Overview

File 0004-commands-search-Add-the-diskfilter-support.patch of Package grub2

From 13ae8a054a4a0b871ce3fd8ddaaff7a4f2ba2478 Mon Sep 17 00:00:00 2001
From: Maxim Suhanov <dfirblog@gmail.com>
Date: Thu, 8 May 2025 19:02:10 +0200
Subject: [PATCH 4/8] commands/search: Add the diskfilter support

When the --cryptodisk-only argument is given, also check the target
device using the "cryptocheck" command, if available.

This extends the checks to common layouts like LVM-on-LUKS, so the
--cryptodisk-only argument transparently handles such setups.

Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/commands/search.c | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
index f6bfef9585..185c1e70f7 100644
--- a/grub-core/commands/search.c
+++ b/grub-core/commands/search.c
@@ -54,6 +54,36 @@ struct search_ctx
   int is_cache;
 };
 
+static bool
+is_unencrypted_disk (grub_disk_t disk)
+{
+  grub_command_t cmd;
+  char *disk_str;
+  int disk_str_len;
+  int res;
+
+  if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
+    return false; /* This is (crypto) disk. */
+
+  if (disk->dev->id == GRUB_DISK_DEVICE_DISKFILTER_ID)
+    {
+      cmd = grub_command_find ("cryptocheck");
+      if (cmd == NULL) /* No diskfilter module loaded for some reason. */
+        return true;
+
+      disk_str_len = grub_strlen (disk->name) + 2 + 1;
+      disk_str = grub_malloc (disk_str_len);
+      if (disk_str == NULL) /* Something is wrong, better report as unencrypted. */
+        return true;
+
+      grub_snprintf (disk_str, disk_str_len, "(%s)", disk->name);
+      res = cmd->func (cmd, 1, &disk_str);
+      grub_free (disk_str);
+      return (res != GRUB_ERR_NONE) ? true : false; /* GRUB_ERR_NONE for encrypted. */
+    }
+  return true;
+}
+
 /* Helper for FUNC_NAME.  */
 static int
 iterate_device (const char *name, void *data)
@@ -97,7 +127,7 @@ iterate_device (const char *name, void *data)
 	  grub_errno = GRUB_ERR_NONE;
 	  return 0;
 	}
-      if (dev->disk == NULL || dev->disk->dev->id != GRUB_DISK_DEVICE_CRYPTODISK_ID)
+      if (dev->disk == NULL || is_unencrypted_disk (dev->disk) == true)
 	{
 	  grub_device_close (dev);
 	  grub_errno = GRUB_ERR_NONE;
-- 
2.49.0
openSUSE Build Service is sponsored by
Places