[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/5] cryptodisk: Support key protectors
From: |
James Bottomley |
Subject: |
Re: [PATCH 4/5] cryptodisk: Support key protectors |
Date: |
Tue, 25 Jan 2022 12:28:51 -0500 |
User-agent: |
Evolution 3.34.4 |
On Mon, 2022-01-24 at 23:42 -0600, Glenn Washburn wrote:
> On Mon, 24 Jan 2022 06:12:17 -0800
> Hernan Gatta <hegatta@linux.microsoft.com> wrote:
[...]
> > + }
> > +
> > if (state[0].set) /* uuid */
> > {
> > int found_uuid;
> > @@ -1385,7 +1404,7 @@ GRUB_MOD_INIT (cryptodisk)
> > {
> > grub_disk_dev_register (&grub_cryptodisk_dev);
> > cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount,
> > 0,
> > - N_("[-p password] <SOURCE|-u UUID|-a|-
> > b>"),
> > + N_("[-p password] [-k protector[:args]]
> > <SOURCE|-u UUID|-a|-b>"),
>
> This looks eerily similiar to what I proposed to James in response to
> his SEV patches[1]. As such, I am in favor of this syntax and it
> looks to me like a framework that James can use for his SEV series.
Well, I could, but I've got to say for a shell like system, which grub
is, argument lists passed as a single argument always cause problems
with quoting and interpolation. if the protector needs additional
arguments to initialize, then it should really be done as a separate
module to avoid the arguments within argument problem, so
protector_init [args]
crtptomount -k protector ...
means that [args] can use the standard arguments and doesn't have any
internal quoting issues.
James