grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached

From: Dmitry
Subject: Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers
Date: Wed, 5 Jan 2022 01:57:12 +0300


ср, 5 янв. 2022 г. в 01:07, Glenn Washburn <development@efficientek.com>:
On Tue, 4 Jan 2022 15:42:22 -0600
Glenn Washburn <development@efficientek.com> wrote:

I'm generally very pro-flexibility, but I'm not sure I like this from a
user perspective. For the common case, which is detached headers in a
file, this will cause the user to do more work (create a loopback
device of the file). What's a reasonable scenario where a user would
want the detached header on a device as opposed to a file system? Am I
correct in thinking that you use such functionality?

Actually no, I only use a file for the external header, not a disk.
I have now looked at the patches again and will try to state my point of view in
more detail:

I don't think the hdr_file field as it stands in the patch set is relevant. I mean
the hdr_file field of type grub_file_t in the grub_cryptomount_args structure.
Even the grub_disk_t type may not be relevant here. You could only pass
a header file name or a disk name (as char*) through this structure. This would
reflect the essence of this structure, but further implementation the code will
not be pretty in this case.

I still suggest expanding the number of parameters for the recover_key function
and use grub_disk_t to pass the header from the user directly.

I'll leave it here for your reference:
https://gitlab.com/reagentoo/grub/-/blob/0921badcf817071639058bc4a534c8e6bd05f212/grub-core/disk/luks2.c#L545

header_source is equal source - if we are not using external header
 

I do like that it simplifies the code. An alternative route to get the
same simplification while still being given a file path as an argument
to cryptomount would be to internally create a loopback device and use
that instead of passing a file around. A possible undesirabe
side-effect, this might require being dependent on the loopback module.

Glenn

>
> >  };
> >  typedef struct grub_cryptomount_args *grub_cryptomount_args_t;
> > 
> > diff --git a/include/grub/file.h b/include/grub/file.h
> > index 31567483c..3a3c49a04 100644
> > --- a/include/grub/file.h
> > +++ b/include/grub/file.h
> > @@ -90,6 +90,8 @@ enum grub_file_type
> >      GRUB_FILE_TYPE_FONT,
> >      /* File holding encryption key for encrypted ZFS.  */
> >      GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY,
> > +    /* File holding the encryption metadata header */
> > +    GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER,
> >      /* File we open n grub-fstest.  */
> >      GRUB_FILE_TYPE_FSTEST,
> >      /* File we open n grub-mount.  */
>
> Dmitry
reply via email to
[Prev in Thread] Current Thread [Next in Thread]