From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1mBrpN-0005DO-Ob for mharc-grub-devel@gnu.org; Fri, 06 Aug 2021 00:51:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53588) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBrpM-0005D1-Ud for grub-devel@gnu.org; Fri, 06 Aug 2021 00:51:24 -0400 Received: from de-smtp-delivery-102.mimecast.com ([194.104.109.102]:57080) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBrpK-0003Wg-JK for grub-devel@gnu.org; Fri, 06 Aug 2021 00:51:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=mimecast20200619; t=1628225479; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0HgvHvHAEGABSrfjJ3JkofXJXYo6NdkhPqdJ1kei/Qk=; b=EcBpExffP2UCBpG1WUhp+IDluqt5cCPvSbjzlD0RumVB5YDvTnF1z1WRUM1z3NttWk2IUK F61n5a3yogcXwRz+Yx7dPrk70237+IhhPOUrhueS3qO7bzYNrXyrelzfmytq1d6iQymQdI +wLio3e7V1cdOsjSaq3h03lOa5CDp4I= Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05lp2177.outbound.protection.outlook.com [104.47.17.177]) (Using TLS) by relay.mimecast.com with ESMTP id de-mta-29-icEXGX2DNFCUnKwT9bpPBA-1; Fri, 06 Aug 2021 06:51:17 +0200 X-MC-Unique: icEXGX2DNFCUnKwT9bpPBA-1 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CD0rjf41iEiM4a7fjY00E1AJXKuji5BVBjwDW9xoYTEsQCo0u+wrgWZf8s9W/b/IkmgNbxMPrAuNiISAZi5CxLpfFAB49ndJ4JsQQ3SdKY/9BtRpKiCWlqtXKhkkJK70EbNg3CVb9f96fx2/okPI8pLvND8PCBWjlTqyYh3LODF1l27L1+kF2VNN17yhhE/A3Hm17HTTDdy/TT/rJZ7GgDV1iuaCxud88fKSht/iLrbRffw4XvADylVYsFq7BzxMx025nWp58+irY1vOg8uVMwRP0f9KwYvP7g/ASoA5Cx14H5g3rORGGEbfvcdxF4rSXI74KBx5CiXSiN8bRlFmtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0HgvHvHAEGABSrfjJ3JkofXJXYo6NdkhPqdJ1kei/Qk=; b=NMBiX6QlEACbKU/xz2NhMbDFNVfZI4adTyV47YkDwwAr+mOJl5ZCeUrpPgYl1tJOvGxb5PWlQnlkm0ffzjicOETxz6XzxOPC+ZyOsCcOdX4GnRBnPPcuaEUWxo4Gr7Nkq1hy1BhOkoxO9ZncFuDCJ/tlZYtPjBtsTw6zQQtEzrbfpkIYOs7vF0thLLMWH04e1Es2Dtk8ukpaGPhEQWIDB3LCaYNnrM9bKaZu+WsMj2rBa+J8opWJK7POanOKv3dwzoTYT3jG8/prZ+5nnYLwrg/sHAbgrsbZXdkcr+nbVb+w7cx9w9l55cBFa9BQVvUM2FjT/0XOsrmv1kBYzPnK8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none Authentication-Results: gnu.org; dkim=none (message not signed) header.d=none;gnu.org; dmarc=none action=none header.from=suse.com; Received: from DU2PR04MB8648.eurprd04.prod.outlook.com (2603:10a6:10:2df::21) by DU2PR04MB8696.eurprd04.prod.outlook.com (2603:10a6:10:2df::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Fri, 6 Aug 2021 04:51:15 +0000 Received: from DU2PR04MB8648.eurprd04.prod.outlook.com ([fe80::5586:d75d:b656:b85]) by DU2PR04MB8648.eurprd04.prod.outlook.com ([fe80::5586:d75d:b656:b85%5]) with mapi id 15.20.4394.017; Fri, 6 Aug 2021 04:51:15 +0000 Date: Fri, 6 Aug 2021 12:51:10 +0800 From: Michael Chang To: The development of GNU GRUB Cc: Fabian Vogt Subject: Re: [PATCH 3/4] luks2: set up dummy sector size during scan Message-ID: <20210806045110.GA4099@mercury> References: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-ClientProxiedBy: HK2PR02CA0183.apcprd02.prod.outlook.com (2603:1096:201:21::19) To DU2PR04MB8648.eurprd04.prod.outlook.com (2603:10a6:10:2df::21) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (36.226.38.172) by HK2PR02CA0183.apcprd02.prod.outlook.com (2603:1096:201:21::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Fri, 6 Aug 2021 04:51:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 66853834-101c-4c01-96a5-08d95895d292 X-MS-TrafficTypeDiagnostic: DU2PR04MB8696: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: A2XyyxVY+D4kSorNDmOpYciTsfG9T43JbYGSRhweIIuqpDjCZiRYaJ2h6CifZjbllqdukYDhVVpy0Q5UjBmtQQILDc6jyUCyK1SN/jFtZVod93qAdcTSBwkJENEfCLrNiGtSK/zXut3MwppnB95bWot50tFRuZ8FmPT2B/z0bGUkDAOTR5vWJE7InwHl1PRtiL5CHT3af0VFJLESsoreC8fBqruokbmRkbxZTeQ9Yov9RJgg3XV5YIbTDJPVungAAvF6oPJOytodIoZh05zDJPbocbLinaQHprhdIrz/0fPLGHAwjJcPlRi6q57AyyqYnlv5Up46OMx5OlR5R8inUNWdRNFQ5bY2cc31YpnOd+K+fH5yoh2KWkJ/O6qNy2PT6+nfDwO/TGke8LFbloq36f7WYtmWkQhclRWT0fdOTJ/+FvmwVeJ+7TxXh9GVGuGLX1KG990vU/2Ky21tEn6luSs42L5/mUUi5WjGXKOBRLRzNYTcP2PAocEOewc1h8+PTFJxkgKxFM0nIq25i+BGjM8LPgllrpcYBKIQZym2IBJ3px/1Kwk6WbJVWk05G9CKm9PbB1srXD6rwkpTKD5CRRjs0ud8ixP7HsoAIbxMctm6Rphy7wPZHKC/Sg3FveOSqlkWDhrIhv1BT/zas6VhH1+UED/PoUB7E8dMjzCsiOBW0tVElwIoLSIaRNvpPkLnNaYsfoWs5AeKz7tNseVSbTKE/WFHvH4DXcjMyTbV9Bw= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR04MB8648.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(7916004)(366004)(956004)(9686003)(86362001)(1076003)(33716001)(83380400001)(508600001)(33656002)(26005)(5660300002)(966005)(6916009)(316002)(6666004)(38100700002)(6486002)(53546011)(8676002)(2906002)(8936002)(4326008)(66946007)(186003)(6496006)(66476007)(66556008); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?qWfoHOLJ+eCjXxLGo9WmCQ95SYyGUozwBVzdq1yfXBd+CWlX7O/wvPuMmvnA?= =?us-ascii?Q?taeDWmUKlgDtXzQ1CuOF2/ihOPVcQnXLk5RVF7vtIIb3OwlTiw7HVikNo3+h?= =?us-ascii?Q?QB6jUWei4OJEkVR9ugtSIHahzpMSloUtgp7cB2og48WeOrq0E/wp3pxmMGjR?= =?us-ascii?Q?H/RSZv91InXy+AE4HxtIAf3BWlc8s6Szao7K1zz3w2Ag/J0XsCG79F06Zha6?= =?us-ascii?Q?MpIn3HvYP593lVhMXzuniOzxcpFiOn8Ci2/1CY71skv55YU/AO6b+FOPQfmH?= =?us-ascii?Q?k4j67l3sgKP9zjNuJHwS14OVnazN7TpnfAzE4VGdbfizeXbEZ4t6wTJheFwJ?= =?us-ascii?Q?9AT5IkPjo8tLgY1AppaudChVsPY9P8xpkXmJMDcq9c4d8QlPlCTSTKOHqeBm?= =?us-ascii?Q?WCVbkh9tydJbJiUFxuNbEEswcSpuv+XEejJui1g28Jb2hu+XZgP7iEv6jTxR?= =?us-ascii?Q?AO006+n+51735vNkyZ9t/Gx3S/LJJ357LgXSTItzKHIGdayIf1ysESvFtqvO?= =?us-ascii?Q?6Uo8/20pxxRcyYV2BpRNhS3g81zp4covhqeGITr4BnZk+A/UHa5zMJj/hyY9?= =?us-ascii?Q?o7PebeWe43T4OzWLYYFM5rCF97p86Ctvo/hZ88hjYoctjpq1Vj/aSzppz2IQ?= =?us-ascii?Q?+pw+w/YPLFyz1aE+d/JS6taF5AT5j7e4Ec30sJfIi1LGeRDJS2yIQEhSd2kx?= =?us-ascii?Q?TTgAHLksBrq4EiV0hzY6/q0lGYMJzc2S+EhOF+F/rwsJvy/AHQj3EUDcxLi9?= =?us-ascii?Q?FOc3okFVrmLNlBIDMpynGGuZHAgtl/eOnJzPAcLv0XC2Bv1hoCjrQVX4g1KZ?= =?us-ascii?Q?1pSifYr1cbjTDprievxXzhdAI/5FQwq99SXIBabPHl5S2GCvfDgxglk5pWzc?= =?us-ascii?Q?GdngORPfo12whiJZZ8IpPLTwSRP3D4sjODWDlZpQq1/TIERnXZs2dPZWlJWf?= =?us-ascii?Q?oDZGYEmRBS6l0c7Zgb1dFlIEA1QTBSOjXF6cJMz9Pko8vg5a6GdTznHEgc1K?= =?us-ascii?Q?wZRt0T9OowWjAw0p60fwqL+4HD2JxNVXsdkUVEDtV/eKrCOXF9gbYvZfDcuF?= =?us-ascii?Q?P8PthZflkQH39PbvrecYbEIIw4+6k2o+8oQAoGLin4U5E4SbrH+NsgReD5xr?= =?us-ascii?Q?AU/ssvKi1P2MK5D4P1DuWdnhqz7Vn/PyLGg9rRJeLX6Ol26cU15hZuMqXapO?= =?us-ascii?Q?i8TqNjEbssEtWMgf2gpeWpCHAAmre8O7sBlCmv+wBWsos6QCtIw+3GqejwOV?= =?us-ascii?Q?3rGf7AjS7jF8jqlxZsN8S/OqZdrMv4mTL+jxvVQ5N08nEo/xCOchDHxVbXpO?= =?us-ascii?Q?u6HV9HYCLN4vRqAAzQyo0C5N?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 66853834-101c-4c01-96a5-08d95895d292 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8648.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2021 04:51:15.6834 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qKli1QB/50Jz86xoR9hEsUaz2polSY1HxMUY0wRquP6T+GA6AguGehaJGDfX2Mkg X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2PR04MB8696 Received-SPF: pass client-ip=194.104.109.102; envelope-from=mchang@suse.com; helo=de-smtp-delivery-102.