On Tue, Jan 30, 2024 at 10:18:20AM -0500, Nikolaos Chatzikonstantinou wrote: > I want to share a small update: > > I'm reading the GRUB source code for the memory manager to get a bit > acclimated. I was surprised to see libgcrypt depend on <stdio.h>.
Hmmm... > Asking around, the monocypher library was brought to my attention, > <https://monocypher.org/>. No external dependencies, the license is > compatible, just two files monocypher.c and .h that can be bundled, > supports argon2, and it's already used by some bootloaders/firmware > (ArduPilot Project, Joulescope). It is however written in pure C99; it > seems to me that it supports architectures that a C99 compiler can > target. > > While the goal of upgrading libgcrypt is noble, it is a bit scary as > libgcrypt seems difficult to navigate for me, the import_gcry.py > script also being hard to read. So I have the following questions: > > 1) What are the cryptographic requirements of GRUB? I.e. which > features and algorithms does GRUB require right now? > 2) Can we include monocypher just for the purpose of unlocking > argon2-configured luks2 partitions? > 3) Is it of interest to replace libgcrypt entirely (if possible, with > monocypher e.g.?) If this change will not break (much) currently existing features and simplify the code I am OK with doing this experiment. > If the best plan to go ahead with is to upgrade libgcrypt, as I've > said before, it would be good to know the version currently bundled > with GRUB (I'm just reiterating this point.) But from my viewpoint, Let me poke Vladimir once again... > libgcrypt is a userland library with a wide range of features; perhaps > not the most appropriate for a bootloader. I'm wondering if the > reasons that led to choosing libgcrypt in the past for GRUB can be > reevaluated now that there are more options for cryptographic > libraries. As I said above, I am OK with reevaluating current libgcrypt approach. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel