Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:BenniBrunner:branches:home:okir:FDE
grub2
0002-cryptodisk-improve-luks_recover_key-attemp...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-cryptodisk-improve-luks_recover_key-attempts-option.patch of Package grub2
Index: grub-2.06/grub-core/disk/luks.c =================================================================== --- grub-2.06.orig/grub-core/disk/luks.c +++ grub-2.06/grub-core/disk/luks.c @@ -31,8 +31,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); #define LUKS_KEY_ENABLED 0x00AC71F3 -extern unsigned long max_attempts; - /* On disk LUKS header */ struct grub_luks_phdr { @@ -150,11 +148,11 @@ configure_ciphers (grub_disk_t disk, gru } static grub_err_t -luks_recover_key_attempt (grub_disk_t source, +luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, - grub_cryptomount_args_t cargs, - struct grub_luks_phdr header) + grub_cryptomount_args_t cargs) { + struct grub_luks_phdr header; grub_size_t keysize; grub_uint8_t *split_key = NULL; grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; @@ -166,6 +164,10 @@ luks_recover_key_attempt (grub_disk_t so if (cargs->key_data == NULL || cargs->key_len == 0) return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data"); + err = grub_disk_read (source, 0, 0, sizeof (header), &header); + if (err) + return err; + grub_puts_ (N_("Attempting to decrypt master key...")); keysize = grub_be_to_cpu32 (header.keyBytes); if (keysize > GRUB_CRYPTODISK_MAX_KEYLEN) @@ -294,35 +296,6 @@ luks_recover_key_attempt (grub_disk_t so return GRUB_ACCESS_DENIED; } -static grub_err_t -luks_recover_key (grub_disk_t source, - grub_cryptodisk_t dev, - grub_cryptomount_args_t cargs - ) -{ - grub_err_t err; - struct grub_luks_phdr header; - unsigned long i; - - err = grub_disk_read (source, 0, 0, sizeof (header), &header); - if (err) - return err; - - max_attempts = max_attempts ? max_attempts : 1; - for (i = 0; i < max_attempts; i++) - { - /* When i > 0, the previous failed attempt will have - * a grub_errno == GRUB_ERR_ACCESS_DENIED - */ - grub_errno = GRUB_ERR_NONE; - err = luks_recover_key_attempt(source, dev, cargs, header); - /* Anything other than GRUB_ERR_ACCESS_DENIED is success, or unrecoverable. */ - if (err != GRUB_ERR_ACCESS_DENIED && err != GRUB_ERR_BAD_ARGUMENT) - return err; - } - return err; -} - struct grub_cryptodisk_dev luks_crypto = { .scan = configure_ciphers, .recover_key = luks_recover_key Index: grub-2.06/util/grub-mkconfig_lib.in =================================================================== --- grub-2.06.orig/util/grub-mkconfig_lib.in +++ grub-2.06/util/grub-mkconfig_lib.in @@ -150,9 +150,17 @@ prepare_grub_to_access_device () done if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then - for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do - echo "cryptomount -u $uuid" - done + re='^[0-9]+$' + if [[ $GRUB_CRYPTODISK_ATTEMPTS =~ $re ]]; then + for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do + echo "cryptomount -u $uuid -t $GRUB_CRYPTODISK_ATTEMPTS" + done + else + grub_warn "GRUB_CRYPTODISK_ATTEMPTS=$GRUB_CRYPTODISK_ATTEMPTS is not a valid number. Ignoring!" + for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do + echo "cryptomount -u $uuid" + done + fi fi # If there's a filesystem UUID that GRUB is capable of identifying, use it;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor