On Thu, 9 Dec 2021 18:38:51 +0100
Josselin Poiret via Grub-devel wrote:
> Hello,
>
> These two draft patches make devmapper set up LUKS2 cryptomount
> properties when pulling, as well as report LUKS2 cryptomounts as
> having GRUB_DEV_ABSTRACTION_LUKS. This makes grub-probe and
> grub-install b
On Tue, Dec 07, 2021 at 06:27:26PM -0600, Glenn Washburn wrote:
> On Tue, 7 Dec 2021 23:07:32 +0100
> Michael Schierl wrote:
>
> > Hello Glenn,
> >
> >
> > Am 07.12.2021 um 22:59 schrieb Glenn Washburn:
> > > Yes, but I didn't want to assume that "all" is the first item in the
> > > list.
> >
> >
Why not just add "export superusers" to the config file?
Le jeu. 9 déc. 2021, 15:42, 周子隆 a écrit :
> Since GRUB supports multi-level menu entries:
>In order to enable authentication support, the "superusers" variable
> and "--unrestricted" in menu entry has been set, but GRUB authenticatio
Hello,
These two draft patches make devmapper set up LUKS2 cryptomount
properties when pulling, as well as report LUKS2 cryptomounts as
having GRUB_DEV_ABSTRACTION_LUKS. This makes grub-probe and
grub-install behave properly wrt. LUKS2 drives: `grub-probe -t
abstraction /` reports all the needed
This lets a LUKS2 cryptodisk have all the cipher, hash, and sizes
filled out, otherwise they wouldn't be initialized if cheat mounted.
---
grub-core/osdep/devmapper/getroot.c | 51 -
1 file changed, 50 insertions(+), 1 deletion(-)
diff --git a/grub-core/osdep/devmapper
Changes UUID comparisons so that LUKS1 and LUKS2 are both recognized
as being LUKS cryptodisks.
---
grub-core/osdep/devmapper/getroot.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/grub-core/osdep/devmapper/getroot.c
b/grub-core/osdep/devmapper/getroot.c
index 9ba5c
Call grub_partition_get_name unconditionally to initialize the part
variable. Then part will only be NULL when grub_partition_get_name errors.
Note that when source->partition is NULL, then grub_partition_get_name
returns an allocated empty string. So no comma or partition will be printed,
as desir
When a cryptmount is specified with a UUID, but no cryptodisk backends find
a disk with that UUID, return a more detailed message giving telling the
user that they might not have a needed cryptobackend module loaded.
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 2 +-
1 file ch
Note that cargs.search_uuid does not need to be initialized in various parts
of the cryptomount argument parsing, just once when cargs is declared with a
struct initializer. The previous code used a global variable which would
retain the value across cryptomount invocations.
Signed-off-by: Glenn W
This displays an error notifying the user that they'll want to load a
backend module to make cryptomount useful.
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 9d
Previously, the cryptomount arguments were passed by global variable and
function call argument, neither of which are ideal. This change passes data
via a grub_cryptomount_args struct, which can be added to over time as
opposed to continually adding arguments to the cryptodisk scan and
recover_key.
The crypto device modules should only be setting up the crypto devices and
not getting user input. This has the added benefit of simplifying the code
such that three essentially duplicate pieces of code are merged into one.
Add documentation of passphrase option for cryptomount as it is now usable
Signed-off-by: Glenn Washburn
---
grub-core/disk/luks2.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 371a53b83..fea196dd4 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -370,7 +370,10 @@ luks2_s
Update such that "cryptomount -u UUID" will not print two error messages
when an invalid passphrase is given and the most relevant error message
will be displayed.
Signed-off-by: Glenn Washburn
---
grub-core/disk/cryptodisk.c | 21 +
1 file changed, 17 insertions(+), 4 deleti
The global "have_it" was never used by the crypto-backends, but was used to
determine if a crypto-backend successfully mounted a cryptodisk with a given
uuid. This is not needed however, because grub_device_iterate() will return
1 if and only if grub_cryptodisk_scan_device() returns 1. And
grub_cry
Updates since v4:
* Rework patch #2 to (hopefully) be easier to understand
* Add more commentary to patch #2 commit message
* Split previous patch #3 into three separate patches
---
This patch series refactors the way cryptomount passes data to the crypto
modules. Currently, the method has been by
On Tue, Dec 07, 2021 at 03:34:29PM -0500, Robbie Harwood wrote:
> Daniel Kiper writes:
> > On Mon, Nov 29, 2021 at 06:21:46PM -0500, Robbie Harwood wrote:
> >> Daniel Kiper writes:
> >>
> >> > Yeah, but I think it would require major overhaul. Does not it? If yes
> >> > then maybe we should consi
Since GRUB supports multi-level menu entries:
In order to enable authentication support, the "superusers"
variable and "--unrestricted" in menu entry has been set, but GRUB
authentication only works in the top-level menu entry. When entering a menu
entry with "--unrestricted" set, users can
On Wed, Dec 08, 2021 at 12:18:13PM -0600, Glenn Washburn wrote:
> On Wed, 8 Dec 2021 17:37:19 +0100
> Daniel Kiper wrote:
>
> > On Sat, Dec 04, 2021 at 01:15:45AM -0600, Glenn Washburn wrote:
> > > The global "have_it" was never used by the crypto-backends, but was used
> > > to
> > > determine i
On Wed, Dec 08, 2021 at 12:28:56PM -0600, Glenn Washburn wrote:
> On Wed, 8 Dec 2021 17:41:32 +0100
> Daniel Kiper wrote:
>
> > On Sat, Dec 04, 2021 at 01:15:46AM -0600, Glenn Washburn wrote:
> > > Update such that "cryptomount -u UUID" will not print two error messages
> > > when an invalid passp
20 matches
Mail list logo
