diff options
author | Leah Rowe <leah@libreboot.org> | 2024-06-12 00:58:22 +0100 |
---|---|---|
committer | Leah Rowe <leah@libreboot.org> | 2024-06-12 00:58:22 +0100 |
commit | 0b37653ab908093a108cfe3cbcb4e8d378428d26 (patch) | |
tree | 4fd3b33c728b8c8aed5b6b3df7867c02b8887b71 /config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch | |
parent | 1952db55540606b2fb00ddd4be9e358dbc99ef8b (diff) |
grub: only enable nvme if needed on a board
remove nvme support from the "default" grub tree
now there are three trees:
* default: no xhci or nvme patches
* nvme: contains nvme support
* xhci: contains xhci and nvme support
this is in case a bug like lbmk issue #216 ever occurs
again, as referenced before during lbmk audit 5
there is no indication that the nvme patch causes any
issues, but after previous experience i want to be sure
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch')
-rw-r--r-- | config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch b/config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch new file mode 100644 index 00000000..f2e26fd4 --- /dev/null +++ b/config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch @@ -0,0 +1,83 @@ +From 0a21695c55f76f1c958bb633481d55b3168562f7 Mon Sep 17 00:00:00 2001 +From: Ax333l <main@axelen.xyz> +Date: Thu, 17 Aug 2023 00:00:00 +0000 +Subject: [PATCH 5/6] Compile with Argon2id support + +Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> +--- + Makefile.util.def | 6 +++++- + grub-core/Makefile.core.def | 2 +- + grub-core/disk/luks2.c | 13 +++++++++++-- + 3 files changed, 17 insertions(+), 4 deletions(-) + +diff --git a/Makefile.util.def b/Makefile.util.def +index 1e9a13d3e..a167825c3 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl; + library = { + name = libgrubkern.a; + cflags = '$(CFLAGS_GNULIB)'; +- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json'; ++ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2'; + + common = util/misc.c; + common = grub-core/kern/command.c; +@@ -36,6 +36,10 @@ library = { + common = grub-core/kern/misc.c; + common = grub-core/kern/partition.c; + common = grub-core/lib/crypto.c; ++ common = grub-core/lib/argon2/argon2.c; ++ common = grub-core/lib/argon2/core.c; ++ common = grub-core/lib/argon2/ref.c; ++ common = grub-core/lib/argon2/blake2/blake2b.c; + common = grub-core/lib/json/json.c; + common = grub-core/disk/luks.c; + common = grub-core/disk/luks2.c; +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 4a06789e5..e939dcc99 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1238,7 +1238,7 @@ module = { + common = disk/luks2.c; + common = lib/gnulib/base64.c; + cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; +- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json'; ++ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2'; + }; + + module = { +diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c +index bc818ea69..5b9eaa599 100644 +--- a/grub-core/disk/luks2.c ++++ b/grub-core/disk/luks2.c +@@ -27,6 +27,7 @@ + #include <grub/partition.h> + #include <grub/i18n.h> + ++#include <argon2.h> + #include <base64.h> + #include <json.h> + +@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key, + { + case LUKS2_KDF_TYPE_ARGON2I: + case LUKS2_KDF_TYPE_ARGON2ID: +- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); +- goto err; ++ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus, ++ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size, ++ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id, ++ ARGON2_VERSION_NUMBER); ++ if (ret) ++ { ++ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret)); ++ goto err; ++ } ++ break; + case LUKS2_KDF_TYPE_PBKDF2: + hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash); + if (!hash) +-- +2.39.2 + |