No description
365e0cc3e7
With cryptsetup 2.0, a new version of LUKS was introduced that breaks compatibility with the previous version due to various reasons. GRUB currently lacks any support for LUKS2, making it impossible to decrypt disks encrypted with that version. This commit implements support for this new format. Note that LUKS1 and LUKS2 are quite different data formats. While they do share the same disk signature in the first few bytes, representation of encryption parameters is completely different between both versions. While the former version one relied on a single binary header, only, LUKS2 uses the binary header only in order to locate the actual metadata which is encoded in JSON. Furthermore, the new data format is a lot more complex to allow for more flexible setups, like e.g. having multiple encrypted segments and other features that weren't previously possible. Because of this, it was decided that it doesn't make sense to keep both LUKS1 and LUKS2 support in the same module and instead to implement it in two different modules luks and luks2. The proposed support for LUKS2 is able to make use of the metadata to decrypt such disks. Note though that in the current version, only the PBKDF2 key derival function is supported. This can mostly attributed to the fact that the libgcrypt library currently has no support for either Argon2i or Argon2id, which are the remaining KDFs supported by LUKS2. It wouldn't have been much of a problem to bundle those algorithms with GRUB itself, but it was decided against that in order to keep down the number of patches required for initial LUKS2 support. Adding it in the future would be trivial, given that the code structure is already in place. Signed-off-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
||
|---|---|---|
| asm-tests | ||
| conf | ||
| docs | ||
| grub-core | ||
| include | ||
| po | ||
| tests | ||
| themes/starfield | ||
| unicode | ||
| util | ||
| .gitattributes | ||
| .gitignore | ||
| .travis.yml | ||
| acinclude.m4 | ||
| AUTHORS | ||
| autogen.sh | ||
| bootstrap | ||
| bootstrap.conf | ||
| BUGS | ||
| ChangeLog-2015 | ||
| config.h.in | ||
| configure.ac | ||
| COPYING | ||
| coreboot.cfg | ||
| geninit.sh | ||
| gentpl.py | ||
| INSTALL | ||
| linguas.sh | ||
| Makefile.am | ||
| Makefile.util.def | ||
| NEWS | ||
| README | ||
| THANKS | ||
| TODO | ||
This is GRUB 2, the second version of the GRand Unified Bootloader. GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more robust, more powerful, and more portable. See the file NEWS for a description of recent changes to GRUB 2. See the file INSTALL for instructions on how to build and install the GRUB 2 data and program files. Please visit the official web page of GRUB 2, for more information. The URL is <http://www.gnu.org/software/grub/grub.html>. More extensive documentation is available in the Info manual, accessible using 'info grub' after building and installing GRUB 2. There are a number of important user-visible differences from the first version of GRUB, now known as GRUB Legacy. For a summary, please see: info grub Introduction 'Changes from GRUB Legacy'