Accepting request 1118237 from home:michael-chang:branches:Base:System

- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks when signed image installation is specified (bsc#1216075) * 0003-grub-install-support-prep-environment-block.patch - grub2.spec: Add support to unlocking multiple encrypted disks in signed grub.elf image for logical disks - Version bump to 2.12~rc1 (PED-5589) OBS-URL: https://build.opensuse.org/request/show/1118237 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=469
2023-10-18 05:19:26 +00:00 · 2023-10-18 05:19:26 +00:00 · 891ae6ee6e
commit 891ae6ee6e
parent 9222984490
3 changed files with 67 additions and 10 deletions
--- a/0003-grub-install-support-prep-environment-block.patch
+++ b/0003-grub-install-support-prep-environment-block.patch
@ -9,13 +9,18 @@ variables to facilitate root device discovery. So far these variables
 are defined for this purpose:

 ENV_FS_UUID - The filesystem uuid for the grub root device
-ENV_CRYPTO_UUID - The crytodisk uuid for the grub root device
+ENV_CRYPTO_UUID - The crytodisk uuid for the grub root device separated
+by space
 ENV_GRUB_DIR - The path to grub prefix directory
 ENV_HINT - The recommended hint string for searching root device

 The size of environment block is defined in GRUB_ENVBLK_PREP_SIZE which
 is 4096 bytes and can be extended in the future.

+v2: Improve detection of ENV_CRYPTO_UUID by traversing all members of
+the logical disk and utilize a space as a separator when multiple UUIDs
+are found (bsc#1216075). 
+
 Signed-off-by: Michael Chang <mchang@suse.com>
 ---
 include/grub/lib/envblk.h |  3 +++
@ -44,7 +49,49 @@ Signed-off-by: Michael Chang <mchang@suse.com>
 
 #include <string.h>
 
-@@ -2138,6 +2139,43 @@
+@@ -609,6 +610,41 @@
+     }
+ }
+ 
+static char *
+cryptodisk_uuids (grub_disk_t disk, int in_recurse)
+{
+  grub_disk_memberlist_t list = NULL, tmp;
+  static char *ret;
+
+  if (!in_recurse)
+    ret = NULL;
+
+  if (disk->dev->disk_memberlist)
+    list = disk->dev->disk_memberlist (disk);
+
+  while (list)
+    {
+      ret = cryptodisk_uuids (list->disk, 1);
+      tmp = list->next;
+      free (list);
+      list = tmp;
+    }
+
+  if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
+    {
+      if (!ret)
+        ret = grub_strdup (grub_util_cryptodisk_get_uuid (disk));
+      else
+	{
+	  char *s = grub_xasprintf ("%s %s", grub_util_cryptodisk_get_uuid (disk), ret);
+	  grub_free (ret);
+	  ret = s;
+	}
+    }
+
+  return ret;
+}
+
+ static int
+ is_same_disk (const char *a, const char *b)
+ {
+@@ -2138,6 +2174,43 @@
 	  if (write_to_disk (ins_dev, imgfile))
 	    grub_util_error ("%s", _("failed to copy Grub to the PReP partition"));
 	  grub_set_install_backup_ponr ();
@ -52,13 +99,13 @@ Signed-off-by: Michael Chang <mchang@suse.com>
 +	  if ((signed_grub_mode >= SIGNED_GRUB_FORCE) || ((signed_grub_mode == SIGNED_GRUB_AUTO) && (ppc_sb_state > 0)))
 +	    {
 +	      char *uuid = NULL;
-+	      const char *cryptouuid = NULL;
 +	      grub_envblk_t envblk = NULL;
 +	      char *buf;
+	      char *cryptouuid = NULL;
+
+	      if (grub_dev->disk)
+		cryptouuid = cryptodisk_uuids (grub_dev->disk, 0);
 +
-+	      /* TODO: Add LVM/RAID on encrypted partitions */
-+	      if (grub_dev->disk && grub_dev->disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
-+		cryptouuid = grub_util_cryptodisk_get_uuid (grub_dev->disk);
 +	      if (grub_fs->fs_uuid && grub_fs->fs_uuid (grub_dev, &uuid))
 +		{
 +		  grub_print_error ();
--- a/grub2.changes
+++ b/grub2.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Oct 16 08:05:03 UTC 2023 - Michael Chang <mchang@suse.com>
+
+- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks
+  when signed image installation is specified (bsc#1216075) 
+  * 0003-grub-install-support-prep-environment-block.patch
+- grub2.spec: Add support to unlocking multiple encrypted disks in signed
+  grub.elf image for logical disks
+
 -------------------------------------------------------------------
 Fri Oct  6 05:06:59 UTC 2023 - Michael Chang <mchang@suse.com>

@ -90,7 +99,7 @@ Thu Aug  3 03:24:41 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
 -------------------------------------------------------------------
 Thu Jul 27 06:16:36 UTC 2023 - Michael Chang <mchang@suse.com>

- Version bump to 2.12~rc1
+- Version bump to 2.12~rc1 (PED-5589)
  * Added:
    - grub-2.12~rc1.tar.xz
  * Removed:
--- a/grub2.spec
+++ b/grub2.spec
@ -827,6 +827,7 @@ fi
 echo "ENV_HINT=$ENV_HINT"
 echo "ENV_GRUB_DIR=$ENV_GRUB_DIR"
 echo "ENV_FS_UUID=$ENV_FS_UUID"
+echo "ENV_CRYPTO_UUID=$ENV_CRYPTO_UUID"

 if [ "$btrfs_relative_path" = xy ]; then
  btrfs_relative_path=1
@ -861,9 +862,9 @@ set prefix=""
 set root=""
 set cfg="grub.cfg"

-if [ "$ENV_CRYPTO_UUID" ]; then
-  cryptomount -u "$ENV_CRYPTO_UUID"
-fi
+for uuid in $ENV_CRYPTO_UUID; do
+  cryptomount -u $uuid
+done

 if [ "$ENV_FS_UUID" ]; then
  echo "searching for $ENV_FS_UUID with $hints"