All of lore.kernel.org
 help / color / mirror / Atom feed
From: Daniel Kiper <dkiper@net-space.pl>
To: Glenn Washburn <development@efficientek.com>
Cc: grub-devel@gnu.org,
	Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>,
	Patrick Steinhardt <ps@pks.im>, John Lane <john@lane.uk.net>
Subject: Re: [PATCH v3 0/3] Cryptomount detached headers
Date: Thu, 9 Jun 2022 18:58:29 +0200	[thread overview]
Message-ID: <20220609165829.viwr7r5hutqhozpy@tomti.i.net-space.pl> (raw)
In-Reply-To: <cover.1654702130.git.development@efficientek.com>

On Wed, Jun 08, 2022 at 10:34:01AM -0500, Glenn Washburn wrote:
> Updates since v2:
>  * Address uneeded ret variable pointed out by Patrick
>  * Rebased onto latest master with keyfile and security changes. I don't think
>    this actually changed these patches though.
>
> Conceptually the approach is different than the previous detach header
> series because this one uses the disk objects read hook to hook reads to
> the disk in scan() and recover_key() such that if there is an associated
> header file, the hook will cause the read to return data from the header
> file instead of from the source disk.
>
> For this the read hook implementation needed to be upgaded because prior
> it didn't get the read buffer sent from the read caller and so could not
> modify its contents. Patch #1 updates the hook accordingly and all instances
> of its use, but doesn't functionally change how GRUB operates.
>
> The second patch adds the header option to cryptomount and the read hook
> to the source disk during the scan() and recover_key() stages.
> The benefit of this approach is its simpler/less code and does not require
> the modification of backends, except to potentially cause a failure in
> scan() if the backend doesn't support the current implementation of detached
> headers, as with the GELI backend. This implementation requires that the
> crypto volume header reside at the beginning of the volume. GELI has its
> header at the end, which is why it can not currently be supported. In
> theory, GELI could be supported if extra assumptions about its source
> access pattern during scan() and recovery_key() were made. I don't use GELI,
> no one seems to be asking for GELI detached headers, and I don't think that
> GELI even support detached headers with the official tools. So for me, not
> supporting crypto volumes with headers at the end of the disk is not a big
> deal. With the patch series each backend gets the header file through cargs,
> so it can implement detached headers by solely operating on that file instead
> of the hooked source disk. In the the future, a flag can be added to the
> cryptodisk_dev_t that backends can sent when registering to enabled/disable
> the use of the read hook, if the backend needs to read from both the detached
> header file and the source disk.
>
> Glenn
>
> Glenn Washburn (3):
>   disk: Allow read hook callback to take read buffer to potentially
>     modify it
>   cryptodisk: Add support for using detached header files
>   docs: Add documentation on detached header option to cryptomount

For all the patches Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>...

Big thank you for all working on this!

Daniel


  parent reply	other threads:[~2022-06-09 16:58 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-08 15:34 [PATCH v3 0/3] Cryptomount detached headers Glenn Washburn
2022-06-08 15:34 ` [PATCH v3 1/3] disk: Allow read hook callback to take read buffer to potentially modify it Glenn Washburn
2022-06-08 15:34 ` [PATCH v3 2/3] cryptodisk: Add support for using detached header files Glenn Washburn
2022-06-08 15:34 ` [PATCH v3 3/3] docs: Add documentation on detached header option to cryptomount Glenn Washburn
2022-06-09 16:58 ` Daniel Kiper [this message]
2022-07-29 18:56 [PATCH v3 0/3] Cryptomount detached headers brutser
2022-07-29 19:27 ` Glenn Washburn
2022-07-30  6:51 ` Maxim Fomin
2022-07-30  9:20   ` brutser
2022-07-29 20:01 brutser
2022-07-30  9:54 brutser
2022-07-30 18:48 ` brutser
2022-08-01 22:49   ` Glenn Washburn
2022-08-01 20:50 ` Glenn Washburn
2022-08-01 22:21   ` brutser
2022-08-01 23:24     ` Glenn Washburn
2022-08-01 23:47 brutser
2022-08-02  0:26 ` brutser
2022-08-02 18:58   ` Glenn Washburn
2022-08-02 20:49     ` brutser
2022-08-03 19:54       ` Glenn Washburn
2022-08-03 22:26         ` brutser
2022-08-03 23:54 brutser
2022-08-04 16:24 brutser
2022-08-04 16:56 brutser
2022-08-05  5:00 ` Glenn Washburn
2022-08-05  9:43   ` brutser
2022-08-05 17:10     ` Glenn Washburn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220609165829.viwr7r5hutqhozpy@tomti.i.net-space.pl \
    --to=dkiper@net-space.pl \
    --cc=GNUtoo@cyberdimension.org \
    --cc=development@efficientek.com \
    --cc=grub-devel@gnu.org \
    --cc=john@lane.uk.net \
    --cc=ps@pks.im \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.