SHA256
1
0
forked from pool/grub2
grub2/0002-cryptodisk-Fallback-to-passphrase.patch
Michael Chang 53da76e569 Accepting request 1174325 from home:gary_lin:branches:Base:System
- Update to the latest upstreaming TPM2 patches
  * 0001-key_protector-Add-key-protectors-framework.patch
    - Replace 0001-protectors-Add-key-protectors-framework.patch
  * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
    - Merge other TSS patches
      * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch
      * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch
      * 0003-tpm2-Implement-more-TPM2-commands.patch
  * 0003-key_protector-Add-TPM2-Key-Protector.patch
    - Replace 0003-protectors-Add-TPM2-Key-Protector.patch
  * 0004-cryptodisk-Support-key-protectors.patch
  * 0005-util-grub-protect-Add-new-tool.patch
  * 0001-tpm2-Support-authorized-policy.patch
    - Replace 0004-tpm2-Support-authorized-policy.patch
  * 0001-tpm2-Add-extra-RSA-SRK-types.patch
  * 0001-tpm2-Implement-NV-index.patch
    - Replace 0001-protectors-Implement-NV-index.patch
  * 0002-cryptodisk-Fallback-to-passphrase.patch
  * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
  * 0004-diskfilter-look-up-cryptodisk-devices-first.patch
- Refresh affected patches
  * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
  * grub2-bsc1220338-key_protector-implement-the-blocklist.patch
- New manpage for grub2-protect

OBS-URL: https://build.opensuse.org/request/show/1174325
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=504
2024-05-16 07:26:55 +00:00

44 lines
1.4 KiB
Diff

From e62b26f9765e309691e014f322d4b02b220956a1 Mon Sep 17 00:00:00 2001
From: Patrick Colp <patrick.colp@oracle.com>
Date: Sun, 30 Jul 2023 12:58:18 -0700
Subject: [PATCH 2/4] cryptodisk: Fallback to passphrase
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
proceeding with the passphrase.
Signed-off-by: Patrick Colp <patrick.colp@oracle.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
grub-core/disk/cryptodisk.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index af4104178..f9842f776 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1193,11 +1193,16 @@ grub_cryptodisk_scan_device_real (const char *name,
source->name, source->partition != NULL ? "," : "",
part != NULL ? part : N_("UNKNOWN"), dev->uuid);
grub_free (part);
- goto error;
}
if (!cargs->key_len)
{
+ if (grub_errno)
+ {
+ grub_print_error ();
+ grub_errno = GRUB_ERR_NONE;
+ }
+
/* Get the passphrase from the user, if no key data. */
askpass = 1;
part = grub_partition_get_name (source->partition);
--
2.35.3