[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v18 21/25] cryptodisk: Fallback to passphrase
From: |
Gary Lin |
Subject: |
[PATCH v18 21/25] cryptodisk: Fallback to passphrase |
Date: |
Fri, 28 Jun 2024 16:19:04 +0800 |
From: Patrick Colp <patrick.colp@oracle.com>
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
proceeding with the passphrase.
Signed-off-by: Patrick Colp <patrick.colp@oracle.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
grub-core/disk/cryptodisk.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 6f7394942..1a994d935 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1167,6 +1167,10 @@ grub_cryptodisk_scan_device_real (const char *name,
ret = cr->recover_key (source, dev, cargs);
if (ret != GRUB_ERR_NONE)
{
+ /* Reset key data to trigger the passphrase prompt later */
+ cargs->key_data = NULL;
+ cargs->key_len = 0;
+
part = grub_partition_get_name (source->partition);
grub_dprintf ("cryptodisk",
"recovered a key from key protector %s but it "
@@ -1192,7 +1196,6 @@ grub_cryptodisk_scan_device_real (const char *name,
source->name, source->partition != NULL ? "," : "",
part != NULL ? part : N_("UNKNOWN"), dev->uuid);
grub_free (part);
- goto error;
}
if (cargs->key_len)
@@ -1207,6 +1210,18 @@ grub_cryptodisk_scan_device_real (const char *name,
unsigned long tries = 3;
const char *tries_env;
+ /*
+ * Print the error from key protectors and clear grub_errno.
+ * Since '--protector' doesn't not coexist with '--password' and
+ * '--key-file', only "cargs->key_len == 0" is expected if all
+ * key protectors fail.
+ */
+ if (grub_errno)
+ {
+ grub_print_error ();
+ grub_errno = GRUB_ERR_NONE;
+ }
+
askpass = 1;
cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
if (cargs->key_data == NULL)
--
2.35.3
- [PATCH v18 12/25] key_protector: Add key protectors framework, (continued)
- [PATCH v18 12/25] key_protector: Add key protectors framework, Gary Lin, 2024/06/28
- [PATCH v18 13/25] tss2: Add TPM2 buffer handling functions, Gary Lin, 2024/06/28
- [PATCH v18 14/25] tss2: Add TPM2 types and Marshal/Unmarshal functions, Gary Lin, 2024/06/28
- [PATCH v18 15/25] tss2: Add TPM2 Software Stack (TSS2) support, Gary Lin, 2024/06/28
- [PATCH v18 16/25] key_protector: Add TPM2 Key Protector, Gary Lin, 2024/06/28
- [PATCH v18 17/25] cryptodisk: Support key protectors, Gary Lin, 2024/06/28
- [PATCH v18 18/25] util/grub-protect: Add new tool, Gary Lin, 2024/06/28
- [PATCH v18 19/25] tpm2_key_protector: Support authorized policy, Gary Lin, 2024/06/28
- [PATCH v18 21/25] cryptodisk: Fallback to passphrase,
Gary Lin <=
- [PATCH v18 20/25] tpm2_key_protector: Implement NV index, Gary Lin, 2024/06/28
- [PATCH v18 22/25] cryptodisk: wipe out the cached keys from protectors, Gary Lin, 2024/06/28
- [PATCH v18 25/25] tests: Add tpm2_key_protector_test, Gary Lin, 2024/06/28
- [PATCH v18 23/25] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/06/28
- [PATCH v18 24/25] tpm2_key_protector: Add grub-emu support, Gary Lin, 2024/06/28