From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1oIcN3-0006ft-Fv
	for mharc-grub-devel@gnu.org; Mon, 01 Aug 2022 16:50:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52994)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1oIcN1-0006dF-Hl
 for grub-devel@gnu.org; Mon, 01 Aug 2022 16:50:35 -0400
Received: from mail-qt1-x82a.google.com ([2607:f8b0:4864:20::82a]:39844)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1oIcMz-0000RZ-BW
 for grub-devel@gnu.org; Mon, 01 Aug 2022 16:50:35 -0400
Received: by mail-qt1-x82a.google.com with SMTP id r24so9006072qtx.6
 for <grub-devel@gnu.org>; Mon, 01 Aug 2022 13:50:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=efficientek-com.20210112.gappssmtp.com; s=20210112;
 h=content-transfer-encoding:mime-version:reply-to:references
 :in-reply-to:message-id:subject:cc:to:from:date:from:to:cc;
 bh=xx4FvpLOKcy7ibHe6wJtZfIee4NXJHvitzkUTRQ+XvQ=;
 b=4OizoBJVFeUjmAbQEorGkxj3UU1JdJA9By2vMIB7DrEdpb+K4v8Yoe/c9h00VNH9S0
 JHRVA1hJe3DG/+6W+hMVtNU53opHRzSppUlWB5mdDXMLxd1aivAQQ3cK+CD6c/luc71I
 Hhbq14FUycQ8fcaGBA9gjk0RhAfHpMbBkofrHxM+jNgq2G1E5RET+QXbedYFIGq9DvvE
 XvSiYi7lPYP06jTEaQbvgm6Zebn3XZRDQbZB+jVNUIds7acS++090rACBwpwJ+2p7Zqy
 vJeLLIcF8n3AaGG2lBo2NujhvDEJCy+oDF/jiGMuDfs96tfB6554TW2KrM8qJdZRrAx+
 NFVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:reply-to:references
 :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state
 :from:to:cc;
 bh=xx4FvpLOKcy7ibHe6wJtZfIee4NXJHvitzkUTRQ+XvQ=;
 b=pYfcaP9X2hSSybGtAzflg8a0q9nRpV0OQR+rGpuG0jpYVc+cRLH7H/do8lG897NXcB
 UVy5XPQAs9Qx4mqhCkIBWH50qSGcV9oVqHIJHgPWiJkg8604krRZ7ey7K8Jfu6dIpIMm
 x4btb0su48xgZjQc9xzScEdu67LDLQhQkUeJ+K25AtZqvoylWHq/aL8R0wDbxYVeKr8+
 qzVSSg2TbVXV0lRivqvN9Yb0RxJ+GmuFI4jG2ic8fTEgTREarP6DzWO3YveCYaJweygw
 VF3kuKkV5Yr3Hggjg8USOAGfuAV+NTmfdXCVXEb7a8Xjajb/PR/x9M8JGmJzU8mMPAHb
 uE2w==
X-Gm-Message-State: AJIora+E8utv+qqYGFYO+pJSSlERqFazv4Tz5fmgBnFEJ1mgXYjeiE/A
 hENOaaoXG1+S6kIQFCr1QeOe2yVDf7Arug==
X-Google-Smtp-Source: AGRyM1tzKkizJgj0VZIxqgjYGDW9m01j4T9QgvpE+TMg8tSrL/mO5FTEqsmefSA5L1Z33vLLHFt62A==
X-Received: by 2002:ac8:5815:0:b0:31f:a54:c7ce with SMTP id
 g21-20020ac85815000000b0031f0a54c7cemr15862267qtg.21.1659387031713; 
 Mon, 01 Aug 2022 13:50:31 -0700 (PDT)
Received: from crass-HP-ZBook-15-G2 ([37.218.244.251])
 by smtp.gmail.com with ESMTPSA id
 n18-20020a05622a11d200b0031eddc83560sm8045390qtk.90.2022.08.01.13.50.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Aug 2022 13:50:31 -0700 (PDT)
Date: Mon, 1 Aug 2022 15:50:27 -0500
From: Glenn Washburn <development@efficientek.com>
To: brutser--- via Grub-devel <grub-devel@gnu.org>
Cc: brutser@perso.be, dkiper@net-space.pl, ps@pks.im
Subject: Re: [PATCH v3 0/3] Cryptomount detached headers
Message-ID: <20220801155027.7fc6ee9c@crass-HP-ZBook-15-G2>
In-Reply-To: <ea-mime-62e4ffd8-36bf-56c3b46c@www.mailo.com>
References: <ea-mime-62e4ffd8-36bf-56c3b46c@www.mailo.com>
Reply-To: development@efficientek.com
X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2607:f8b0:4864:20::82a;
 envelope-from=development@efficientek.com; helo=mail-qt1-x82a.google.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2022 20:50:35 -0000

