From 0b37653ab908093a108cfe3cbcb4e8d378428d26 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Wed, 12 Jun 2024 00:58:22 +0100 Subject: grub: only enable nvme if needed on a board remove nvme support from the "default" grub tree now there are three trees: * default: no xhci or nvme patches * nvme: contains nvme support * xhci: contains xhci and nvme support this is in case a bug like lbmk issue #216 ever occurs again, as referenced before during lbmk audit 5 there is no indication that the nvme patch causes any issues, but after previous experience i want to be sure Signed-off-by: Leah Rowe --- .../0007-Compile-with-Argon2id-support.patch | 83 ++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch (limited to 'config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch') diff --git a/config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch b/config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch new file mode 100644 index 00000000..f2e26fd4 --- /dev/null +++ b/config/grub/nvme/patches/0002-luks2/0007-Compile-with-Argon2id-support.patch @@ -0,0 +1,83 @@ +From 0a21695c55f76f1c958bb633481d55b3168562f7 Mon Sep 17 00:00:00 2001 +From: Ax333l +Date: Thu, 17 Aug 2023 00:00:00 +0000 +Subject: [PATCH 5/6] Compile with Argon2id support + +Signed-off-by: Nicholas Johnson +--- + Makefile.util.def | 6 +++++- + grub-core/Makefile.core.def | 2 +- + grub-core/disk/luks2.c | 13 +++++++++++-- + 3 files changed, 17 insertions(+), 4 deletions(-) + +diff --git a/Makefile.util.def b/Makefile.util.def +index 1e9a13d3e..a167825c3 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl; + library = { + name = libgrubkern.a; + cflags = '$(CFLAGS_GNULIB)'; +- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json'; ++ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2'; + + common = util/misc.c; + common = grub-core/kern/command.c; +@@ -36,6 +36,10 @@ library = { + common = grub-core/kern/misc.c; + common = grub-core/kern/partition.c; + common = grub-core/lib/crypto.c; ++ common = grub-core/lib/argon2/argon2.c; ++ common = grub-core/lib/argon2/core.c; ++ common = grub-core/lib/argon2/ref.c; ++ common = grub-core/lib/argon2/blake2/blake2b.c; + common = grub-core/lib/json/json.c; + common = grub-core/disk/luks.c; + common = grub-core/disk/luks2.c; +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 4a06789e5..e939dcc99 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1238,7 +1238,7 @@ module = { + common = disk/luks2.c; + common = lib/gnulib/base64.c; + cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; +- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json'; ++ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2'; + }; + + module = { +diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c +index bc818ea69..5b9eaa599 100644 +--- a/grub-core/disk/luks2.c ++++ b/grub-core/disk/luks2.c +@@ -27,6 +27,7 @@ + #include + #include + ++#include + #include + #include + +@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key, + { + case LUKS2_KDF_TYPE_ARGON2I: + case LUKS2_KDF_TYPE_ARGON2ID: +- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); +- goto err; ++ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus, ++ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size, ++ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id, ++ ARGON2_VERSION_NUMBER); ++ if (ret) ++ { ++ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret)); ++ goto err; ++ } ++ break; + case LUKS2_KDF_TYPE_PBKDF2: + hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash); + if (!hash) +-- +2.39.2 + -- cgit v1.2.1