smallsolar/u-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luks: Support a pre-derived key

Browse Source 
Update luks_unlock() to support a pre-derived key, such as that obtained
from a TKey. This must match the key_size of the LUKS partition,
otherwise it will fail to unlock.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
This commit is contained in:
Simon Glass
2025-11-16 10:51:36 -07:00
parent c8b4ede816
commit 48dd57511c
4 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/luks.c
View File

@@ -89,7 +89,7 @@ static int do_luks_unlock(struct cmd_tbl *cmdtp, int flag, int argc,
/* Unlock the partition to get the master key */
ret = luks_unlock(dev_desc->bdev, &info, (const u8 *)passphrase,
strlen(passphrase), master_key, &key_size);
strlen(passphrase), false, master_key, &key_size);
if (ret) {
printf("Failed to unlock LUKS partition (err %dE)\n", ret);
return CMD_RET_FAILURE;

11
drivers/block/luks.c
View File

@@ -590,7 +590,8 @@ out:
}
int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
const u8 *pass, size_t pass_len, u8 *master_key, u32 *key_sizep)
const u8 *pass, size_t pass_len, bool pre_derived,
u8 *master_key, u32 *key_sizep)
{
uint version, hdr_blocks;
struct luks1_phdr *hdr;
@@ -625,12 +626,12 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
switch (version) {
case LUKS_VERSION_1:
hdr = (struct luks1_phdr *)buffer;
ret = unlock_luks1(blk, pinfo, hdr, pass, pass_len, master_key,
false, key_sizep);
ret = unlock_luks1(blk, pinfo, hdr, pass, pass_len,
pre_derived, master_key, key_sizep);
break;
case LUKS_VERSION_2:
ret = unlock_luks2(blk, pinfo, pass, pass_len, master_key,
key_sizep);
ret = unlock_luks2(blk, pinfo, pass, pass_len, pre_derived,
master_key, key_sizep);
break;
default:
log_debug("unsupported LUKS version %d\n", version);

4
include/luks.h
View File

@@ -158,8 +158,8 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo);
* -EIO if failed to read from block device
*/
int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
const u8 *pass, size_t pass_len, u8 *master_key,
u32 *key_size);
const u8 *pass, size_t pass_len, bool pre_derived,
u8 *master_key, u32 *key_size);
/**
* luks_create_blkmap() - Create a blkmap device for a LUKS partition

2
test/boot/luks.c
View File

@@ -275,7 +275,7 @@ static int bootstd_test_luks2_unlock(struct unit_test_state *uts)
/* Test that unlock fails for partition 1 (not LUKS) */
ut_assertok(part_get_info(desc, 1, &info));
ut_asserteq(-ENOENT, luks_unlock(desc->bdev, &info, (const u8 *)"test",
4, master_key, &key_size));
4, false, master_key, &key_size));
/* Test unlocking partition 2 with correct passphrase */
ut_assertok(run_command("luks unlock mmc c:2 test", 0));