On Jan 18, 2015, Andrei Borzenkov <arvidj...@gmail.com> wrote: > I suggest you cooperate with John for this; he has a set of patches to > support it as well. See also http://grub.johnlane.ie/.
Nice, for some reason I didn't find his patchset in my web searches. I ended up using his code to update the crypto modules in libreboot on my x60, and a slight variant of mine to update them for use along with BLAG 200k's grub on other machines that are not yet running a Free BIOS. If there's interest, I can post my updated patches here, but I'd be just as happy if John's patchset made it. > Just pass in passphrase+len. Do not expect anything about content of > passphrase file at all. Done. > You can always unlock encrypted filesystem manually, right? As long as grub isn't hosed ;-) In some of my attempts earlier today, it was. Fortunately I'd saved a working grub on a pen drive, and so bringing the machine back to a working condition wasn't too hard. > Hmm ... I'm not sure whether we should fallback to asking user. The whole > point of using keyfile is to avoid user interaction in the first place, > right? Well, sort of. My goal was to let the machine boot up with a pen drive or entering the key manually, so the fallback made sense. I can get this effect by just trying with --keyfile first, and without it afterwards. >> + else if ((grub_size_t)size >= sizeof (buf)) > Can it be larger than sizeof(buf)? No, but it doesn't hurt to play safe, does it? > Is it prohibited to have new line or carriage return in passphrase file? That was one bit I was uncertain about. Keyboard-entered ones certainly can't, but there's no reason I can think of to actually exclude them from files. I was concerned, however, about someone writing a passphrase normally entered by hand to a file with a trailing newline. That wouldn't work. The file should not have the trailing newline. -- Alexandre Oliva, freedom fighter http://FSFLA.org/~lxoliva/ You must be the change you wish to see in the world. -- Gandhi Be Free! -- http://FSFLA.org/ FSF Latin America board member Free Software Evangelist|Red Hat Brasil GNU Toolchain Engineer _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel