[PATCH 02/17] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain'.
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 1897acc4b..d8f66e9ef 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -501,10 +501,10 @@ grub_cryptodisk_setcipher (grub_cryptodisk_t crypt, const
char *ciphername, cons
if (cipheriv == NULL)
;
- else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
+ else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
{
if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 01/17] configure: Add Ubuntu dejavu font path.
From: Glenn Washburn Signed-off-by: Glenn Washburn --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 7c10a4db7..c6b0ef499 100644 --- a/configure.ac +++ b/configure.ac @@ -1678,7 +1678,7 @@ fi if test x"$starfield_excuse" = x; then for ext in pcf pcf.gz bdf bdf.gz ttf ttf.gz; do - for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype; do + for dir in . /usr/src /usr/share/fonts/X11/misc /usr/share/fonts/truetype/ttf-dejavu /usr/share/fonts/dejavu /usr/share/fonts/truetype /usr/share/fonts/truetype/dejavu; do if test -f "$dir/DejaVuSans.$ext"; then DJVU_FONT_SOURCE="$dir/DejaVuSans.$ext" break 2 -- 2.25.1 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 03/17] cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read.
From: Glenn Washburn
Here dev is a grub_cryptodisk_t and dev->offset is offset in sectors of size
native to the cryptodisk device. The sector is correctly transformed into
native grub sector size, but then added to dev->offset which is not
transformed. It would be nice if the type system would help us with this.
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index d8f66e9ef..2791a4870 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -757,8 +757,8 @@ grub_cryptodisk_read (grub_disk_t disk, grub_disk_addr_t
sector,
size, sector, dev->offset);
err = grub_disk_read (dev->source_disk,
- (sector << (disk->log_sector_size
- - GRUB_DISK_SECTOR_BITS)) + dev->offset, 0,
+ ((sector + dev->offset) << (disk->log_sector_size
+ - GRUB_DISK_SECTOR_BITS)), 0,
size << disk->log_sector_size, buf);
if (err)
{
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 00/17] Fixes and improvements for cryptodisks+luks2 and a few other things.
From: Glenn Washburn Hi All, Here's a list of patches that mostly have to do with cryptodisk and luks2 fixes or improvements. The odd balls out are the patches adding the ubuntu font path, a fix an an improvement to blocklists, and adding a procfs entry for loopbacks. I'm hoping that at least the luks2 and cryptodisk sector size fixes can be included for the 2.06 release (non-512 byte sectors are definitely broken for LUKS2). Let me know if there's anything else I can do to help get these merged or messed something up in sending the emails (first time sending patches through git). Thanks for all the hard work, Glenn Glenn Washburn (17): configure: Add Ubuntu dejavu font path. cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain'. cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read. cryptodisk: Add more verbosity when reading/writing cryptodisks. luks: Add support for LUKS2 in (proc)/luks_script luks2: grub_cryptodisk_t->total_length is the max number of device native sectors. cryptodisk,luks: Allow special processing for comparing UUIDs. cryptodisk: Unregister cryptomount command when removing module. fs: When checking if a block list goes past the end of the disk, make sure the total size of the disk is in grub native sector sizes, otherwise there will be blocks at the end of the disk unaccessible by block lists. cryptodisk: Properly handle non-512 byte sized sectors. cryptodisk: Rename total_length field in grub_cryptodisk_t to total_sectors. fs: Allow number of blocks in block list to be optional, where length will be defaulted to the length of the device. loopback: Add procfs entry 'loopbacks' to output configured loopback devices. cryptodisk: Add header line to procfs entry and crypto and source device names. cryptodisk: Add a couple comments noting the usage of a couple fields in grub_cryptodisk_t as is done for grub_disk_t. luks2: Ensure that bit fields of grub_luks2_digest_t in luks2_parse_digest are initialized before returning. luks2: Fix use of incorrect index and some error messages. configure.ac| 2 +- grub-core/disk/cryptodisk.c | 111 +++- grub-core/disk/geli.c | 2 +- grub-core/disk/loopback.c | 56 ++ grub-core/disk/luks.c | 27 +++-- grub-core/disk/luks2.c | 31 ++ grub-core/kern/fs.c | 10 +++- include/grub/cryptodisk.h | 10 +++- include/grub/misc.h | 21 +++ 9 files changed, 192 insertions(+), 78 deletions(-) -- 2.25.1 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 11/17] cryptodisk: Rename total_length field in grub_cryptodisk_t to total_sectors.
