
> + common = util/probe.c;
> +
> + cflags = '-I$(srcdir)/grub-core/lib/tss2
> -I$(srcdir)/grub-core/commands/tpm2_key_protector';
> +
> + ldadd = libgrubmods.a;
> + ldadd = libgrubgcry.a;
> + ldadd = libgrubkern.a;
> + ldadd = grub-core/lib/gnulib/libgnu.a;
> + ldadd = '$(LIBTASN1)';
> + ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR)
> $(LIBGEOM)';
> +
> + condition = COND_GRUB_PROTECT;
> +};
> +
> program = {
>name = grub-mkrelpath;
>mansection = 1;
> diff --git a/configure.ac b/configure.ac
> index d4a14bf93..12681c19c 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -76,6 +76,7 @@ grub_TRANSFORM([grub-mkpasswd-pbkdf2])
> grub_TRANSFORM([grub-mkrelpath])
> grub_TRANSFORM([grub-mkrescue])
> grub_TRANSFORM([grub-probe])
> +grub_TRANSFORM([grub-protect])
> grub_TRANSFORM([grub-reboot])
> grub_TRANSFORM([grub-script-check])
> grub_TRANSFORM([grub-set-default])
> @@ -2057,6 +2058,29 @@ fi
> AC_SUBST([LIBZFS])
> AC_SUBST([LIBNVPAIR])
>
> +AC_ARG_ENABLE([grub-protect],
> + [AS_HELP_STRING([--enable-grub-protect],
> + [build and install the `grub-protect' ut
Re: [PATCH v18 19/25] tpm2_key_protector: Support authorized policy
On Fri, Jun 28, 2024 at 04:19:02PM +0800, Gary Lin via Grub-devel wrote:
> This commit handles the TPM2_PolicyAuthorize command from the key file
> in TPM 2.0 Key File format.
>
> TPM2_PolicyAuthorize is the essential command to support authorized
> policy which allows the users to sign TPM policies with their own keys.
> Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuthorize
> comprises 'TPM2B_PUBLIC pubkey', 'TPM2B_DIGEST policy_ref', and
> 'TPMT_SIGNATURE signature'. To verify the signature, the current policy
> digest is hashed with the hash algorithm written in 'signature', and then
> 'signature' is verified with the hashed policy digest and 'pubkey'. Once
> TPM accepts 'signature', TPM2_PolicyAuthorize is invoked to authorize the
> signed policy.
>
> To create the key file with authorized policy, here are the pcr-oracle(*2)
> commands:
>
> # Generate the RSA key and create the authorized policy file
> $ pcr-oracle \
> --rsa-generate-key \
> --private-key policy-key.pem \
> --auth authorized.policy \
> create-authorized-policy 0,2,4,7,9
>
> # Seal the secret with the authorized policy
> $ pcr-oracle \
> --key-format tpm2.0 \
> --auth authorized.policy \
> --input disk-secret.txt \
> --output sealed.key \
> seal-secret
>
> # Sign the predicted PCR policy
> $ pcr-oracle \
> --key-format tpm2.0 \
> --private-key policy-key.pem \
> --from eventlog \
> --stop-event "grub-file=grub.cfg" \
> --after \
> --input sealed.key \
> --output sealed.tpm \
> sign 0,2,4,7,9
>
> Then specify the key file and the key protector to grub.cfg in the EFI
> system partition:
>
> tpm2_key_protector_init -a RSA --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
> cryptomount -u -P tpm2
>
> For any change in the boot components, just run the 'sign' command again
> to update the signature in sealed.tpm, and TPM can unseal the key file
> with the updated PCR policy.
Again, this should land in the GRUB docs as well...
> (*1) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
> (*2) https://github.com/okirch/pcr-oracle
>
> Signed-off-by: Gary Lin
> Reviewed-by: Stefan Berger
> ---
> .../commands/tpm2_key_protector/module.c | 72 +++
> 1 file changed, 72 insertions(+)
>
> diff --git a/grub-core/commands/tpm2_key_protector/module.c
> b/grub-core/commands/tpm2_key_protector/module.c
> index 79440474b..a98109c43 100644
> --- a/grub-core/commands/tpm2_key_protector/module.c
> +++ b/grub-core/commands/tpm2_key_protector/module.c
> @@ -618,6 +618,75 @@ grub_tpm2_protector_policypcr (TPMI_SH_AUTH_SESSION
> session,
>return GRUB_ERR_NONE;
> }
>
> +static grub_err_t
> +grub_tpm2_protector_policyauthorize (TPMI_SH_AUTH_SESSION session,
> + struct grub_tpm2_buffer *cmd_buf)
> +{
> + TPM2B_PUBLIC pubkey;
> + TPM2B_DIGEST policy_ref;
> + TPMT_SIGNATURE signature;
> + TPM2B_DIGEST pcr_policy;
> + TPM2B_DIGEST pcr_policy_hash;
> + TPMI_ALG_HASH sig_hash;
> + TPMT_TK_VERIFIED verification_ticket;
> + TPM_HANDLE pubkey_handle = 0;
> + TPM2B_NAME pubname;
> + TPM_RC rc;
> + grub_err_t err;
> +
> + grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (cmd_buf, &pubkey);
> + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (cmd_buf, &policy_ref);
> + grub_Tss2_MU_TPMT_SIGNATURE_Unmarshal (cmd_buf, &signature);
> + if (cmd_buf->error != 0)
> +return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Failed to unmarshal the
> buffer for TPM2_PolicyAuthorize"));
> +
> + /* Retrieve Policy Digest */
> + rc = TPM2_PolicyGetDigest (session, NULL, &pcr_policy, NULL);
> + if (rc != TPM_RC_SUCCESS)
> +return grub_error (GRUB_ERR_BAD_DEVICE, N_("Failed to get policy digest
> (TPM2_PolicyGetDigest: 0x%x)."), rc);
> +
> + /* Calculate the digest of the polcy for VerifySignature */
> + sig_hash = TPMT_SIGNATURE_get_hash_alg (&signature);
> + if (sig_hash == TPM_ALG_NULL)
> +return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Failed to get the hash
> algorithm of the signature"));
> +
> + rc = TPM2_Hash (NULL, (TPM2B_MAX_BUFFER *)&pcr_policy, sig_hash,
A nit, wrong cast coding style...
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v18 20/25] tpm2_key_protector: Implement NV index
On Fri, Jun 28, 2024 at 04:19:03PM +0800, Gary Lin via Grub-devel wrote:
> From: Patrick Colp
>
> Currently with the TPM2 protector, only SRK mode is supported and
> NV index support is just a stub. Implement the NV index option.
>
> Note: This only extends support on the unseal path. grub2_protect
> has not been updated. tpm2-tools can be used to insert a key into
> the NV index.
>
> An example of inserting a key using tpm2-tools:
>
> # Get random key.
> tpm2_getrandom 32 > key.dat
>
> # Create primary object.
> tpm2_createprimary -C o -g sha256 -G ecc -c primary.ctx
>
> # Create policy object. `pcrs.dat` contains the PCR values to seal against.
> tpm2_startauthsession -S session.dat
> tpm2_policypcr -S session.dat -l sha256:7,11 -f pcrs.dat -L policy.dat
> tpm2_flushcontext session.dat
>
> # Seal key into TPM.
> cat key.dat | tpm2_create -C primary.ctx -u key.pub -r key.priv -L
> policy.dat -i-
> tpm2_load -C primary.ctx -u key.pub -r key.priv -n sealing.name -c
> sealing.ctx
> tpm2_evictcontrol -C o -c sealing.ctx 0x8100
>
> Then to unseal the key in grub, add this to grub.cfg:
>
> tpm2_key_protector_init --mode=nv --nvindex=0x8100 --pcrs=7,11
> cryptomount -u --protector tpm2
Please add this to the GRUB documentation.
> Signed-off-by: Patrick Colp
> Signed-off-by: Gary Lin
> Reviewed-by: Stefan Berger
> ---
> .../commands/tpm2_key_protector/module.c | 27 ---
> 1 file changed, 23 insertions(+), 4 deletions(-)
>
> diff --git a/grub-core/commands/tpm2_key_protector/module.c
> b/grub-core/commands/tpm2_key_protector/module.c
> index a98109c43..ae412e6f4 100644
> --- a/grub-core/commands/tpm2_key_protector/module.c
> +++ b/grub-core/commands/tpm2_key_protector/module.c
> @@ -981,11 +981,30 @@ grub_tpm2_protector_srk_recover (const struct
> grub_tpm2_protector_context *ctx,
> }
>
> static grub_err_t
> -grub_tpm2_protector_nv_recover (const struct grub_tpm2_protector_context
> *ctx __attribute__ ((unused)),
> - grub_uint8_t **key __attribute__ ((unused)),
> - grub_size_t *key_size __attribute__ ((unused)))
> +grub_tpm2_protector_nv_recover (const struct grub_tpm2_protector_context
> *ctx,
> + grub_uint8_t **key, grub_size_t *key_size)
> {
> - return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, N_("NV Index mode is not
> implemented yet"));
> + TPM_HANDLE sealed_handle = ctx->nv;
> + tpm2key_policy_t policy_seq = NULL;
> + grub_err_t err;
> +
> + /* Create a basic policy sequence based on the given PCR selection */
> + err = grub_tpm2_protector_simple_policy_seq (ctx, &policy_seq);
> + if (err != GRUB_ERR_NONE)
> +goto exit;
> +
> + err = grub_tpm2_protector_unseal (policy_seq, sealed_handle, key,
> key_size);
> +
> + /* Pop error messages on success */
> + if (err == GRUB_ERR_NONE)
> +while (grub_error_pop ());
Hmmm... Why does unseal success clear whole error stack?
If it is correct it begs for comment here.
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v18 21/25] cryptodisk: Fallback to passphrase
On Fri, Jun 28, 2024 at 04:19:04PM +0800, Gary Lin via Grub-devel wrote:
> From: Patrick Colp
>
> If a protector is specified, but it fails to unlock the disk, fall back
> to asking for the passphrase. However, an error was set indicating that
> the protector(s) failed. Later code (e.g., LUKS code) fails as
> `grub_errno` is now set. Print the existing errors out first, before
> proceeding with the passphrase.
This behavior has to be documented in the GRUB docs.
> Signed-off-by: Patrick Colp
> Signed-off-by: Gary Lin
> Reviewed-by: Stefan Berger
> ---
> grub-core/disk/cryptodisk.c | 17 -
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 6f7394942..1a994d935 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -1167,6 +1167,10 @@ grub_cryptodisk_scan_device_real (const char *name,
> ret = cr->recover_key (source, dev, cargs);
> if (ret != GRUB_ERR_NONE)
> {
> + /* Reset key data to trigger the passphrase prompt later */
> + cargs->key_data = NULL;
> + cargs->key_len = 0;
> +
> part = grub_partition_get_name (source->partition);
> grub_dprintf ("cryptodisk",
> "recovered a key from key protector %s but it "
> @@ -1192,7 +1196,6 @@ grub_cryptodisk_scan_device_real (const char *name,
> source->name, source->partition != NULL ? "," : "",
> part != NULL ? part : N_("UNKNOWN"), dev->uuid);
>grub_free (part);
> - goto error;
> }
>
>if (cargs->key_len)
> @@ -1207,6 +1210,18 @@ grub_cryptodisk_scan_device_real (const char *name,
>unsigned long tries = 3;
>const char *tries_env;
>
> + /*
> + * Print the error from key protectors and clear grub_errno.
I think you should explain why you have to do it here. Something similar
to the commit message...
> + * Since '--protector' doesn't not coexist with '--password' and
s/doesn't not/cannot/?
> + * '--key-file', only "cargs->key_len == 0" is expected if all
> + * key protectors fail.
> + */
> + if (grub_errno)
if (grub_errno != GRUB_ERR_NONE)
> + {
> + grub_print_error ();
> + grub_errno = GRUB_ERR_NONE;
> + }
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v18 22/25] cryptodisk: wipe out the cached keys from protectors
On Fri, Jun 28, 2024 at 04:19:05PM +0800, Gary Lin via Grub-devel wrote: > An attacker may insert a malicious disk with the same crypto UUID and > trick grub2 to mount the fake root. Even though the key from the key > protector fails to unlock the fake root, it's not wiped out cleanly so > the attacker could dump the memory to retrieve the secret key. To defend > such attack, wipe out the cached key when we don't need it. > > Cc: Fabian Vogt > Signed-off-by: Gary Lin > Reviewed-by: Stefan Berger Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v18 23/25] diskfilter: look up cryptodisk devices first
On Fri, Jun 28, 2024 at 04:19:06PM +0800, Gary Lin via Grub-devel wrote:
> When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
> look like this:
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
> cryptomount -u -P tpm2
> search --fs-uuid --set=root
>
> Since the disk search order is based on the order of module loading, the
> attacker could insert a malicious disk with the same FS-UUID root to
> trick grub2 to boot into the malicious root and further dump memory to
> steal the unsealed key.
>
> Do defend against such an attack, we can specify the hint provided by
> 'grub-probe' to search the encrypted partition first:
>
> search --fs-uuid --set=root --hint='cryptouuid/'
>
> However, for LVM on an encrypted partition, the search hint provided by
> 'grub-probe' is:
>
> --hint='lvmid//'
>
> It doesn't guarantee to look up the logical volume from the encrypted
> partition, so the attacker may have the chance to fool grub2 to boot
> into the malicious disk.
