From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1oHieX-0005pX-Vc for mharc-grub-devel@gnu.org; Sat, 30 Jul 2022 05:20:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36740) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oHieR-0005ox-Pm for grub-devel@gnu.org; Sat, 30 Jul 2022 05:20:51 -0400 Received: from msg-2.mailo.com ([213.182.54.12]:47658) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oHieP-0000OE-FZ for grub-devel@gnu.org; Sat, 30 Jul 2022 05:20:51 -0400 Received: by www.mailo.com with http webmail; Sat, 30 Jul 2022 11:20:44 +0200 (CEST) X-EA-Auth: Ptr1PTi0ZcSabylkSpYlFFysaOOnjXX6B9PhCTSdAZC6NV6RpxxlQ/lLXykYuXfB9jK6vGeQxC/4XpbpEU4PMQn2BOX6Rm5F From: brutser@perso.be To: grub-devel@gnu.org Date: Sat, 30 Jul 2022 11:20:44 +0200 (CEST) Subject: Re: [PATCH v3 0/3] Cryptomount detached headers X-Priority: 3 MIME-Version: 1.0 X-Mailer: COMS/EA22.05/r20220615 Message-ID: In-Reply-To: Content-Type: multipart/alternative; boundary="----=_NextPart_001_62e4f7ec_503_325891f5" Received-SPF: pass client-ip=213.182.54.12; envelope-from=brutser@perso.be; helo=msg-2.mailo.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jul 2022 09:20:52 -0000 ------=_NextPart_001_62e4f7ec_503_325891f5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Maxim, thanks for the reply! I built the grub payload with the luks2 module as you can see. In the grub= config, but also when i test manually, i load at least: insmod ahci insmod lvm insmod cryptodisk insmod luks2 insmod part_msdos insmod ext2 Van: Maxim Fomin Aan: The development of GNU GRUB Onderwerp: Re: [PATCH v3 0/3] Cryptomount detached headers Datum: 30/07/2022 08:51:51 Europe/Paris ------- Original Message ------- On Friday, July 29th, 2022 at 6:56 PM, brutser--- via Grub-devel wrote: testing detached header failed: 1. built grub payload with following modules: ahci usb_keyboard part_msdos= part_gpt at_keyboard cbfs cryptodisk luks2 lvm gcry_rijndael gcry_sha1 gcr= y_sha256 gcry_sha512 2. encrypt a partition: cryptsetup luksFormat --type luks2 -q -h sha512 -s= 512 --pbkdf pbkdf2 --header /path/to/header --luks2-metadata-size=3D16k --= luks2-keyslots-size=3D512k /dev/sda1 (where --luks2-metadata-size=3D16k --luks2-keyslots-size=3D512k is optiona= l, this is just to minimize header size, but I also tested without). 3. from the grub cmd, i try to decrypt this partition using: cryptomount -= H /path/to/header (ahci0,msdos1) 4. I also tried luks1 encryption with detached header. whatever I try, I always get the same error: "no cryptodisk module can handle this device" Is this feature not 100% implemented yet, I saw people already verifying t= he patches and would expect this to be working, so if yes, this seems like = a bug. This error message sounds like luks (or luks2) module was not loaded. Did = you load it before running cryptomount command? Best regards, Maxim Fomin=E2=80=8B _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel ------=_NextPart_001_62e4f7ec_503_325891f5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Maxim, thanks for the reply!
I built the grub payload with t= he luks2 module as you can see. In the grub config, but also when i test ma= nually, i load at least:

insmod ahci
insmod= lvm
insmod cryptodisk
insmod luks2
insmod part_msdos
in= smod ext2


Van: Maxim F= omin <maxim@fomin.one>
Aan: The development of GNU GRUB <grub-devel@gnu.org>
Onderwerp: Re: [PATCH v3 0/3] Cryptomount detached headers
Datum: 30/07/2022 08:51:51 Europe/Paris

------- Original Message -------
On Friday, July 29th, 2022 at 6:56 PM, brutser--- via Grub-devel &= lt;grub-devel@gnu.org> wrote:


testing detached header failed:

<= div>1. built grub payload with following modules: ahci usb_keyboard part_msdos part_gpt at_keyboard cbfs cryptodisk luks2 lvm gcry_rijndael gcry_sha1 gcry_sha256 gcry_sha512
2. encrypt a par= tition: cryptsetup luksFormat --type luks2 -q -h sha512 -s 512 --pbkdf pbkdf2 --header /path/to/header --luks2-metadata-size=3D16k --luks2-keyslots-size=3D512k /dev/sda1
(where --luks2-metadata-size=3D16k --luks2-keyslots-si= ze=3D512k is optional, this is just to minimize header size, but I also tes= ted without).
3. from the grub cmd, i try to decrypt this partiti= on using: cryptomount -H /path/to/header (ahci0,msdos1)

4. I also tried luks1 encryption with detached header.

=
whatever I try, I always get the same error:
&= quot;no cryptodisk module can handle this device"
Is this feature not 100% implemented yet, I saw people alre= ady verifying the patches and would expect this to be working, so if yes, t= his seems like a bug.


This error message sounds like luks (or lu= ks2) module was not loaded. Did you load it before running cryptomount comm= and?

Best regard= s,
Maxim Fomin=E2=80=8B
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
------=_NextPart_001_62e4f7ec_503_325891f5--