grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Support for plain dm-crypt and detached LUKS header

From: Mat628
Subject: Re: Support for plain dm-crypt and detached LUKS header
Date: Tue, 11 Apr 2017 01:05:35 -0400
>I would personally assume that something could be done in the dedicated /etc/grub.d/ directories that would allow grub-mkconfig to function as required without changing anything to it?  

Xen, that is probably possible, but I chose to modify grub-mkconfig_lib.in because that is where the original code to mount a cryptodisk is echoed to grub.cfg.

Unmodified grub-2.02-rc2 grub-mkconfig_lib.in

prepare_grub_to_access_device ()
{
.
.
.
if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
      for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do
      echo "cryptomount -u $uuid"
      done
  fi
----------------
"cryptomount -u $uuid" is echoed into grub.cfg as seen below
----------------

menuentry 'Ubuntu GNU/Linux'{
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod cryptodisk
    insmod luks
    insmod gcry_rijndael
    insmod gcry_rijndael
    insmod gcry_sha1
    insmod lvm
    insmod ext2
    cryptomount -u f804b7d24ec3460aaa45b0bcd8d294ac
    set root='lvmid/mi5iPo-r7rN-RZ5n-oD5M-7UNA-espt-Y5JCrX/
----------------

Now with my modified grub-mkconfig_lib.in it replaces all instances of "cryptomount -u $uuid" with the contents of mattle_opts.cfg by echoing the contents instead of echoing "cryptomount -u $uuid". Now to do the same as above but for a LUKS device with detached header.

mattle_opts.cfg file contents -->

search.pt_uuid 12345678-01 luks_device
search.fs_uuid 1234-5678 usb_with_header_file
cryptomount --header=($usb_with_header_file)/header.bin ($luks_device)
----------------
prepare_grub_to_access_device ()
{
.
.
.
if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
      if [ x$GRUB_ENABLE_CRYPTODISK_MATTLE_OPTS = xy ]; then
          .
          .
          .
          if test -f "${prefix}/etc/mattle_opts.cfg"; then
            while read -r WHOLE_FILE; do echo "$WHOLE_FILE" ; done < ${prefix}/etc/mattle_opts.cfg
          else
            gettext_printf "Error: cannot open %s\n" "${prefix}/etc/mattle_opts.cfg" 1>&2
            exit 1
          fi
      else
        for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do
          echo "cryptomount -u $uuid"
        done
      fi
  fi
----------------
grub.cfg
----------------
menuentry 'Ubuntu GNU/Linux' {
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod cryptodisk
    insmod luks
    insmod gcry_rijndael
    insmod gcry_rijndael
    insmod gcry_sha1
    insmod lvm
    insmod ext2
    search.pt_uuid 12345678-01 luks_device
    search.fs_uuid 1234-5678 usb_with_header_file
    cryptomount --header=($usb_with_header_file)/header.bin ($luks_device)
    set root='lvmid/mi5iPo-r7rN-RZ5n-oD5M-7UNA-espt-Y5JCrX/
----------------

The grub.cfg is the same, including loaded modules, with the only difference from mattle_opts.cfg.

reply via email to
[Prev in Thread] Current Thread [Next in Thread]