>
> To minimize the attack surface, this commit tweaks the disk device search
> in diskfilter to look up cryptodisk devices first and then others, so
> that the auto-unlocked disk will be found first, not the attacker's disk.
>
> Cc: Fabian Vogt
> Signed-off-by: Gary Lin
> Reviewed-by: Stefan Berger
> ---
> grub-core/disk/diskfilter.c | 35 ++-
> 1 file changed, 26 insertions(+), 9 deletions(-)
>
> diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
> index 21e239511..df1992305 100644
> --- a/grub-core/disk/diskfilter.c
> +++ b/grub-core/disk/diskfilter.c
> @@ -226,15 +226,32 @@ scan_devices (const char *arname)
>int need_rescan;
>
>for (pull = 0; pull < GRUB_DISK_PULL_MAX; pull++)
> -for (p = grub_disk_dev_list; p; p = p->next)
> - if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID
> - && p->disk_iterate)
> - {
> - if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
> - return;
> - if (arname && is_lv_readable (find_lv (arname), 1))
> - return;
> - }
> +{
> + /* look up the crytodisk devices first */
> + for (p = grub_disk_dev_list; p; p = p->next)
> + if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID
> + && p->disk_iterate)
> + {
> + if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
> + return;
> + if (arname && is_lv_readable (find_lv (arname), 1))
> + return;
> + break;
> + }
> +
> + /* check the devices other than crytodisk */
> + for (p = grub_disk_dev_list; p; p = p->next)
> + if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
> + continue;
> + else if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID
I think you can drop "if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)"...
> + && p->disk_iterate)
> + {
> + if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
> + return;
> + if (arname && is_lv_readable (find_lv (arname), 1))
> + return;
> + }
> +}
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v18 24/25] tpm2_key_protector: Add grub-emu support
On Fri, Jun 28, 2024 at 04:19:07PM +0800, Gary Lin via Grub-devel wrote:
> As a preparation to test tpm2_key_protector with grub-emu, the new
> option, --tpm-device, is introduced to specify the TPM device for
> grub-emu so that grub-emu can share the emulated TPM device with
> the host.
>
> Since grub-emu can directly access the device node on host, it's easy to
> implement the essential TCG2 command submission function with the
> read/write functions and enable tpm2_key_protector module for grub-emu,
> so that we can further test TPM2 key unsealing with grub-emu.
>
> Signed-off-by: Gary Lin
> Reviewed-by: Stefan Berger
> ---
> grub-core/Makefile.core.def | 3 ++
> grub-core/kern/emu/main.c | 11 ++-
> grub-core/kern/emu/misc.c | 51 +
> grub-core/lib/tss2/tcg2_emu.c | 54 +++
> include/grub/emu/misc.h | 5
> 5 files changed, 123 insertions(+), 1 deletion(-)
> create mode 100644 grub-core/lib/tss2/tcg2_emu.c
>
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index d54c12574..df07c0f0e 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -2574,7 +2574,9 @@ module = {
>common = lib/tss2/tpm2_cmd.c;
>common = lib/tss2/tss2.c;
>efi = lib/efi/tcg2.c;
> + emu = lib/tss2/tcg2_emu.c;
>enable = efi;
> + enable = emu;
>cppflags = '-I$(srcdir)/lib/tss2';
> };
>
> @@ -2586,6 +2588,7 @@ module = {
>common = commands/tpm2_key_protector/tpm2key_asn1_tab.c;
>/* The plaform support of tpm2_key_protector depends on the tcg2
> implementation in tss2. */
>enable = efi;
> + enable = emu;
>cppflags = '-I$(srcdir)/lib/tss2 -I$(srcdir)/lib/libtasn1-grub';
> };
>
> diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
> index 855b11c3d..c10838613 100644
> --- a/grub-core/kern/emu/main.c
> +++ b/grub-core/kern/emu/main.c
> @@ -55,7 +55,7 @@
> static jmp_buf main_env;
>
> /* Store the prefix specified by an argument. */
> -static char *root_dev = NULL, *dir = NULL;
> +static char *root_dev = NULL, *dir = NULL, *tpm_dev = NULL;
>
> grub_addr_t grub_modbase = 0;
>
> @@ -108,6 +108,7 @@ static struct argp_option options[] = {
>{"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
>{"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a
> debugger will attach"), 0},
>{"kexec", 'X', 0, 0, N_("use kexec to boot Linux kernels via
> systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0},
> + {"tpm-device", 't', N_("DEV"), 0, N_("Set TPM device."), 0},
Again, this has to be documented.
Otherwise patch LGTM...