From: Glenn Washburn This makes the creates an alignment with grub_disk_t naming of the same field and is more intuitive as to how it should be used. Signed-off-by: Glenn Washburn --- grub-core/disk/cryptodisk.c | 2 +- grub-core/disk/geli.c | 2 +- grub-core/disk/luks.c | 2 +- grub-core/disk/luks2.c | 4 ++-- include/grub/cryptodisk.h | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index c30fb0e16..fc53ab491 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -705,7 +705,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) } disk->data = dev; - disk->total_sectors = dev->total_length; + disk->total_sectors = dev->total_sectors; disk->max_agglomerate = GRUB_DISK_MAX_MAX_AGGLOMERATE; disk->id = dev->id; dev->ref++; diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c index e9d23299a..4ec875821 100644 --- a/grub-core/disk/geli.c +++ b/grub-core/disk/geli.c @@ -391,7 +391,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, newdev->modname = "geli"; - newdev->total_length = grub_disk_get_size (disk) - 1; + newdev->total_sectors = grub_disk_get_size (disk) - 1; grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= 32 * 2 + 1); return newdev; diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index a1ac078d1..b1db3d137 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -113,7 +113,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, newdev->offset = grub_be_to_cpu32 (header.payloadOffset); newdev->source_disk = NULL; newdev->log_sector_size = LOG_SECTOR_SIZE; - newdev->total_length = grub_disk_get_size (disk) - newdev->offset; + newdev->total_sectors = grub_disk_get_size (disk) - newdev->offset; grub_memcpy (newdev->uuid, header.uuid, sizeof (newdev->uuid)); newdev->modname = "luks"; diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index 1ba5044f6..0089d169c 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -606,10 +606,10 @@ luks2_recover_key (grub_disk_t disk, crypt->log_sector_size = sizeof (unsigned int) * 8 - __builtin_clz ((unsigned int) segment.sector_size) - 1; if (grub_strcmp (segment.size, "dynamic") == 0) - crypt->total_length = (grub_disk_get_size (disk) >> (crypt->log_sector_size - disk->log_sector_size)) + crypt->total_sectors = (grub_disk_get_size (disk) >> (crypt->log_sector_size - disk->log_sector_size)) - crypt->offset; else - crypt->total_length = grub_strtoull (segment.size, NULL, 10) >> crypt->log_sector_size; + crypt->total_sectors = grub_strtoull (segment.size, NULL, 10) >> crypt->log_sector_size; ret = luks2_decrypt_key (candidate_key, disk, crypt, &keyslot, (const grub_uint8_t *) passphrase, grub_strlen (passphrase)); diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h index 06653a622..f9e42796e 100644 --- a/include/grub/cryptodisk.h +++ b/include/grub/cryptodisk.h @@ -67,7 +67,7 @@ struct grub_cryptodisk char *source; grub_disk_addr_t offset; - grub_disk_addr_t total_length; + grub_disk_addr_t total_sectors; grub_disk_t source_disk; int ref; grub_crypto_cipher_handle_t cipher; -- 2.25.1 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 04/17] cryptodisk: Add more verbosity when reading/writing cryptodisks.
