grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cryptodisk: teach grub_cryptodisk_insert() about partitions (bug #45


From: Vladimir 'φ-coder/phcoder' Serbinenko
Subject: Re: cryptodisk: teach grub_cryptodisk_insert() about partitions (bug #45889)
Date: Tue, 8 Sep 2015 09:38:19 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.1.0

On 06.09.2015 21:10, TJ wrote:
> https://savannah.gnu.org/bugs/index.php?45889
> 
> Boot disk with 3 LUKS/dm-crypt GPT partitions
> 
> (hd0,gpt3) (hd0,gpt4) (hd0,gpt5)
> 
> grub is in (hd0,gpt3). The others have a LVM VG each.
> 
> Using GRUB_ENABLE_CRYPTODISK=y I deliberately fail the first pass-phrase
> entry to get the rescue environment. I then
> 
> cryptomount hd0,gpt3
> 
> (crypto0) device is now present and prefix/root are set correctly. I
> insmod some other modules (exploring available functions) and
> 
> set debug=cryptodisk
> 
> I try to
> 
> cryptomount hd0,gpt4
> cryptomount hd0,gpt4
> 
> and see the message
> 
> disk/cryptodisk.c:978: already mounted as crypto0
> 
> But ls shows only (crypto0)
> 
> With the attached patch the mounts now work:
> 
> Attempting to decrypt master key...
> Enter passphrase for hd0,gpt3 ( ...UUID...)
> Slot 0 opened
> <<<< next line comes from temporary grub_dprintf() not included in patch
>>>>>
> disk/cryptodisk.c:718: insert 0, source 'hd0,gpt3', id 128, dev_id 0
> grub rescue> ls
> (hd0) (hd0,gpt5) (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1) (crypto0)
> (proc)
> grub rescue> cryptomount hd0,gpt4
> Attempting to decrypt master key...
> Enter passphrase for hd0,gpt4 (...UUID...)
> Slot 0 opened
> disk/cryptodisk.c:718: insert 1, source 'hd0,gpt4', id 128, dev_id 0
> grub rescue> cryptomount hd0,gpt5
> Attempting to decrypt master key...
> Enter passphrase for hd0,gpt5 (...UUID...)
> Slot 0 opened
> disk/cryptodisk.c:718: insert 2, source 'hd0,gpt4', id 128, dev_id 0
> grub rescue> insmod lvm
> grub rescue> ls
> (lvm/VG_OS-x86_64.usr_local) (lvm/VG_OS-ubuntu_15.10_var)
> (lvm/VG_OS-ubuntu_15.10_rootfs) (lvm/VG_DATA-home) (hd0) (hd0,gpt5)
> (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1) (crypto2) (crypto1)
> (crypto0) (proc)
> 
> ---
>  grub-core/disk/cryptodisk.c | 7 ++++++-
>  include/grub/cryptodisk.h   | 1 +
>  2 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 82a3dcb..0e6bc3f 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -25,6 +25,7 @@
>  #include <grub/fs.h>
>  #include <grub/file.h>
>  #include <grub/procfs.h>
> +#include <grub/partition.h>
> 
>  #ifdef GRUB_UTIL
>  #include <grub/emu/hostdisk.h>
> @@ -718,6 +719,7 @@ grub_cryptodisk_insert (grub_cryptodisk_t newdev,
> const char *name,
>    newdev->id = last_cryptodisk_id++;
>    newdev->source_id = source->id;
>    newdev->source_dev_id = source->dev->id;
> +  newdev->partition_number = source->partition ?
> source->partition->number : 0;
>    newdev->next = cryptodisk_list;
>    cryptodisk_list = newdev;
> 
> @@ -740,7 +742,9 @@ grub_cryptodisk_get_by_source_disk (grub_disk_t disk)
>    grub_cryptodisk_t dev;
>    for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
>      if (dev->source_id == disk->id && dev->source_dev_id == disk->dev->id)
> -      return dev;
> +      if ((disk->partition && disk->partition->number ==
> dev->partition_number) ||
> +          (!disk->partition && dev->partition_number == 0))
> +        return dev;
Please store and compare partition start, not parition number as the
same partition can be available several times through different partiton
schemes under different numbers. Additionally this allows to use
get_partition_start which already has the logic of handling empty partitions
>    return NULL;
>  }
> 
> @@ -761,6 +765,7 @@ grub_cryptodisk_cheat_insert (grub_cryptodisk_t
> newdev, const char *name,
>    newdev->cheat_fd = GRUB_UTIL_FD_INVALID;
>    newdev->source_id = source->id;
>    newdev->source_dev_id = source->dev->id;
> +  newdev->partition_number = source->partition ?
> source->partition->number : 0;
>    newdev->id = last_cryptodisk_id++;
>    newdev->next = cryptodisk_list;
>    cryptodisk_list = newdev;
> diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
> index f2ad2a7..b638f2e 100644
> --- a/include/grub/cryptodisk.h
> +++ b/include/grub/cryptodisk.h
> @@ -97,6 +97,7 @@ struct grub_cryptodisk
>    grub_uint8_t rekey_key[64];
>    grub_uint64_t last_rekey;
>    int rekey_derived_size;
> +  int partition_number;
>  };
>  typedef struct grub_cryptodisk *grub_cryptodisk_t;
> 


Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]