Re: Support for unsealing TPM keys in GRUB

On Fri, Jun 03, 2022 at 03:56:10PM +0530, sinfinity 85 wrote: > Hi > We need to unseal TPM keys in GRUB2 (2.0.4) in order to decrypt the kernel > and load it. But, I see that there's no support for unsealing keys in GRUB2. > However, support for unsealing keys is present in TrustedGrub.Has anyone

Re: [PATCH v2 3/3] grub-core/kern/disk.c: handle LUKS2 devices

On Sun, Jun 05, 2022 at 01:43:18PM -0500, Glenn Washburn wrote: > On Sun, 29 May 2022 09:09:38 +0200 > Patrick Steinhardt wrote: > > > On Tue, May 10, 2022 at 10:55:52PM -0500, Glenn Washburn wrote: > > > On Mon, 09 May 2022 22:27:30 +0200 > > > Josselin Poiret wrote: > > > > > > > Hello everyo

[PATCH v4 2/2] luks2: Fix decoding of digests and salts with escaped chars

It was reported in the #grub IRC channel on Libera that decryption of LUKS2 partitions fails with errors about invalid digests and/or salts. In all of these cases, what failed was decoding the Base64 representation of these, where the encoded data contained invalid characters. As it turns out, the

[PATCH v4 1/2] json: Add function to unescape JSON-encoded strings

JSON strings require certain characters to be encoded, either by using a single reverse solidus character "\" for a set of popular characters, or by using a Unicode representation of "\uX". The jsmn library doesn't handle unescaping for us, so we must implement this functionality for ourselves.

[PATCH v4 0/2] luks2: Fix decoding of digests and salts with escaped chars

Hi, this is the fourth version of my patch series which fixes decoding of digests and salts in LUKS2 headers in case they happen to contain escaped characters. While modern cryptsetup versions in fact don't escape any characters part of the Base64 alphabet, old versions of cryptsetup did this unti

Re: [PATCH v3 1/2] json: Add function to unescape JSON-encoded strings

On Sun, Jun 05, 2022 at 02:00:44PM -0500, Glenn Washburn wrote: > On Mon, 30 May 2022 18:01:01 +0200 > Patrick Steinhardt wrote: > > > JSON strings require certain characters to be encoded, either by using a > > single reverse solidus character "\" for a set of popular characters, or > > by using

Re: [PATCH v3 2/2] luks2: Fix decoding of digests and salts with escaped chars

On Mon, 30 May 2022 18:01:05 +0200 Patrick Steinhardt wrote: > It was reported in the #grub IRC channel on Libera that decryption of > LUKS2 partitions fails with errors about invalid digests and/or salts. > In all of these cases, what failed was decoding the Base64 > representation of these, whe

Re: [PATCH v3 1/2] json: Add function to unescape JSON-encoded strings

On Mon, 30 May 2022 18:01:01 +0200 Patrick Steinhardt wrote: > JSON strings require certain characters to be encoded, either by using a > single reverse solidus character "\" for a set of popular characters, or > by using a Unicode representation of "\uX". The jsmn library doesn't > handle un

Re: [PATCH v2 2/3] cryptodisk: Add support for using detached header files

On Sun, 29 May 2022 08:45:39 +0200 Patrick Steinhardt wrote: > On Mon, May 16, 2022 at 04:49:47PM -0500, Glenn Washburn wrote: > > Using the disk read hook mechanism, setup a read hook on the source disk > > which will read from the given header file during the scan and recovery > > cryptodisk ba

Re: [PATCH v2 3/3] grub-core/kern/disk.c: handle LUKS2 devices

On Sun, 29 May 2022 09:09:38 +0200 Patrick Steinhardt wrote: > On Tue, May 10, 2022 at 10:55:52PM -0500, Glenn Washburn wrote: > > On Mon, 09 May 2022 22:27:30 +0200 > > Josselin Poiret wrote: > > > > > Hello everyone, > > > > > > Glenn Washburn writes: > > > > > > > I don't really like this

Re: [PATCH v2 3/3] grub-core/kern/disk.c: handle LUKS2 devices

On Sun, 29 May 2022 08:58:20 +0200 Patrick Steinhardt wrote: > On Wed, May 04, 2022 at 04:47:08PM -0500, Glenn Washburn wrote: > > On Tue, 29 Mar 2022 12:31:58 +0200 > > Pierre-Louis Bonicoli wrote: > > > > > Unlike LUKS1, the sector size of LUKS2 devices isn't hardcoded. > > > > > > Regarding