vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

luks2: Improve error reporting when decrypting/verifying key

Browse source 
While we already set up error messages in both luks2_verify_key() and
luks2_decrypt_key(), we do not ever print them. This makes it really
hard to discover why a given key actually failed to decrypt a disk.

Improve this by including the error message in the user-visible output.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Patrick Steinhardt 2020-09-07 17:27:50 +02:00 committed by Daniel Kiper
parent 1066336dc8
commit eb77486141
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
grub-core/disk/luks2.c
View file

@ -610,14 +610,16 @@ luks2_recover_key (grub_disk_t disk,
(const grub_uint8_t *) passphrase, grub_strlen (passphrase));
if (ret)
{
grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" failed\n", i);
grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" failed: %s\n",
i, grub_errmsg);
continue;
}
ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
if (ret)
{
grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE"\n", i);
grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE": %s\n",
i, grub_errmsg);
continue;
}