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Aug 2021 04:51:25 -0000 Hi, Enclosed herewith please find the revised patch from openSUSE that could also fix this very same problem. According to Fabian, the author of this patch, the reason for having this patch is that he found some problem in the posted one. I have added him to the CC list so that he could provide more in detail later. Thanks, Michael From: Fabian Vogt Date: Wed, 4 Aug 2021 14:56:16 +0200 Subject: [PATCH 1/2] disk/cryptodisk: When cheatmounting, use the sector info of the cheat device When using grub-probe with cryptodisk, the mapped block device from the host is used directly instead of decrypting the source device in GRUB code. In that case, the sector size and count of the host device needs to be used. This is especially important when using luks2, which does not assign total_sectors and log_sector_size when scanning, but only later when the segments in the JSON area are evaluated. With an unset log_sector_size, grub_open_device complains. This fixes grub-probe failing with "error: sector sizes of 1 bytes aren't supported yet." Signed-off-by: Fabian Vogt --- grub-core/disk/cryptodisk.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index 90f82b2d3..c2bb2b6eb 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -1040,6 +1040,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat) grub_cryptodisk_t dev; grub_cryptodisk_dev_t cr; grub_disk_t source; + unsigned int cheat_sector_size; /* Try to open disk. */ source = grub_disk_open (sourcedev); @@ -1062,6 +1063,25 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat) if (!dev) continue; + /* Use the sector size and count of the cheat device */ + dev->cheat_fd = grub_util_fd_open (cheat, GRUB_UTIL_FD_O_RDONLY); + if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd)) + { + grub_free (dev); + return grub_errno; + } + dev->total_sectors = grub_util_get_fd_size (dev->cheat_fd, cheat, &cheat_sector_size); + if (dev->total_sectors == -1) + { + grub_util_fd_close (dev->cheat_fd); + grub_free (dev); + return grub_errno; + } + dev->log_sector_size = cheat_sector_size; + dev->total_sectors >>= dev->log_sector_size; + grub_util_fd_close (dev->cheat_fd); + dev->cheat_fd = GRUB_UTIL_FD_INVALID; + grub_util_info ("cheatmounted %s (%s) at %s", sourcedev, dev->modname, cheat); err = grub_cryptodisk_cheat_insert (dev, sourcedev, source, cheat); -- 2.32.0 On Sat, May 30, 2020 at 02:25:17PM +0200, Patrick Steinhardt wrote: > GRUB currently only supports disk sector sizes of at least 9 bits. While > not a problem when using decrypted LUKS2 disks, where we configure the > sector size after we have decrypted the disk, it will cause failure as > soon as we implement support for probing of LUKS2 encrypted disks: we > only cheat-mount devices there and don't perform a real decryption, and > thus the sector size will remain "0", causing errors at a later point. > > The problem here is that we can only determine the sector size as soon > as we have decrypted a key slot, as key slots may refer to different > segments, where each segment in turn may have a different sector size. > As we don't really need the sector size during cheat-mounting anyway, > let's just specify the minimum value as dummy to fix such errors. > > This patch is in preparation for probing support. > > Signed-off-by: Patrick Steinhardt > --- > grub-core/disk/luks2.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > index c847b4ac4..5c00d9775 100644 > --- a/grub-core/disk/luks2.c > +++ b/grub-core/disk/luks2.c > @@ -374,6 +374,14 @@ luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot) > grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid)); > > cryptodisk->modname = "luks2"; > + /* > + * This dummy value is required when cheat-mounting and is overridden by > + * `luks2_verify_key ()`. We can't determine it here yet, as its value > + * depends on which disk sector we're going to open, which in turn depends on > + * the keyslot. > + */ > + cryptodisk->log_sector_size = GRUB_DISK_SECTOR_BITS; > + > return cryptodisk; > } > > -- > 2.26.2 > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel