Adding Milan, Leif, Alex, Peter, Mathew and Vladimir. On Thu, Feb 06, 2020 at 03:27:28PM +0100, Patrick Steinhardt wrote: > Hi, > > as promised back when LUKS2 support was merged, here's the code that > enables decrypting LUKS2 partitions that use Argon2 as their key derival > function. Most of this is simple legwork, but I expect two things to be > potentially controversial: > > - I've changed how EFI allocates memory. On my test systems, I was > only able to allocate roughly 800MB, which isn't enough for the > default of 1GB memory parameter that cryptsetup uses with Argon2. > Instead of taking a quarter of available memory, we now take half > of it, which amounts to ~1.6GB on 32 bit systems.
That is huge for the bootloader. What about systems with less than 3 GiB of RAM? Could we reduce amount of RAM required by Argon2? > - The import of Argon2 itself. I've imported code from the > cryptsetup project, but I've modified it quite a bit to fit into Milan mentioned something about libgcrypt. Milan, when the Argon2 code may land in libgcrypt? > GRUB's codebase. This included both stripping off unneeded > functionality as well as converting the code to use our own coding Stripping unneeded functionality is OK. However, I think that it does not make sense to convert coding style to the GRUB one. Especially if we do not do that for other modules. So, I would leave coding style in Argon2 module as is and save your precious minutes for something more productive... ;-) > style. While it makes importing upstream fixes harder, I'd argue > the code is still very similar in its structure and thus > backporting should be easy enough. > > Anyway. With these changes I'm able to successfully decrypt LUKS2 > partitions making use of either PBKDF2, Argon2i or Argon2id. I will take deeper dive into the code if we hammer out things listed above. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
