The luks module contains quite a lot of logic to parse cipher and
cipher-mode strings like aes-xts-plain64 into constants to apply them
to the grub_cryptodisk_t structure. This code will be required by the
upcoming luks2 module, as well, which is why this commit moves it into
its own function grub_cryptodisk_setcipher in the cryptodisk module.
While the strings are probably rather specific to the LUKS modules, it
certainly does make sense that the cryptodisk module houses code to set
up its own internal ciphers instead of hosting that code in the luks
module.
Except for necessary adjustments around error handling, this commit does
an exact move of the cipher configuration logic from luks.c to
cryptodisk.c. Any behavior changes are unintentional.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.
In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.
In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.
In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).
Otherwise add FALLTHROUGH comment.
Closes: 50598
It is not possible to configure encrypted containers on multiple partitions of
the same disk; after the first one all subsequent fail with
disk/cryptodisk.c:978: already mounted as crypto0
Store partition offset in cryptomount descriptor to distinguish between them.
All current ciphers have blocks which are power of 2 and it's
unlikely to change. Other block length would be tricky to handle anyway.
This restriction allows avoiding extra divisions.
Commit 588744d0dc caused grub-mkconfig
no longer to be forgiving of trailing spaces on grub-probe output
lines, which among other things means that util/grub.d/10_linux.in
no longer detects LVM. To fix this, make grub-probe's output
delimiting more consistent. As a bonus, this improves the coverage
of the -0 option.
Fixes Debian bug #735935.
* grub-core/disk/cryptodisk.c
(grub_util_cryptodisk_get_abstraction): Add a user-data argument.
* grub-core/disk/diskfilter.c (grub_diskfilter_get_partmap):
Likewise.
* include/grub/cryptodisk.h (grub_util_cryptodisk_get_abstraction):
Update prototype.
* include/grub/diskfilter.h (grub_diskfilter_get_partmap): Likewise.
* util/grub-install.c (push_partmap_module, push_cryptodisk_module,
probe_mods): Adjust for extra user-data arguments.
* util/grub-probe.c (do_print, probe_partmap, probe_cryptodisk_uuid,
probe_abstraction): Use configured delimiter. Update callers.
* grub-core/disk/cryptodisk.c (cryptodisk_cleanup): Disable for
now to avoid double free.
* grub-core/kern/emu/hostdisk.c (grub_util_biosdisk_dev): Rename to
hostdisk.
* include/grub/disk.h (grub_disk_dev_id): New id HOSTDISK.
* util/grub-probe.c (escape_of_path): Always return a new copy.
(print_full_name): Escape path.
(probe): Don't call grub_util_devname_to_ofpath on NULL.
Fix hints on abstractions.
* grub-core/disk/cryptodisk.c (grub_crypto_pcbc_encrypt): New function.
(grub_cryptodisk_decrypt): Moved logic to ...
(grub_cryptodisk_endecrypt): ...this. New argument "encrypt".
(grub_cryptodisk_write): Implement.
* grub-core/kern/emu/hostdisk.c (nwrite): Rename to ...
(grub_util_fd_write): ... this. Make global.
* include/grub/emu/hostdisk.h (grub_util_fd_write): New proto.