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 2791a4870..c21be7d52 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -753,8 +753,10 @@ grub_cryptodisk_read (grub_disk_t disk, grub_disk_addr_t
sector,
grub_dprintf ("cryptodisk",
"Reading %" PRIuGRUB_SIZE " sectors from sector 0x%"
- PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T "\n",
- size, sector, dev->offset);
+ PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T
+ " sectors and sector size of %u on disk (%s)\n",
+ size, sector, dev->offset, 1U << disk->log_sector_size,
+ dev->source_disk->name);
err = grub_disk_read (dev->source_disk,
((sector + dev->offset) << (disk->log_sector_size
@@ -803,8 +805,10 @@ grub_cryptodisk_write (grub_disk_t disk, grub_disk_addr_t
sector,
grub_dprintf ("cryptodisk",
"Writing %" PRIuGRUB_SIZE " sectors to sector 0x%"
- PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T "\n",
- size, sector, dev->offset);
+ PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T
+ " sectors and sector size of %u on disk (%s)\n",
+ size, sector, dev->offset, 1U << disk->log_sector_size,
+ dev->source_disk->name);
gcry_err = grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) tmp,
size << disk->log_sector_size,
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 05/17] luks: Add support for LUKS2 in (proc)/luks_script
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index c21be7d52..f6b6302e1 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1210,12 +1210,14 @@ luks_script_get (grub_size_t *sz)
*sz = 0;
for (i = cryptodisk_list; i != NULL; i = i->next)
-if (grub_strcmp (i->modname, "luks") == 0)
+if (grub_strncmp (i->modname, "luks", 4) == 0)
{
- size += sizeof ("luks_mount ");
+ size += grub_strlen (i->modname);
+ size += sizeof ("_mount");
size += grub_strlen (i->uuid);
size += grub_strlen (i->cipher->cipher->name);
- size += 54;
+ /* mode + mode_iv + spaces + offset + sector size + ??? + '\n' + NULL */
+ size += 5 + 8 + 5 + 20 + 4 + 16 + 1 + 1;
if (i->essiv_hash)
size += grub_strlen (i->essiv_hash->name);
size += i->keysize * 2;
@@ -1228,16 +1230,16 @@ luks_script_get (grub_size_t *sz)
ptr = ret;
for (i = cryptodisk_list; i != NULL; i = i->next)
-if (grub_strcmp (i->modname, "luks") == 0)
+if (grub_strncmp (i->modname, "luks", 4) == 0)
{
unsigned j;
const char *iptr;
- ptr = grub_stpcpy (ptr, "luks_mount ");
+ ptr = grub_stpcpy (ptr, i->modname);
+ ptr = grub_stpcpy (ptr, "_mount ");
ptr = grub_stpcpy (ptr, i->uuid);
*ptr++ = ' ';
- grub_snprintf (ptr, 21, "%" PRIuGRUB_UINT64_T " ", i->offset);
- while (*ptr)
- ptr++;
+ ptr += grub_snprintf (ptr, 21, "%" PRIuGRUB_UINT64_T " ", i->offset);
+ ptr += grub_snprintf (ptr, 6, "%d ", 1 << i->log_sector_size);
for (iptr = i->cipher->cipher->name; *iptr; iptr++)
*ptr++ = grub_tolower (*iptr);
switch (i->mode)
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 06/17] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors.
From: Glenn Washburn The total_length field is named confusingly because length usually refers to bytes, whereas in this case its really the total number of sectors on the device. Also counter-intuitively, grub_disk_get_size returns the total number of device native sectors sectors. We need to convert the sectors from the size of the underlying device to the cryptodisk sector size. And segment.size is in bytes which need to be converted to cryptodisk sectors. Signed-off-by: Glenn Washburn --- grub-core/disk/luks2.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index e3ff7c83d..632309e3c 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -416,7 +416,7 @@ luks2_decrypt_key (grub_uint8_t *out_key, grub_uint8_t salt[GRUB_CRYPTODISK_MAX_KEYLEN]; grub_uint8_t *split_key = NULL; grub_size_t saltlen = sizeof (salt); - char cipher[32], *p;; + char cipher[32], *p; const gcry_md_spec_t *hash; gcry_err_code_t gcry_ret; grub_err_t ret; @@ -602,9 +602,10 @@ luks2_recover_key (grub_disk_t disk, crypt->log_sector_size = sizeof (unsigned int) * 8 - __builtin_clz ((unsigned int) segment.sector_size) - 1; if (grub_strcmp (segment.size, "dynamic") == 0) - crypt->total_length = grub_disk_get_size (disk) - crypt->offset; + crypt->total_length = (grub_disk_get_size (disk) >> (crypt->log_sector_size - disk->log_sector_size)) + - crypt->offset; else - crypt->total_length = grub_strtoull (segment.size, NULL, 10); + crypt->total_length = grub_strtoull (segment.size, NULL, 10) >> crypt->log_sector_size; ret = luks2_decrypt_key (candidate_key, disk, crypt, &keyslot, (const grub_uint8_t *) passphrase, grub_strlen (passphrase)); -- 2.25.1 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 14/17] cryptodisk: Add header line to procfs entry and crypto and source device names.
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 26 +-
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index fc53ab491..acf87b6c8 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1206,34 +1206,47 @@ hex (grub_uint8_t val)
}
/* Open a file named NAME and initialize FILE. */
+#define STR(s) #s
+#define MAX_ID_PRINT 1
static char *
luks_script_get (grub_size_t *sz)
{
grub_cryptodisk_t i;
grub_size_t size = 0;
char *ptr, *ret;
+ const char header[] = N_("\n");
+ static char errmsg[] = N_("Can not list more than " STR(MAX_ID_PRINT)
+ " crypto devices.\n");
*sz = 0;
for (i = cryptodisk_list; i != NULL; i = i->next)
-if (grub_strncmp (i->modname, "luks", 4) == 0)
+if (i->id >= MAX_ID_PRINT)
+ {
+ *sz = sizeof (errmsg);
+ return errmsg;
+ }
+else if (grub_strncmp (i->modname, "luks", 4) == 0)
{
size += grub_strlen (i->modname);
size += sizeof ("_mount");
+ size += sizeof ("crypto");
+ size += grub_strlen (i->source);
size += grub_strlen (i->uuid);
size += grub_strlen (i->cipher->cipher->name);
- /* mode + mode_iv + spaces + offset + sector size + ??? + '\n' + NULL */
- size += 5 + 8 + 5 + 20 + 4 + 16 + 1 + 1;
+ /* spaces + maxidlen + mode_iv + mode + offset + sector size + ??? +
'\n' */
+ size += 4 + sizeof (STR(MAX_ID_PRINT)) + 8 + 5 + 20 + 4 + 16 + 1;
if (i->essiv_hash)
size += grub_strlen (i->essiv_hash->name);
size += i->keysize * 2;
}
- ret = grub_malloc (size + 1);
+ ret = grub_malloc (sizeof (header) + size + 1);
if (!ret)
return 0;
- ptr = ret;
+ ptr = grub_stpcpy (ret, header);
for (i = cryptodisk_list; i != NULL; i = i->next)
if (grub_strncmp (i->modname, "luks", 4) == 0)
@@ -1242,6 +1255,9 @@ luks_script_get (grub_size_t *sz)
const char *iptr;
ptr = grub_stpcpy (ptr, i->modname);
ptr = grub_stpcpy (ptr, "_mount ");
+ ptr += grub_snprintf (ptr, 8 + sizeof (STR(MAX_ID_PRINT)), "crypto%lu
", i->id);
+ ptr = grub_stpcpy (ptr, i->source);
+ *ptr++ = ' ';
ptr = grub_stpcpy (ptr, i->uuid);
*ptr++ = ' ';
ptr += grub_snprintf (ptr, 21, "%" PRIuGRUB_UINT64_T " ", i->offset);
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 08/17] cryptodisk: Unregister cryptomount command when removing module.
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index f460ab838..bc38687e4 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1317,5 +1317,6 @@ GRUB_MOD_FINI (cryptodisk)
{
grub_disk_dev_unregister (&grub_cryptodisk_dev);
cryptodisk_cleanup ();
+ grub_unregister_extcmd (cmd);
grub_procfs_unregister (&luks_script);
}
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 15/17] cryptodisk: Add a couple comments noting the usage of a couple fields in grub_cryptodisk_t as is done for grub_disk_t.
From: Glenn Washburn Signed-off-by: Glenn Washburn --- include/grub/cryptodisk.h | 6 ++ 1 file changed, 6 insertions(+) diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h index f9e42796e..8d3284aad 100644 --- a/include/grub/cryptodisk.h +++ b/include/grub/cryptodisk.h @@ -66,9 +66,15 @@ struct grub_cryptodisk struct grub_cryptodisk **prev; char *source; + + /* The offset number of sectors of the encrypt data on the underlying disk + * where sectors are the size of this cryptodisk. + */ grub_disk_addr_t offset; + /* Total number of encrypted sectors of size (1
[PATCH 07/17] cryptodisk, luks: Allow special processing for comparing UUIDs.
From: Glenn Washburn
Create grub_uuidcasecmp to compare UUIDs in a case-insensitive manner and
that ignores '-' characters. This is backwards compatible with the old LUKS1
code that stored and compared against UUIDs without dashes. However, the new
LUKS2 code stores and compares UUIDs that contain dashes. Really, the UUID
comparison shouldn't care about the dashes, as this change implements. Now
your old scripts will continue to work with UUIDs without dashes, but you
may choose to use UUIDs with dashes now too for both LUKS1 and LUKS2.
