diff --git a/0003-grub-install-support-prep-environment-block.patch b/0003-grub-install-support-prep-environment-block.patch index f7c598d..60c7bcd 100644 --- a/0003-grub-install-support-prep-environment-block.patch +++ b/0003-grub-install-support-prep-environment-block.patch @@ -9,13 +9,18 @@ variables to facilitate root device discovery. So far these variables are defined for this purpose: ENV_FS_UUID - The filesystem uuid for the grub root device -ENV_CRYPTO_UUID - The crytodisk uuid for the grub root device +ENV_CRYPTO_UUID - The crytodisk uuid for the grub root device separated +by space ENV_GRUB_DIR - The path to grub prefix directory ENV_HINT - The recommended hint string for searching root device The size of environment block is defined in GRUB_ENVBLK_PREP_SIZE which is 4096 bytes and can be extended in the future. +v2: Improve detection of ENV_CRYPTO_UUID by traversing all members of +the logical disk and utilize a space as a separator when multiple UUIDs +are found (bsc#1216075). + Signed-off-by: Michael Chang --- include/grub/lib/envblk.h | 3 +++ @@ -44,7 +49,49 @@ Signed-off-by: Michael Chang #include -@@ -2138,6 +2139,43 @@ +@@ -609,6 +610,41 @@ + } + } + ++static char * ++cryptodisk_uuids (grub_disk_t disk, int in_recurse) ++{ ++ grub_disk_memberlist_t list = NULL, tmp; ++ static char *ret; ++ ++ if (!in_recurse) ++ ret = NULL; ++ ++ if (disk->dev->disk_memberlist) ++ list = disk->dev->disk_memberlist (disk); ++ ++ while (list) ++ { ++ ret = cryptodisk_uuids (list->disk, 1); ++ tmp = list->next; ++ free (list); ++ list = tmp; ++ } ++ ++ if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID) ++ { ++ if (!ret) ++ ret = grub_strdup (grub_util_cryptodisk_get_uuid (disk)); ++ else ++ { ++ char *s = grub_xasprintf ("%s %s", grub_util_cryptodisk_get_uuid (disk), ret); ++ grub_free (ret); ++ ret = s; ++ } ++ } ++ ++ return ret; ++} ++ + static int + is_same_disk (const char *a, const char *b) + { +@@ -2138,6 +2174,43 @@ if (write_to_disk (ins_dev, imgfile)) grub_util_error ("%s", _("failed to copy Grub to the PReP partition")); grub_set_install_backup_ponr (); @@ -52,13 +99,13 @@ Signed-off-by: Michael Chang + if ((signed_grub_mode >= SIGNED_GRUB_FORCE) || ((signed_grub_mode == SIGNED_GRUB_AUTO) && (ppc_sb_state > 0))) + { + char *uuid = NULL; -+ const char *cryptouuid = NULL; + grub_envblk_t envblk = NULL; + char *buf; ++ char *cryptouuid = NULL; ++ ++ if (grub_dev->disk) ++ cryptouuid = cryptodisk_uuids (grub_dev->disk, 0); + -+ /* TODO: Add LVM/RAID on encrypted partitions */ -+ if (grub_dev->disk && grub_dev->disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID) -+ cryptouuid = grub_util_cryptodisk_get_uuid (grub_dev->disk); + if (grub_fs->fs_uuid && grub_fs->fs_uuid (grub_dev, &uuid)) + { + grub_print_error (); diff --git a/grub2.changes b/grub2.changes index 96793eb..96aa6ea 100644 --- a/grub2.changes +++ b/grub2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Oct 16 08:05:03 UTC 2023 - Michael Chang + +- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks + when signed image installation is specified (bsc#1216075) + * 0003-grub-install-support-prep-environment-block.patch +- grub2.spec: Add support to unlocking multiple encrypted disks in signed + grub.elf image for logical disks + ------------------------------------------------------------------- Fri Oct 6 05:06:59 UTC 2023 - Michael Chang @@ -90,7 +99,7 @@ Thu Aug 3 03:24:41 UTC 2023 - Gary Ching-Pang Lin ------------------------------------------------------------------- Thu Jul 27 06:16:36 UTC 2023 - Michael Chang -- Version bump to 2.12~rc1 +- Version bump to 2.12~rc1 (PED-5589) * Added: - grub-2.12~rc1.tar.xz * Removed: diff --git a/grub2.spec b/grub2.spec index 2d65c05..c60f4e8 100644 --- a/grub2.spec +++ b/grub2.spec @@ -827,6 +827,7 @@ fi echo "ENV_HINT=$ENV_HINT" echo "ENV_GRUB_DIR=$ENV_GRUB_DIR" echo "ENV_FS_UUID=$ENV_FS_UUID" +echo "ENV_CRYPTO_UUID=$ENV_CRYPTO_UUID" if [ "$btrfs_relative_path" = xy ]; then btrfs_relative_path=1 @@ -861,9 +862,9 @@ set prefix="" set root="" set cfg="grub.cfg" -if [ "$ENV_CRYPTO_UUID" ]; then - cryptomount -u "$ENV_CRYPTO_UUID" -fi +for uuid in $ENV_CRYPTO_UUID; do + cryptomount -u $uuid +done if [ "$ENV_FS_UUID" ]; then echo "searching for $ENV_FS_UUID with $hints"