Re: Patch: Allow Ext4 partitions with encrypted directories.

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch: Allow Ext4 partitions with encrypted directories.

From:	Andrei Borzenkov
Subject:	Re: Patch: Allow Ext4 partitions with encrypted directories.
Date:	Thu, 3 Nov 2016 18:16:42 +0300

On Wed, Nov 2, 2016 at 12:22 AM, Samee Zahur <address@hidden> wrote:
> Ext4 filesystem now allows users to choose directory trees to be stored
> encrypted. However, GRUB refuses to boot from such partitions, even if none
> of the boot-critical files are actually affected. The following patch fixes
> this. It was tested on the latest release version of ext4.
>
> Please let me know if more information is needed.
>
> diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
> index cdce63b..eca10e4 100644
> --- a/grub-core/fs/ext2.c
> +++ b/grub-core/fs/ext2.c
> @@ -2,6 +2,7 @@
>  /*
>   *  GRUB  --  GRand Unified Bootloader
>   *  Copyright (C) 2003,2004,2005,2007,2008,2009  Free Software Foundation,
> Inc.
> + *  Copyright (C) 2016 Google, Inc.
>   *

Hmm ... I had to sign contributor agreement that transfers copyright
to FSF. Not that I care personally but that may be problem ...

>   *  GRUB is free software: you can redistribute it and/or modify
>   *  it under the terms of the GNU General Public License as published by
> @@ -102,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
>  #define EXT4_FEATURE_INCOMPAT_64BIT            0x0080
>  #define EXT4_FEATURE_INCOMPAT_MMP              0x0100
>  #define EXT4_FEATURE_INCOMPAT_FLEX_BG          0x0200
> +#define EXT4_FEATURE_INCOMPAT_ENCRYPT          0x10000
>
>  /* The set of back-incompatible features this driver DOES support. Add (OR)
>   * flags here as the related features are implemented into the driver.  */
> @@ -120,9 +122,12 @@ GRUB_MOD_LICENSE ("GPLv3+");
>   * mmp:            Not really back-incompatible - was added as such to
>   *                 avoid multiple read-write mounts. Safe to ignore for
> this
>   *                 RO driver.
> + * encrypt:        We assume boot files are not encrypted (grub config,
> kernel,
> + *                 initramd etc.). If we are wrong, boot will fail as it
> should.
>   */

Do not assume users won't try to access something else.

>  #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
> -                                    | EXT4_FEATURE_INCOMPAT_MMP)
> +                                    | EXT4_FEATURE_INCOMPAT_MMP     \
> +                                    | EXT4_FEATURE_INCOMPAT_ENCRYPT)
>

And what happens when grub does see encrypted content? Returning
garbage is not an option here.

>
>  #define EXT3_JOURNAL_MAGIC_NUMBER      0xc03b3998U
>
>
> _______________________________________________
> Bug-grub mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/bug-grub
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Patch: Allow Ext4 partitions with encrypted directories., Andrei Borzenkov <=
- Re: Patch: Allow Ext4 partitions with encrypted directories., Samee Zahur, 2016/11/03
  - Re: Patch: Allow Ext4 partitions with encrypted directories., Andrei Borzenkov, 2016/11/06
    - Re: Patch: Allow Ext4 partitions with encrypted directories., Samee Zahur, 2016/11/08

Prev by Date: Re: [PATCH v6 2/4] arm64: add "--nounzip" option support in xen_module command
Next by Date: Re: [PATCH v6 3/4] * util/grub.d/20_linux_xen.in: Add xen_boot command support
Previous by thread: Re: [PATCH v6 2/4] arm64: add "--nounzip" option support in xen_module command
Next by thread: Re: Patch: Allow Ext4 partitions with encrypted directories.
Index(es):
- Date
- Thread