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 4 ++--
grub-core/disk/luks.c | 20
grub-core/disk/luks2.c | 2 +-
include/grub/misc.h | 21 +
4 files changed, 28 insertions(+), 19 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index f6b6302e1..f460ab838 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -660,7 +660,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
{
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
- if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
+ if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) ==
0)
break;
}
else
@@ -897,7 +897,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid)
{
grub_cryptodisk_t dev;
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
-if (grub_strcasecmp (dev->uuid, uuid) == 0)
+if (grub_uuidcasecmp (dev->uuid, uuid) == 0)
return dev;
return NULL;
}
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index 6ae162601..ea54a9d10 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -69,10 +69,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
int check_boot)
{
grub_cryptodisk_t newdev;
- const char *iptr;
struct grub_luks_phdr header;
- char *optr;
- char uuid[sizeof (header.uuid) + 1];
char ciphername[sizeof (header.cipherName) + 1];
char ciphermode[sizeof (header.cipherMode) + 1];
char hashspec[sizeof (header.hashSpec) + 1];
@@ -95,18 +92,9 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
|| grub_be_to_cpu16 (header.version) != 1)
return NULL;
- optr = uuid;
- for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
- iptr++)
+ if (check_uuid && grub_uuidcasecmp (check_uuid, header.uuid) != 0)
{
- if (*iptr != '-')
- *optr++ = *iptr;
-}
- *optr = 0;
-
- if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
-{
- grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
+ grub_dprintf ("luks", "%s != %s\n", header.uuid, check_uuid);
return NULL;
}
@@ -125,7 +113,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
newdev->source_disk = NULL;
newdev->log_sector_size = 9;
newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
+ grub_memcpy (newdev->uuid, header.uuid, sizeof (newdev->uuid));
newdev->modname = "luks";
/* Configure the hash used for the AF splitter and HMAC. */
@@ -145,7 +133,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
return NULL;
}
- COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
+ COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (header.uuid));
return newdev;
}
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 632309e3c..3c571b7fd 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -356,7 +356,7 @@ luks2_scan (grub_disk_t disk, const char *check_uuid, int
check_boot)
return NULL;
}
- if (check_uuid && grub_strcasecmp (check_uuid, header.uuid) != 0)
+ if (check_uuid && grub_uuidcasecmp (check_uuid, header.uuid) != 0)
return NULL;
cryptodisk = grub_zalloc (sizeof (*cryptodisk));
diff --git a/include/grub/misc.h b/include/grub/misc.h
index b7ca6dd58..3f0f42c22 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -243,6 +243,27 @@ grub_strncasecmp (const char *s1, const char *s2,
grub_size_t n)
- (int) grub_tolower ((grub_uint8_t) *s2);
}
+static inline int
+grub_uuidcasecmp (const char *uuid1, const char *uuid2)
+{
+ while (*uuid1 && *uuid2)
+{
+ while (*uuid1 == '-')
+uuid1++;
+ while (*uuid2 == '-')
+uuid2++;
+
+ if (grub_tolower (*uuid1) != grub_tolower (*uuid2))
+ break;
+
+ uuid1++;
+ uuid2++;
+}
+
+ return (int) grub_tolower ((grub_uint8_t) *uuid1)
+- (int) grub_tolower ((grub_uint8_t) *uuid2);
+}
+
/*
* Note that these differ from the C standard's definitions of strtol,
* strtoul(), and strtoull() by the addition of two const qualifiers on the end
--
2.25.1
[PATCH 10/17] cryptodisk: Properly handle non-512 byte sized sectors.
From: Glenn Washburn
By default, dm-crypt internally uses an IV that corresponds to 512-byte
sectors, even when a larger sector size is specified. What this means is
that when using a larger sector size, the IV is incremented every sector.
However, the amount the IV is incremented is the number of 512 byte blocks
in a sector (ie 8 for 4K sectors). Confusingly the IV does not corespond to
the number of, for example, 4K sectors. So each cipher block in the fifth
4K sector will be encrypted with an IV equal to 32, as opposed to 32-39 for
each sequential 512 byte block or an IV of 4 for each cipher block in the
sector.
