Update luks_unlock() to support a pre-derived key, such as that obtained from a TKey. This must match the key_size of the LUKS partition, otherwise it will fail to unlock. Signed-off-by: Simon Glass <simon.glass@canonical.com> --- cmd/luks.c | 2 +- drivers/block/luks.c | 11 ++++++----- include/luks.h | 4 ++-- test/boot/luks.c | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/cmd/luks.c b/cmd/luks.c index defd987776d..47d3e5bed7b 100644 --- a/cmd/luks.c +++ b/cmd/luks.c @@ -89,7 +89,7 @@ static int do_luks_unlock(struct cmd_tbl *cmdtp, int flag, int argc, /* Unlock the partition to get the master key */ ret = luks_unlock(dev_desc->bdev, &info, (const u8 *)passphrase, - strlen(passphrase), master_key, &key_size); + strlen(passphrase), false, master_key, &key_size); if (ret) { printf("Failed to unlock LUKS partition (err %dE)\n", ret); return CMD_RET_FAILURE; diff --git a/drivers/block/luks.c b/drivers/block/luks.c index 3fc54dbbb9a..10ef4a2e31a 100644 --- a/drivers/block/luks.c +++ b/drivers/block/luks.c @@ -590,7 +590,8 @@ out: } int luks_unlock(struct udevice *blk, struct disk_partition *pinfo, - const u8 *pass, size_t pass_len, u8 *master_key, u32 *key_sizep) + const u8 *pass, size_t pass_len, bool pre_derived, + u8 *master_key, u32 *key_sizep) { uint version, hdr_blocks; struct luks1_phdr *hdr; @@ -625,12 +626,12 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo, switch (version) { case LUKS_VERSION_1: hdr = (struct luks1_phdr *)buffer; - ret = unlock_luks1(blk, pinfo, hdr, pass, pass_len, master_key, - false, key_sizep); + ret = unlock_luks1(blk, pinfo, hdr, pass, pass_len, + pre_derived, master_key, key_sizep); break; case LUKS_VERSION_2: - ret = unlock_luks2(blk, pinfo, pass, pass_len, master_key, - key_sizep); + ret = unlock_luks2(blk, pinfo, pass, pass_len, pre_derived, + master_key, key_sizep); break; default: log_debug("unsupported LUKS version %d\n", version); diff --git a/include/luks.h b/include/luks.h index 8826fa96507..da9be12e2a3 100644 --- a/include/luks.h +++ b/include/luks.h @@ -158,8 +158,8 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo); * -EIO if failed to read from block device */ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo, - const u8 *pass, size_t pass_len, u8 *master_key, - u32 *key_size); + const u8 *pass, size_t pass_len, bool pre_derived, + u8 *master_key, u32 *key_size); /** * luks_create_blkmap() - Create a blkmap device for a LUKS partition diff --git a/test/boot/luks.c b/test/boot/luks.c index 93cc8ce6681..dfd6f7b411c 100644 --- a/test/boot/luks.c +++ b/test/boot/luks.c @@ -275,7 +275,7 @@ static int bootstd_test_luks2_unlock(struct unit_test_state *uts) /* Test that unlock fails for partition 1 (not LUKS) */ ut_assertok(part_get_info(desc, 1, &info)); ut_asserteq(-ENOENT, luks_unlock(desc->bdev, &info, (const u8 *)"test", - 4, master_key, &key_size)); + 4, false, master_key, &key_size)); /* Test unlocking partition 2 with correct passphrase */ ut_assertok(run_command("luks unlock mmc c:2 test", 0)); -- 2.43.0