From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1kv1tf-0000FA-4e for mharc-grub-devel@gnu.org; Thu, 31 Dec 2020 12:37:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50254) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kv1te-0000EG-6q for grub-devel@gnu.org; Thu, 31 Dec 2020 12:37:58 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:17744) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kv1tc-0006LX-4H for grub-devel@gnu.org; Thu, 31 Dec 2020 12:37:57 -0500 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0BVHVdTl069016; Thu, 31 Dec 2020 12:37:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=NqPwC2i6d0bX0/2hr0DSnsjt+c8fWXf87UZ1vMz1erA=; b=KXgKJo39uVoGuz+kNynLDuU+NiL54Z7h13w+Yj0oAlhKO5SwcJvual920rdRM31TcCnm zs5RlRaZuGzlCiiw7MUdeKuDwhQcHVJcYHFvgmK6D/tspDBkKS7cDiPuFd63WO49tLZW d58wHvMRHGpywTU8JCzGXKwn38TP8ckNuGdpxy3N3Ywqpfm3fXrYIoElJF9Kc5eBxTxJ WwEeZueVOY/gNqzuanuInma2nlgQqMpLkWS6pYvxtwSFsF3lKKsOUbOBVEg4rnsh5vFx o7yHhjC9/oXnYOpVN87HAct6WYwsf8w4tW2W+TTMiw9bqK7pKHQZJbMcIEDEUIisBfcl cQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 35sjhwrxa6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 31 Dec 2020 12:37:53 -0500 Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0BVHXIU2083808; Thu, 31 Dec 2020 12:37:52 -0500 Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com with ESMTP id 35sjhwrx9t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 31 Dec 2020 12:37:52 -0500 Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0BVHaq3r008384; Thu, 31 Dec 2020 17:37:51 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma04wdc.us.ibm.com with ESMTP id 35qs7gj9f9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 31 Dec 2020 17:37:51 +0000 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0BVHblvd22348140 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 31 Dec 2020 17:37:47 GMT Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BFD34136051; Thu, 31 Dec 2020 17:37:47 +0000 (GMT) Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E123913604F; Thu, 31 Dec 2020 17:37:44 +0000 (GMT) Received: from jarvis.int.hansenpartnership.com (unknown [9.85.135.109]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 31 Dec 2020 17:37:44 +0000 (GMT) From: James Bottomley To: grub-devel@gnu.org Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" Subject: [PATCH v3 1/3] cryptodisk: make the password getter and additional argument to recover_key Date: Thu, 31 Dec 2020 09:36:16 -0800 Message-Id: <20201231173618.20751-2-jejb@linux.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201231173618.20751-1-jejb@linux.ibm.com> References: <20201231173618.20751-1-jejb@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-31_09:2020-12-31, 2020-12-31 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 adultscore=0 lowpriorityscore=0 clxscore=1015 mlxlogscore=999 impostorscore=0 suspectscore=0 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012310104 Received-SPF: pass client-ip=148.163.156.1; envelope-from=jejb@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2020 17:37:58 -0000 For AMD SEV environments, the grub boot password has to be retrieved from a given memory location rather than prompted for. This means that the standard password getter needs to be replaced with one that gets the passphrase from the SEV area and uses that instead. Adding the password getter as a passed in argument to recover_key() makes this possible. Signed-off-by: James Bottomley --- v2: add conditional prompting to geli.c v3: make getter specify prompt requirement --- grub-core/disk/cryptodisk.c | 2 +- grub-core/disk/geli.c | 12 +++++++----- grub-core/disk/luks.c | 12 +++++++----- grub-core/disk/luks2.c | 12 +++++++----- grub-core/lib/crypto.c | 4 ++++ grub-core/osdep/unix/password.c | 4 ++++ grub-core/osdep/windows/password.c | 4 ++++ include/grub/cryptodisk.h | 6 +++++- 8 files changed, 39 insertions(+), 17 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index b62835acc..c51c2edb8 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -1011,7 +1011,7 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) if (!dev) continue; - err = cr->recover_key (source, dev); + err = cr->recover_key (source, dev, grub_password_get); if (err) { cryptodisk_close (dev); diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c index 2f34a35e6..3d826104d 100644 --- a/grub-core/disk/geli.c +++ b/grub-core/disk/geli.c @@ -398,7 +398,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, } static grub_err_t -recover_key (grub_disk_t source, grub_cryptodisk_t dev) +recover_key (grub_disk_t source, grub_cryptodisk_t dev, + grub_passwd_cb *password_get) { grub_size_t keysize; grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN]; @@ -438,11 +439,12 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev) tmp = NULL; if (source->partition) tmp = grub_partition_get_name (source->partition); - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition ? "," : "", tmp ? : "", - dev->uuid); + if (password_get (NULL, 0)) + grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, + source->partition ? "," : "", tmp ? : "", + dev->uuid); grub_free (tmp); - if (!grub_password_get (passphrase, MAX_PASSPHRASE)) + if (!password_get (passphrase, MAX_PASSPHRASE)) return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); /* Calculate the PBKDF2 of the user supplied passphrase. */ diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 13103ea6a..13eee2a18 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -152,7 +152,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, static grub_err_t luks_recover_key (grub_disk_t source, - grub_cryptodisk_t dev) + grub_cryptodisk_t dev, + grub_passwd_cb *password_get) { struct grub_luks_phdr header; grub_size_t keysize; @@ -187,11 +188,12 @@ luks_recover_key (grub_disk_t source, tmp = NULL; if (source->partition) tmp = grub_partition_get_name (source->partition); - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition ? "," : "", tmp ? : "", - dev->uuid); + if (password_get (NULL, 0)) + grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, + source->partition ? "," : "", tmp ? : "", + dev->uuid); grub_free (tmp); - if (!grub_password_get (passphrase, MAX_PASSPHRASE)) + if (!password_get (passphrase, MAX_PASSPHRASE)) { grub_free (split_key); return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index 7460d7b58..7597d8576 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -542,7 +542,8 @@ luks2_decrypt_key (grub_uint8_t *out_key, static grub_err_t luks2_recover_key (grub_disk_t source, - grub_cryptodisk_t crypt) + grub_cryptodisk_t crypt, + grub_passwd_cb *password_get) { grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN]; char passphrase[MAX_PASSPHRASE], cipher[32]; @@ -584,10 +585,11 @@ luks2_recover_key (grub_disk_t source, /* Get the passphrase from the user. */ if (source->partition) part = grub_partition_get_name (source->partition); - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition ? "," : "", part ? : "", - crypt->uuid); - if (!grub_password_get (passphrase, MAX_PASSPHRASE)) + if (password_get (NULL, 0)) + grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, + source->partition ? "," : "", part ? : "", + crypt->uuid); + if (!password_get (passphrase, MAX_PASSPHRASE)) { ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); goto err; diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c index ca334d5a4..34272a7ad 100644 --- a/grub-core/lib/crypto.c +++ b/grub-core/lib/crypto.c @@ -456,6 +456,10 @@ grub_password_get (char buf[], unsigned buf_size) unsigned cur_len = 0; int key; + if (!buf) + /* want prompt */ + return 1; + while (1) { key = grub_getkey (); diff --git a/grub-core/osdep/unix/password.c b/grub-core/osdep/unix/password.c index 9996b244b..365ac4bad 100644 --- a/grub-core/osdep/unix/password.c +++ b/grub-core/osdep/unix/password.c @@ -34,6 +34,10 @@ grub_password_get (char buf[], unsigned buf_size) int tty_changed = 0; char *ptr; + if (!buf) + /* want prompt */ + return 1; + grub_refresh (); /* Disable echoing. Based on glibc. */ diff --git a/grub-core/osdep/windows/password.c b/grub-core/osdep/windows/password.c index 1d3af0c2c..2a6615611 100644 --- a/grub-core/osdep/windows/password.c +++ b/grub-core/osdep/windows/password.c @@ -33,6 +33,10 @@ grub_password_get (char buf[], unsigned buf_size) DWORD mode = 0; char *ptr; + if (!buf) + /* want prompt */ + return 1; + grub_refresh (); GetConsoleMode (hStdin, &mode); diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h index dcf17fbb3..737487bb4 100644 --- a/include/grub/cryptodisk.h +++ b/include/grub/cryptodisk.h @@ -112,6 +112,9 @@ struct grub_cryptodisk }; typedef struct grub_cryptodisk *grub_cryptodisk_t; +/* must match prototype for grub_password_get */ +typedef int (grub_passwd_cb)(char buf[], unsigned buf_size); + struct grub_cryptodisk_dev { struct grub_cryptodisk_dev *next; @@ -119,7 +122,8 @@ struct grub_cryptodisk_dev grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid, int boot_only); - grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev); + grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, + grub_passwd_cb *get_password); }; typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t; -- 2.26.2