There are some encryption utilities which do it the intuitive way and have
the IV equal to the sector number regardless of sector size (ie. the fifth
sector would have an IV of 4 for each cipher block). And this is supported
by dm-crypt with the iv_large_sectors option and also cryptsetup as of 2.3.3
with the --iv-large-sectors, though not with LUKS headers (only with --type
plain). However, support for this has not been included as grub does not
support plain devices right now.
One gotcha here is that the encrypted split keys are encrypted with a hard-
coded 512-byte sector size. So even if your data is encrypted with 4K sector
sizes, the split key encrypted area must be decrypted with a block size of
512 (ie the IV increments every 512 bytes). This made these changes less
aestetically pleasing than desired.
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 46 +
grub-core/disk/luks.c | 5 ++--
grub-core/disk/luks2.c | 6 -
include/grub/cryptodisk.h | 2 +-
4 files changed, 35 insertions(+), 24 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index bc38687e4..c30fb0e16 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -33,6 +33,9 @@
GRUB_MOD_LICENSE ("GPLv3+");
+/* Internally encrypted sectors are 512 bytes regardless of what the
cryptodisk is */
+#define CRYPT_LOG_SECTOR_SIZE 9
+
grub_cryptodisk_dev_t grub_cryptodisk_list;
static const struct grub_arg_option options[] =
@@ -224,7 +227,8 @@ lrw_xor (const struct lrw_sector *sec,
static gcry_err_code_t
grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
grub_uint8_t * data, grub_size_t len,
- grub_disk_addr_t sector, int do_encrypt)
+ grub_disk_addr_t sector, grub_size_t sector_size,
+ int do_encrypt)
{
grub_size_t i;
gcry_err_code_t err;
@@ -237,12 +241,13 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
: grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
- for (i = 0; i < len; i += (1U << dev->log_sector_size))
+ for (i = 0; i < len; i += (1U << sector_size))
{
grub_size_t sz = ((dev->cipher->cipher->blocksize
+ sizeof (grub_uint32_t) - 1)
/ sizeof (grub_uint32_t));
grub_uint32_t iv[(GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE + 3) / 4];
+ grub_uint64_t iv_calc;
if (dev->rekey)
{
@@ -270,7 +275,7 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
if (!ctx)
return GPG_ERR_OUT_OF_MEMORY;
- tmp = grub_cpu_to_le64 (sector << dev->log_sector_size);
+ tmp = grub_cpu_to_le64 (sector << sector_size);
dev->iv_hash->init (ctx);
dev->iv_hash->write (ctx, dev->iv_prefix, dev->iv_prefix_len);
dev->iv_hash->write (ctx, &tmp, sizeof (tmp));
@@ -281,14 +286,15 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
}
break;
case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
- iv[1] = grub_cpu_to_le32 (sector >> 32);
+ iv_calc = sector << (sector_size - CRYPT_LOG_SECTOR_SIZE);
+ iv[1] = grub_cpu_to_le32 (iv_calc >> 32);
/* FALLTHROUGH */
case GRUB_CRYPTODISK_MODE_IV_PLAIN:
- iv[0] = grub_cpu_to_le32 (sector & 0x);
+ iv[0] = grub_cpu_to_le32 (iv_calc & 0x);
break;
case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64:
- iv[1] = grub_cpu_to_le32 (sector >> (32 - dev->log_sector_size));
- iv[0] = grub_cpu_to_le32 ((sector << dev->log_sector_size)
+ iv[1] = grub_cpu_to_le32 (sector >> (32 - sector_size));
+ iv[0] = grub_cpu_to_le32 ((sector << sector_size)
& 0x);
break;
case GRUB_CRYPTODISK_MODE_IV_BENBI:
@@ -311,10 +317,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
case GRUB_CRYPTODISK_MODE_CBC:
if (do_encrypt)
err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i,
- (1U << dev->log_sector_size), iv);
+
[PATCH 12/17] fs: Allow number of blocks in block list to be optional, where length will be defaulted to the length of the device.
From: Glenn Washburn This is primarily useful to do something like "loopback newdev (dev)8+" to create a device that skips the first 4K, which may contain a non-standard RAID1 header that grub does not recognize. This would allow that initial data to be accessed and potentially mounted by grub up to the rest of the disk. There is currently not a good way with in grub to programmatically get the number of sectors on a disk to select the appropriate number of sectors. Signed-off-by: Glenn Washburn --- grub-core/kern/fs.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c index 14c17df74..273115b5a 100644 --- a/grub-core/kern/fs.c +++ b/grub-core/kern/fs.c @@ -173,7 +173,11 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) } p++; - blocks[i].length = grub_strtoul (p, &p, 0); + if (*p == '\0' || *p == ',') +blocks[i].length = total_native_sectors - blocks[i].offset; + else +blocks[i].length = grub_strtoul (p, &p, 0); + if (grub_errno != GRUB_ERR_NONE || blocks[i].length == 0 || (*p && *p != ',' && ! grub_isspace (*p))) -- 2.25.1 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 17/17] luks2: Fix use of incorrect index and some error messages.
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/luks2.c | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 44a73d2b8..48600db68 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -277,34 +277,34 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
grub_luks2_digest_t *d, grub_luks2_s
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not get digests");
for (j = 0; j < size; j++)
{
- if (grub_json_getchild (&digest, &digests, i) ||
+ if (grub_json_getchild (&digest, &digests, j) ||
grub_json_getchild (&digest, &digest, 0) ||
luks2_parse_digest (d, &digest))
- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest
%"PRIuGRUB_SIZE, i);
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest
%"PRIuGRUB_SIZE, j);
if ((d->keyslots & (1 << idx)))
break;
}
if (j == size)
- return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
%"PRIuGRUB_SIZE);
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
%"PRIuGRUB_SIZE, i);
/* Get segment that matches the digest. */
if (grub_json_getvalue (&segments, root, "segments") ||
grub_json_getsize (&size, &segments))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not get segments");
- for (j = 0; j < size; j++)
+ for (i = j, j = 0; j < size; j++)
{
- if (grub_json_getchild (&segment, &segments, i) ||
+ if (grub_json_getchild (&segment, &segments, j) ||
grub_json_getuint64 (&idx, &segment, NULL) ||
grub_json_getchild (&segment, &segment, 0) ||
luks2_parse_segment (s, &segment))
- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment
%"PRIuGRUB_SIZE, i);
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment
%"PRIuGRUB_SIZE, j);
if ((d->segments & (1 << idx)))
break;
}
if (j == size)
-return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No segment for digest
%"PRIuGRUB_SIZE);
+return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No segment for digest
%"PRIuGRUB_SIZE, i);
return GRUB_ERR_NONE;
}
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 13/17] loopback: Add procfs entry 'loopbacks' to output configured loopback devices.
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/loopback.c | 56 +++
1 file changed, 56 insertions(+)
diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c
index cdf9123fa..6a2be257b 100644
--- a/grub-core/disk/loopback.c
+++ b/grub-core/disk/loopback.c
@@ -21,6 +21,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -229,6 +230,60 @@ static struct grub_disk_dev grub_loopback_dev =
.next = 0
};
+
+/* Open a file named NAME and initialize FILE. */
+#define STR(s) #s
+#define MAX_ID_PRINT 1
+static char *
+loopbacks_get (grub_size_t *sz)
+{
+ struct grub_loopback *i;
+ grub_size_t size = 0;
+ char *ptr, *ret;
+ const char header[] = N_(" \n");
+ static char errmsg[] = N_("Can not list more than " STR(MAX_ID_PRINT)
+ " loopback devices.\n");
+
+ for (i = loopback_list; i != NULL; i = i->next)
+if (i->id < MAX_ID_PRINT)
+ {
+ /* id + spaces + '\n' */
+ size += sizeof (STR(MAX_ID_PRINT)) + 2 + 1;
+ size += grub_strlen (i->devname);
+ size += grub_strlen (i->file->name);
+ }
+else
+ {
+ *sz = sizeof (errmsg);
+ return errmsg;
+ }
+
+ ret = grub_malloc (sizeof (header) + size + 1);
+ if (!ret)
+return 0;
+
+ ptr = grub_stpcpy (ret, header);
+
+ for (i = loopback_list; i != NULL; i = i->next)
+{
+ ptr += grub_snprintf (ptr, 21, "%lu ", i->id);
+ ptr = grub_stpcpy (ptr, i->devname);
+ *ptr++ = ' ';
+ ptr = grub_stpcpy (ptr, i->file->name);
+ *ptr++ = '\n';
+}
+ *ptr = '\0';
+ *sz = ptr - ret;
+ return ret;
+}
+
+struct grub_procfs_entry loopbacks =
+{
+ .name = "loopbacks",
+ .get_contents = loopbacks_get
+};
+
+
static grub_extcmd_t cmd;
GRUB_MOD_INIT(loopback)
@@ -239,6 +294,7 @@ GRUB_MOD_INIT(loopback)
or transformed into drive. */
N_("Make a virtual drive from a file."), options);
grub_disk_dev_register (&grub_loopback_dev);
+ grub_procfs_register ("loopbacks", &loopbacks);
}
GRUB_MOD_FINI(loopback)
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 09/17] fs: When checking if a block list goes past the end of the disk, make sure the total size of the disk is in grub native sector sizes, otherwise there will be blocks at the end of the dis
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/kern/fs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c
index fb30da9f4..14c17df74 100644
--- a/grub-core/kern/fs.c
+++ b/grub-core/kern/fs.c
@@ -139,6 +139,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
unsigned i;
grub_disk_t disk = file->device->disk;
struct grub_fs_block *blocks;
+ grub_size_t total_native_sectors;
/* First, count the number of blocks. */
do
@@ -156,6 +157,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
return 0;
file->size = 0;
+ total_native_sectors = disk->total_sectors << (disk->log_sector_size -
GRUB_DISK_SECTOR_BITS);
p = (char *) name;
for (i = 0; i < num; i++)
{
@@ -181,7 +183,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name)
goto fail;
}
- if (disk->total_sectors < blocks[i].offset + blocks[i].length)
+ if (total_native_sectors < blocks[i].offset + blocks[i].length)
{
grub_error (GRUB_ERR_BAD_FILENAME, "beyond the total sectors");
goto fail;
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH 16/17] luks2: Ensure that bit fields of grub_luks2_digest_t in luks2_parse_digest are initialized before returning.
From: Glenn Washburn
Signed-off-by: Glenn Washburn
---
grub-core/disk/luks2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 0089d169c..44a73d2b8 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -230,6 +230,7 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
grub_json_t *digest)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
"Digest references no segments", type);
+ out->segments = 0;
for (i = 0; i < size; i++)
{
if (grub_json_getchild (&o, &segments, i) ||
@@ -242,6 +243,7 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
grub_json_t *digest)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
"Digest references no keyslots", type);
+ out->keyslots = 0;
for (i = 0; i < size; i++)
{
if (grub_json_getchild (&o, &keyslots, i) ||
--
2.25.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: Grub saved my Laptop, and made it usable. so i wanted to say thanks to everybody that worked on it.
On Mon, Nov 7, 2022 at 9:50 AM James Wabi wrote:
>
> Thanks vladimir, sadly it did not work. What i did was to include the memmap
> line like this on boot/grub/grub.cfg
>
>
> # This Menu entry brought to you courtesy of
> https://www.pendrivelinux.com/install-grub2-on-usb-from-ubuntu-linux/
> set timeout=10
> set default=0
>
> menuentry "Run Ubuntu Live ISO" {
> loopback loop /ubuntu.iso
> linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=/ubuntu.iso splash
> --
> memmap=16K\\\$0x000B4018000,16K\\\$0x000B2018000,4K\\\$0x000B401C000,4K\\\$0x000B201C000
I bet your problem here is one too many levels of escaping being done. Try:
linux (loop)/casper/vmlinuz boot=casper
iso-scan/filename=/ubuntu.iso splash --
memmap=16K\$0x000B4018000,16K\$0x000B2018000,4K\$0x000B401C000,4K\$0x000B201C000
A little more generic, and not linux specific way would be to use
GRUB's cutmem command[1]. Based on the documentation, I think you
could have the following lines at the top of the grub config:
cutmem 2949216K 2949232K
cutmem 2916448K 2916464K
cutmem 2949232K 2949236K
cutmem 2916464K 2916468K
Glenn
[1] https://www.gnu.org/software/grub/manual/grub/html_node/cutmem.html
>
> initrd (loop)/casper/initrd
> }
>
> Then i booted ubuntu from live usb, and i wanted to double check if those
> areas in the memory were reserved. So i opened terminal, and executed : dmesg
> A long list of reserved things were displayed but nothing related to those
> specific memory addresses.
>
> regards!
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