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v18 25/25] tests: Add tpm2_key_protector_test
On Fri, Jun 28, 2024 at 04:19:08PM +0800, Gary Lin via Grub-devel wrote: > For the tpm2_key_protector module, the TCG2 command submission function > is the only difference between a QEMU instance and grub-emu. To test > TPM2 key unsealing with a QEMU instance, it requires an extra OS image > to invoke grub-protect to seal the LUKS key, rather than a simple > grub-shell rescue CD image. On the other hand, grub-emu can share the > emulated TPM2 device with the host, so that we can seal the LUKS key on > host and test key unsealing with grub-emu. > > This test script firstly creates a simple LUKS image to be loaded as a > loopback device in grub-emu. Then an emulated TPM2 device is created by > "swtpm chardev" and PCR 0 and 1 are extended. > > There are several test cases in the script to test various settings. Each > test case uses grub-protect or tpm2-tools to seal the LUKS password > with PCR 0 and PCR 1. Then grub-emu is launched to load the LUKS image, > try to mount the image with tpm2_key_protector_init and cryptomount, and > verify the result. > > Based on the idea from Michael Chang. > > Cc: Michael Chang > Cc: Stefan Berger > Cc: Glenn Washburn > Signed-off-by: Gary Lin Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] net/net: Delete Routes for Deleted Interfaces
I see I messed up the description of the email... sorry about that.
Full description:
--
Correct incorrect handling of routes being maintained when an
associated interface is deleted. Previously the route(s) for an interface
being removed were not deleted. This resulted in displaying corrupted
output to the console in the following sequence:
net_add_addr
if0 emu0 192.168.100.2
net_ls_routes if0:local 192.168.100.0/24 if0
net_del_addr if0
net_ls_routes if0:local 192.168.100.0/24 ???
...
net_ls_routes
if0:local 192.168.100.0/24 ?7?
The fields including the question marks above will contain pseudo-random
data from the heap which may change over time. In some cases this may
have resulted in crashes as well after a route was deleted and attempted
to be used in actual network routing operations.
With this update, routes mapped to a deleted interface will be deleted.
Signed-off-by: Andrew Hamilton
-
On Fri, Aug 30, 2024 at 9:45 PM Andrew Hamilton wrote:
>
> With this update, routes mapped to a deleted interface will be deleted.
>
> Signed-off-by: Andrew Hamilton
> ---
> grub-core/net/net.c | 17 +
> 1 file changed, 17 insertions(+)
>
> diff --git a/grub-core/net/net.c b/grub-core/net/net.c
> index 8cad4fb6d..51e0dd312 100644
> --- a/grub-core/net/net.c
> +++ b/grub-core/net/net.c
> @@ -718,6 +718,23 @@ grub_cmd_deladdr (struct grub_command *cmd __attribute__
> ((unused)),
> return grub_error (GRUB_ERR_IO,
>N_("you can't delete this address"));
>
> + struct grub_net_route *route;
> + struct grub_net_route **prev;
> +
> + /* Remove any existing routes using this interface. */
> + for (prev = &grub_net_routes, route = *prev; route;
> + prev = &((*prev)->next), route = *prev)
> +{
> + if (grub_strcmp (route->interface->name, inter->name) == 0)
> +{
> + *prev = route->next;
> + grub_free (route->name);
> + grub_free (route);
> + if (*prev == NULL)
> +break;
> +}
> +}
> +
>grub_net_network_level_interface_unregister (inter);
>grub_free (inter->name);
>grub_free (inter);
> --
> 2.39.2
>
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH] net/net: Delete Routes for Deleted Interfaces
With this update, routes mapped to a deleted interface will be deleted.
Signed-off-by: Andrew Hamilton
---
grub-core/net/net.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/grub-core/net/net.c b/grub-core/net/net.c
index 8cad4fb6d..51e0dd312 100644
--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
@@ -718,6 +718,23 @@ grub_cmd_deladdr (struct grub_command *cmd __attribute__
((unused)),
return grub_error (GRUB_ERR_IO,
N_("you can't delete this address"));
+ struct grub_net_route *route;
+ struct grub_net_route **prev;
+
+ /* Remove any existing routes using this interface. */
+ for (prev = &grub_net_routes, route = *prev; route;
+ prev = &((*prev)->next), route = *prev)
+{
+ if (grub_strcmp (route->interface->name, inter->name) == 0)
+{
+ *prev = route->next;
+ grub_free (route->name);
+ grub_free (route);
+ if (*prev == NULL)
+break;
+}
+}
+
grub_net_network_level_interface_unregister (inter);
grub_free (inter->name);
grub_free (inter);
--
2.39.2
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
