help-grub
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Support for plain dm-crypt and detached LUKS header

From: Mat628
Subject: Re: Support for plain dm-crypt and detached LUKS header
Date: Tue, 11 Apr 2017 01:05:35 -0400 
>I would personally assume that something could be done in the dedicated 
>/etc/grub.d/ directories that would allow grub-mkconfig to function as 
>required without changing anything to it?

Xen, that is probably possible, but I chose to modify grub-mkconfig_lib.in 
because that is where the original code to mount a cryptodisk is echoed to 
grub.cfg.

Unmodified grub-2.02-rc2 grub-mkconfig_lib.in

prepare_grub_to_access_device ()
{
.
.
.
if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do
echo "cryptomount -u $uuid"
done
fi
----------------
"cryptomount -u $uuid" is echoed into grub.cfg as seen below
----------------

menuentry 'Ubuntu GNU/Linux'{
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha1
insmod lvm
insmod ext2
cryptomount -u f804b7d24ec3460aaa45b0bcd8d294ac
set root='lvmid/mi5iPo-r7rN-RZ5n-oD5M-7UNA-espt-Y5JCrX/
----------------

Now with my modified grub-mkconfig_lib.in it replaces all instances of 
"cryptomount -u $uuid" with the contents of mattle_opts.cfg by echoing the 
contents instead of echoing "cryptomount -u $uuid". Now to do the same as above 
but for a LUKS device with detached header.

mattle_opts.cfg file contents -->

search.pt_uuid 12345678-01 luks_device
search.fs_uuid 1234-5678 usb_with_header_file
cryptomount --header=($usb_with_header_file)/header.bin ($luks_device)
----------------
prepare_grub_to_access_device ()
{
.
.
.
if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
if [ x$GRUB_ENABLE_CRYPTODISK_MATTLE_OPTS = xy ]; then
.
.
.
if test -f "${prefix}/etc/mattle_opts.cfg"; then
while read -r WHOLE_FILE; do echo "$WHOLE_FILE" ; done < 
${prefix}/etc/mattle_opts.cfg
else
gettext_printf "Error: cannot open %s\n" "${prefix}/etc/mattle_opts.cfg" 1>&2
exit 1
fi
else
for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do
echo "cryptomount -u $uuid"
done
fi
fi
----------------
grub.cfg
----------------
menuentry 'Ubuntu GNU/Linux' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha1
insmod lvm
insmod ext2
search.pt_uuid 12345678-01 luks_device
search.fs_uuid 1234-5678 usb_with_header_file
cryptomount --header=($usb_with_header_file)/header.bin ($luks_device)
set root='lvmid/mi5iPo-r7rN-RZ5n-oD5M-7UNA-espt-Y5JCrX/
----------------

The grub.cfg is the same, including loaded modules, with the only difference 
from mattle_opts.cfg.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]