grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v18 21/25] cryptodisk: Fallback to passphrase


From: Gary Lin
Subject: [PATCH v18 21/25] cryptodisk: Fallback to passphrase
Date: Fri, 28 Jun 2024 16:19:04 +0800

From: Patrick Colp <patrick.colp@oracle.com>

If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
proceeding with the passphrase.

Signed-off-by: Patrick Colp <patrick.colp@oracle.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
 grub-core/disk/cryptodisk.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 6f7394942..1a994d935 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1167,6 +1167,10 @@ grub_cryptodisk_scan_device_real (const char *name,
          ret = cr->recover_key (source, dev, cargs);
          if (ret != GRUB_ERR_NONE)
            {
+             /* Reset key data to trigger the passphrase prompt later */
+             cargs->key_data = NULL;
+             cargs->key_len = 0;
+
              part = grub_partition_get_name (source->partition);
              grub_dprintf ("cryptodisk",
                            "recovered a key from key protector %s but it "
@@ -1192,7 +1196,6 @@ grub_cryptodisk_scan_device_real (const char *name,
                  source->name, source->partition != NULL ? "," : "",
                  part != NULL ? part : N_("UNKNOWN"), dev->uuid);
       grub_free (part);
-      goto error;
     }
 
   if (cargs->key_len)
@@ -1207,6 +1210,18 @@ grub_cryptodisk_scan_device_real (const char *name,
       unsigned long tries = 3;
       const char *tries_env;
 
+      /*
+       * Print the error from key protectors and clear grub_errno.
+       * Since '--protector' doesn't not coexist with '--password' and
+       * '--key-file', only "cargs->key_len == 0" is expected if all
+       * key protectors fail.
+       */
+      if (grub_errno)
+       {
+         grub_print_error ();
+         grub_errno = GRUB_ERR_NONE;
+       }
+
       askpass = 1;
       cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
       if (cargs->key_data == NULL)
-- 
2.35.3




reply via email to

[Prev in Thread] Current Thread [Next in Thread]