grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/5] cryptodisk: Support key protectors

From: James Bottomley
Subject: Re: [PATCH 4/5] cryptodisk: Support key protectors
Date: Tue, 25 Jan 2022 12:28:51 -0500
User-agent: Evolution 3.34.4 
On Mon, 2022-01-24 at 23:42 -0600, Glenn Washburn wrote:
> On Mon, 24 Jan 2022 06:12:17 -0800
> Hernan Gatta <hegatta@linux.microsoft.com> wrote:
[...]
> > +    }
> > +
> >    if (state[0].set) /* uuid */
> >      {
> >        int found_uuid;
> > @@ -1385,7 +1404,7 @@ GRUB_MOD_INIT (cryptodisk)
> >  {
> >    grub_disk_dev_register (&grub_cryptodisk_dev);
> >    cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount,
> > 0,
> > -                         N_("[-p password] <SOURCE|-u UUID|-a|-
> > b>"),
> > +                         N_("[-p password] [-k protector[:args]]
> > <SOURCE|-u UUID|-a|-b>"),
> 
> This looks eerily similiar to what I proposed to James in response to
> his SEV patches[1]. As such, I am in favor of this syntax and it
> looks to me like a framework that James can use for his SEV series.

Well, I could, but I've got to say for a shell like system, which grub
is, argument lists passed as a single argument always cause problems
with quoting and interpolation.  if the protector needs additional
arguments to initialize, then it should really be done as a separate
module to avoid the arguments within argument problem, so

protector_init [args]
crtptomount -k protector ...

means that [args] can use the standard arguments and doesn't have any
internal quoting issues.

James
reply via email to
[Prev in Thread] Current Thread [Next in Thread]