Re: [PATCH 1/7] Cryptomount support LUKS detached header

On 22/03/18 14:22, TJ wrote: > On 22/03/18 12:38, Daniel Kiper wrote: >> Hi John, >> >> On Wed, Mar 14, 2018 at 07:00:11PM +, John Lane wrote: >>> On 14/03/18 13:05, Daniel Kiper wrote: >>>> On Wed, Mar 14, 2018 at 09:44:58AM +0000, John Lane wrot

Re: [PATCH 3/7] cryptomount luks allow multiple passphrase attempts

On 17/03/18 11:10, TJ wrote: > On 14/03/18 09:45, John Lane wrote: >> --- a/grub-core/disk/luks.c >> +++ b/grub-core/disk/luks.c >> @@ -321,10 +321,10 @@ configure_ciphers (grub_disk_t disk, const char >> *check_uuid, >> >> static grub_err_t &

Re: [PATCH 2/7] Cryptomount support key files

On 17/03/18 11:10, TJ wrote: > On 14/03/18 09:44, John Lane wrote: >> --- a/grub-core/disk/cryptodisk.c >> +++ b/grub-core/disk/cryptodisk.c >> @@ -949,6 +954,45 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int >> argc, char **args) >> hdr = NULL;

Re: [PATCH 1/7] Cryptomount support LUKS detached header

On 17/03/18 11:09, TJ wrote: > On 14/03/18 09:44, John Lane wrote: >> --- a/grub-core/disk/cryptodisk.c >> +++ b/grub-core/disk/cryptodisk.c >> @@ -880,7 +882,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, >> const char *cheat) >> >>FOR_C

Re: [PATCH 1/7] Cryptomount support LUKS detached header

On 14/03/18 13:05, Daniel Kiper wrote: > On Wed, Mar 14, 2018 at 09:44:58AM +0000, John Lane wrote: >> From: John Lane <j...@lane.uk.net> > > I have just skimmed through the series. First of all, most if not > all patches beg for full blown commit messages. Just vague sta

[PATCH 3/7] cryptomount luks allow multiple passphrase attempts

From: John Lane <j...@lane.uk.net> --- grub-core/disk/luks.c | 278 ++ 1 file changed, 143 insertions(+), 135 deletions(-) diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 588236888..11e437edb 100644 --- a/grub-core/disk/

[PATCH 4/7] Cryptomount support plain dm-crypt

From: John Lane <j...@lane.uk.net> Patch modified to take into account a change to context brought about by c93d3e694713b8230fa2cf88414fabe005b56782 grub-core/disk/cryptodisk.c 142c142 <if (disklast) --- > --- grub-core/disk/crypto

[PATCH 7/7] Add support for using a whole device as a keyfile

From: Paul Gideon Dann --- grub-core/disk/cryptodisk.c | 86 +++-- 1 file changed, 68 insertions(+), 18 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index 6fc2c23aa..a8937e5e3 100644 ---

[PATCH 5/7] Cryptomount support for hyphens in UUID

From: John Lane <j...@lane.uk.net> --- grub-core/disk/cryptodisk.c | 20 +--- grub-core/disk/luks.c | 26 -- include/grub/cryptodisk.h | 2 ++ 3 files changed, 27 insertions(+), 21 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/gru

[PATCH 1/7] Cryptomount support LUKS detached header

From: John Lane <j...@lane.uk.net> --- grub-core/disk/cryptodisk.c | 22 ++ grub-core/disk/geli.c | 7 +-- grub-core/disk/luks.c | 45 + include/grub/cryptodisk.h | 5 +++-- 4 files changed, 63 insertions(

[PATCH 2/7] Cryptomount support key files

From: John Lane <j...@lane.uk.net> --- grub-core/disk/cryptodisk.c | 46 - grub-core/disk/geli.c | 4 +++- grub-core/disk/luks.c | 44 +-- include/grub/cryptodisk.h | 5 - 4 files chang

[PATCH 6/7] Retain constness of parameters.

From: Denis Kasak --- grub-core/disk/cryptodisk.c | 2 +- include/grub/cryptodisk.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index c442d3a34..6fc2c23aa 100644 ---

Re: Support for detached LUKS header

> Could anyone give their approval for merging? > May I ask you or the original author to rebase the patches > on the latest master? Then I will take a look. And please > do not forget to CC me. > Daniel Daniel I am the original author of the aforementioned patches. I have reapplied my

Re: Cryptomount enhancements - revised

On 29/07/15 18:21, Andrei Borzenkov wrote: В Wed, 29 Jul 2015 07:48:41 +0100 John Lane g...@jelmail.com пишет: On 28/07/15 22:38, Vladimir 'phcoder' Serbinenko wrote: Other than 3 and 5 they require difficult configuration. Mapping devices in GRUB isn't trivial. Those features are difficult

Re: [PATCH 5/5] Cryptomount support for hyphens in UUID

On 29/07/15 17:51, Andrei Borzenkov wrote: That not what I mean. This patch ignores hyphens in UUID for any current and future crypto backends. This means that it cannot distinguish between 11-122 and 111-22 as UUID. And we cannot be sure we never meet such backend. do you really think

Re: [PATCH 5/5] Cryptomount support for hyphens in UUID

On 29/07/15 04:08, Andrei Borzenkov wrote: I still believe that generally ignoring hyphens for every future crypto implementation is wrong. In future we simply should avoid mangling UUID. So this should be restricted to LUKS only, where the problem exists. Andrei I modified this in response

Re: Cryptomount enhancements - revised

On 28/07/15 22:38, Vladimir 'phcoder' Serbinenko wrote: Other than 3 and 5 they require difficult configuration. Mapping devices in GRUB isn't trivial. Those features are difficult to autoconfigure. Consider plain mode: how will you find which disk is yours when you have 5 disks all looking

Re: Cryptomount enhancements - revised

On 29/06/15 15:30, John Lane wrote: These patches provide extensions to the cryptomount command. There are five patches [PATCH 1/5] Cryptomount support LUKS detached header Support LUKS detached headers so that the header can be separated from the data payload, e.g. by storing

Re: Help output inconsistency: -v vs. -V

My natural inclination is to reach for -v when I want verbose output from something and fall back to --verbose if that doesn't work. I usually go straight for --version when wanting that info. So, -V for--version and -v for --verbose works for me. On 29/06/15 18:50, Andrei Borzenkov wrote: We

[PATCH 1/5] Cryptomount support LUKS detached header

From: John Lane j...@lane.uk.net --- grub-core/disk/cryptodisk.c | 22 ++ grub-core/disk/geli.c | 7 +-- grub-core/disk/luks.c | 45 + include/grub/cryptodisk.h | 5 +++-- 4 files changed, 63 insertions(+), 16

Cryptomount enhancements - revised

These patches provide extensions to the cryptomount command. There are five patches [PATCH 1/5] Cryptomount support LUKS detached header Support LUKS detached headers so that the header can be separated from the data payload, e.g. by storing on external removable media such as a USB key.

[PATCH 2/5] Cryptomount support key files

From: John Lane j...@lane.uk.net --- grub-core/disk/cryptodisk.c | 46 - grub-core/disk/geli.c | 4 +++- grub-core/disk/luks.c | 44 +-- include/grub/cryptodisk.h | 5 - 4 files changed, 82

[PATCH 4/5] Cryptomount support plain dm-crypt

From: John Lane j...@lane.uk.net --- grub-core/disk/cryptodisk.c | 298 +++- grub-core/disk/luks.c | 195 + include/grub/cryptodisk.h | 8 ++ 3 files changed, 310 insertions(+), 191 deletions(-) diff --git a/grub-core

[PATCH 3/5] cryptomount luks allow multiple passphrase attempts

From: John Lane j...@lane.uk.net --- grub-core/disk/luks.c | 278 ++ 1 file changed, 143 insertions(+), 135 deletions(-) diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 5882368..11e437e 100644 --- a/grub-core/disk/luks.c +++ b

Re: [PATCH 5/5] Cryptomount support for hyphens in UUID

This revised patch uses a compare function. It doesn't modify the input supplied by the user. There are 3 places where UUIDs are compared: 1. when a crypto disk is referenced as a (cryptouuid/...) #cryotodisk.c grub_cryptodisk_open 2. when the -u argument is given to cryptomount it checks by the

[PATCH 5/5] Cryptomount support for hyphens in UUID

From: John Lane j...@lane.uk.net --- grub-core/disk/cryptodisk.c | 20 +--- grub-core/disk/luks.c | 26 -- include/grub/cryptodisk.h | 2 ++ 3 files changed, 27 insertions(+), 21 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core

Re: [PATCH 3/5] cryptomount luks allow multiple passphrase attempts

When opening a LUKS volume the user has 2 chances to supply a correct passphrase. if the first attempt fails then the passphrase prompt appears again. if keyfile given then the first attempt is the uses that instead of prompting; failure will then prompt the user for a passphrase. This does not

Re: [PATCH 2/4] Cryptomount support key files

On 24/06/15 13:02, Andrei Borzenkov wrote: On Wed, Jun 24, 2015 at 2:26 PM, John Lane g...@jelmail.com wrote: + + keyfile_size = grub_file_read (keyfile, key, keyfile_size); + if (keyfile_size == (grub_size_t)-1) + return grub_errno; If keyfile size is explicitly given, I

Re: [PATCH 2/4] Cryptomount support key files

On 24/06/15 07:59, Andrei Borzenkov wrote: On Tue, Jun 23, 2015 at 8:27 PM, John Lane g...@jelmail.com wrote: -err = cr-recover_key (source, dev, hdr); +err = cr-recover_key (source, dev, hdr, key, keyfile_size); You never clear key variable, so after the first call all subsequent

Re: [PATCH 2/4] Cryptomount support key files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Comments inline. I'll resubmit the patch set with changes as per comments. On 20/06/15 05:54, Andrei Borzenkov wrote: В Tue, 16 Jun 2015 10:11:13 +0100 John Lane j...@lane.uk.net пишет: --- grub-core/disk/cryptodisk.c | 34

[PATCH 2/4] Cryptomount support key files

--- grub-core/disk/cryptodisk.c | 34 +++-- grub-core/disk/geli.c | 4 +++- grub-core/disk/luks.c | 46 +++-- include/grub/cryptodisk.h | 5 - 4 files changed, 71 insertions(+), 18 deletions(-) diff --git

Cryptomount enhancements: detached headers, key-files and plain mode

These patches provide extensions to the cryptomount command. There are four patches: 1. Support LUKS detached headers so that the header can be separated from the data payload, e.g. by storing on external removable media such as a USB key. 2. Support key files so that passphrase entry can be

[PATCH 1/4] Cryptomount support LUKS detached header

--- grub-core/disk/cryptodisk.c | 23 +++ grub-core/disk/geli.c | 7 +-- grub-core/disk/luks.c | 45 + include/grub/cryptodisk.h | 5 +++-- 4 files changed, 64 insertions(+), 16 deletions(-) diff --git

[PATCH 4/4] Cryptomount support for hyphens in UUID

--- grub-core/disk/cryptodisk.c | 9 + grub-core/disk/luks.c | 1 + include/grub/cryptodisk.h | 3 +++ 3 files changed, 13 insertions(+) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index c519c55..b800d6f 100644 --- a/grub-core/disk/cryptodisk.c +++

[PATCH 3/4] Cryptomount support plain dm-crypt

--- grub-core/disk/cryptodisk.c | 298 +++- grub-core/disk/luks.c | 205 +- include/grub/cryptodisk.h | 8 ++ 3 files changed, 309 insertions(+), 202 deletions(-) diff --git a/grub-core/disk/cryptodisk.c

Re: [PATCH 3/4] Cryptomount support plain dm-crypt

A little explanation of what the patch does; most of the code in this patch already existed. I extracted the in-line code from luks.c that creates the crypto disk into a new cryptomount function called grub_cryptodisk_create that is then used by the luks module and is also avilable to the

Re: Patches to cryptomount (plain support, keyfiles and LUKS detached headers)

On 13/06/15 06:27, Andrei Borzenkov wrote: В Fri, 12 Jun 2015 20:15:32 +0100 John Lane g...@jelmail.com пишет: Sorry, we cannot accept patches which aren't sent to this ml by author. I've attached the patches here. They apply clean to c945ca75. Sending them as patch series in mail body would

Re: Patches to cryptomount (plain support, keyfiles and LUKS detached headers)

I did some work a while ago to update the crypto routines to support LUKS detached headers. I've been busy on other things but just found some time to update to the current master head. On 22/01/15 21:04, Vladimir 'φ-coder/phcoder' Serbinenko wrote: On 15.12.2014 12:30, John Lane wrote: Hello