On Sat, 30 Jul 2022 11:54:32 +0200 (CEST)
brutser--- via Grub-devel <grub-devel@gnu.org> wrote:

> Glenn,
>=20
>=20
>=20
> As I had no idea how to get the debug logs from qemu, I made screenshots,=
 find them attached. As this is probably something I am doing wrong, I hope=
 it shows from the logs.
>=20
> https://imgur.com/a/rAlfZ77

Getting the output to go to serial depends on the target. For i386
using seabios, use "-fw_cfg name=3Detc/sercon-port,string=3D0 -serial
stdio".

Unfortunately, I'm now seeing that there are no debug log messages
in the luks2 module that would be shown in this case. How about putting
the line 'grub_dprintf("entering luks_scan");' at the start of the
function luks2_scan in grub-core/disk/luks2.c and then recompiling and
getting the output?

Glenn


>=20
> Van: Glenn Washburn <development@efficientek.com>
> Aan: brutser@perso.be
> Onderwerp: Re: [PATCH v3 0/3] Cryptomount detached headers
> Datum: 29/07/2022 21:27:48 Europe/Paris
> Cc: grub-devel@gnu.org;
> =C2=A0=C2=A0=C2=A0dkiper@net-space.pl;
> =C2=A0=C2=A0=C2=A0ps@pks.im
>=20
> On Fri, 29 Jul 2022 20:56:18 +0200 (CEST)
> brutser@perso.be wrote:
>=20
> >=20
> > testing detached header failed:
> >=20
> >=20
> >=20
> > 1. built grub payload with following modules: ahci usb_keyboard part_ms=
dos part_gpt at_keyboard cbfs cryptodisk luks2 lvm gcry_rijndael gcry_sha1 =
gcry_sha256 gcry_sha512
> >=20
> > 2. encrypt a partition: cryptsetup luksFormat --type luks2 -q -h sha512=
 -s 512 --pbkdf pbkdf2 --header /path/to/header --luks2-metadata-size=3D16k=
 --luks2-keyslots-size=3D512k /dev/sda1
> >=20
> > (where --luks2-metadata-size=3D16k --luks2-keyslots-size=3D512k is opti=
onal, this is just to minimize header size, but I also tested without).
> >=20
> > 3. from the grub cmd, i try to decrypt this partition using: cryptomoun=
t -H /path/to/header (ahci0,msdos1)
> >=20
> >=20
> >=20
> > 4. I also tried luks1 encryption with detached header.
> >=20
> >=20
> >=20
> > whatever I try, I always get the same error:
> >=20
> > "no cryptodisk module can handle this device"
> >=20
> >=20
> >=20
> > Is this feature not 100% implemented yet, I saw people already verifyin=
g the patches and would expect this to be working, so if yes, this seems li=
ke a bug.
>=20
> This feature should be working in all cases, and if not there may be a
> bug. I responded to your off-list email before seeing this one. I'll
> repeat what I said there and let's continue this discussion on the list.
>=20
> I see nothing obviously wrong with what you're doing, given the
> information above. To further debug this, would you be able to send a
> log of the serial output when the GRUB envvar debug is set to "all"
> while running the cryptomount command? If so, please send compressed in
> a reply to this email on the list.
>=20
> If you can't because of hardware issues, would you be able to replicate
> this in QEMU and grab the serial output from there? If you can boot the
> system via other means, you should be able to use the raw disks (the
> one with the LUKS volume and the other with the filesystem containing
> the header file).
>=20
> Glenn
>=20
>=20
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>=20