From: Simon Glass <simon.glass@canonical.com> We don't support storing the OS on an encrypted partition, but in some cases the root partition may be encrypted. Add an indication of this when listing the bootflows. Signed-off-by: Simon Glass <simon.glass@canonical.com> --- boot/bootflow.c | 5 +++-- cmd/bootflow.c | 15 ++++++++++++--- include/bootflow.h | 4 ++++ test/boot/bootflow.c | 44 +++++++++++++++++++++++--------------------- 4 files changed, 42 insertions(+), 26 deletions(-) diff --git a/boot/bootflow.c b/boot/bootflow.c index 30e0644a09e..0c389f78a28 100644 --- a/boot/bootflow.c +++ b/boot/bootflow.c @@ -108,11 +108,12 @@ static void report_bootflow_err(struct bootflow *bflow, int err) void bootflow_show(int index, struct bootflow *bflow, bool errors) { const char *name = bootflow_guess_label(bflow); + char enc_mark = (bflow->flags & BOOTFLOWF_ENCRYPTED) ? 'E' : ' '; - printf("%3x %-11s %-6s %-9.9s %4x %-25.25s %s\n", index, + printf("%3x %-11s %-6s %-9.9s %4x %c %-25.25s %s\n", index, bflow->method ? bflow->method->name : "(none)", bootflow_state_get_name(bflow->state), name, bflow->part, - bflow->name, bflow->fname ?: ""); + enc_mark, bflow->name, bflow->fname ?: ""); if (errors) report_bootflow_err(bflow, bflow->err); } diff --git a/cmd/bootflow.c b/cmd/bootflow.c index caff52fcc7c..93c1acb4f51 100644 --- a/cmd/bootflow.c +++ b/cmd/bootflow.c @@ -20,13 +20,13 @@ static void show_header(void) { - printf("Seq Method State Uclass Part Name Filename\n"); - printf("--- ----------- ------ -------- ---- ------------------------ ----------------\n"); + printf("Seq Method State Uclass Part E Name Filename\n"); + printf("--- ----------- ------ -------- ---- - ------------------------ ----------------\n"); } static void show_footer(int count, int num_valid) { - printf("--- ----------- ------ -------- ---- ------------------------ ----------------\n"); + printf("--- ----------- ------ -------- ---- - ------------------------ ----------------\n"); printf("(%d bootflow%s, %d valid)\n", count, count != 1 ? "s" : "", num_valid); } @@ -370,6 +370,15 @@ static int do_bootflow_info(struct cmd_tbl *cmdtp, int flag, int argc, printf("Method: %s\n", bflow->method ? bflow->method->name : "(none)"); printf("State: %s\n", bootflow_state_get_name(bflow->state)); printf("Partition: %d\n", bflow->part); + + /* Show encryption status with LUKS version if applicable */ + if (IS_ENABLED(CONFIG_BLK_LUKS)) { + if (bflow->flags & BOOTFLOWF_ENCRYPTED) + printf("Encrypted: LUKSv%d\n", bflow->luks_version); + else + printf("Encrypted: no\n"); + } + printf("Subdir: %s\n", bflow->subdir ? bflow->subdir : "(none)"); printf("Filename: %s\n", bflow->fname); printf("Buffer: "); diff --git a/include/bootflow.h b/include/bootflow.h index 3a5c7bce847..82ebef2c5c8 100644 --- a/include/bootflow.h +++ b/include/bootflow.h @@ -55,12 +55,14 @@ enum bootflow_state_t { * @BOOTFLOWF_USE_BUILTIN_FDT: Indicates that current bootflow uses built-in FDT * @BOOTFLOWF_FAKE_GO: Do a 'fake' boot, up to the last possible point, then * return + * @BOOTFLOWF_ENCRYPTED: Indicates that the partition is encrypted (e.g., LUKS) */ enum bootflow_flags_t { BOOTFLOWF_USE_PRIOR_FDT = BIT(0), BOOTFLOWF_STATIC_BUF = BIT(1), BOOTFLOWF_USE_BUILTIN_FDT = BIT(2), BOOTFLOWF_FAKE_GO = BIT(3), + BOOTFLOWF_ENCRYPTED = BIT(4), }; /** @@ -93,6 +95,7 @@ enum bootflow_flags_t { * @fdt_size: Size of FDT file * @fdt_addr: Address of loaded fdt * @flags: Flags for the bootflow (see enum bootflow_flags_t) + * @luks_version: LUKS version (1 or 2) if BOOTFLOWF_ENCRYPTED is set, else 0 * @cmdline: OS command line, or NULL if not known (allocated) * @x86_setup: Pointer to x86 setup block inside @buf, NULL if not present * @bootmeth_priv: Private data for the bootmeth @@ -118,6 +121,7 @@ struct bootflow { int fdt_size; ulong fdt_addr; int flags; + int luks_version; char *cmdline; void *x86_setup; void *bootmeth_priv; diff --git a/test/boot/bootflow.c b/test/boot/bootflow.c index 7baff4b0b0d..a1390ad9a6d 100644 --- a/test/boot/bootflow.c +++ b/test/boot/bootflow.c @@ -40,8 +40,8 @@ extern U_BOOT_DRIVER(bootmeth_2script); static u16 __efi_runtime_data test_vendor[] = u"U-Boot testing"; /* comment test strings */ -#define HEADER "Seq Method State Uclass Part Name Filename" -#define EXT0 " 0 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf" +#define HEADER "Seq Method State Uclass Part E Name Filename" +#define EXT0 " 0 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf" static int inject_response(struct unit_test_state *uts) { @@ -194,28 +194,28 @@ static int bootflow_cmd_scan_e(struct unit_test_state *uts) ut_assert_nextline(HEADER); ut_assert_nextlinen("---"); ut_assert_nextline("Scanning bootdev 'mmc2.bootdev':"); - ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); - ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); - ut_assert_nextline(" 2 vbe media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 2 vbe media mmc 0 mmc2.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); ut_assert_nextline("Scanning bootdev 'mmc1.bootdev':"); - ut_assert_nextline(" 3 extlinux media mmc 0 mmc1.bootdev.whole "); + ut_assert_nextline(" 3 extlinux media mmc 0 mmc1.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-2: No such file or directory"); - ut_assert_nextline(" 4 efi media mmc 0 mmc1.bootdev.whole "); + ut_assert_nextline(" 4 efi media mmc 0 mmc1.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-2: No such file or directory"); - ut_assert_nextline(" 5 vbe media mmc 0 mmc1.bootdev.whole "); + ut_assert_nextline(" 5 vbe media mmc 0 mmc1.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-2: No such file or directory"); - ut_assert_nextline(" 6 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf"); + ut_assert_nextline(" 6 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf"); ut_assert_nextline( - " 7 efi fs mmc 1 mmc1.bootdev.part_1 /EFI/BOOT/%s", + " 7 efi fs mmc 1 mmc1.bootdev.part_1 /EFI/BOOT/%s", efi_get_basename()); ut_assert_skip_to_line("Scanning bootdev 'mmc0.bootdev':"); ut_assert_skip_to_line( - " 5f vbe media mmc 0 mmc0.bootdev.whole "); + " 5f vbe media mmc 0 mmc0.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); ut_assert_nextline("No more bootdevs"); ut_assert_nextlinen("---"); @@ -226,9 +226,9 @@ static int bootflow_cmd_scan_e(struct unit_test_state *uts) ut_assert_nextline("Showing all bootflows"); ut_assert_nextline(HEADER); ut_assert_nextlinen("---"); - ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); - ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); - ut_assert_skip_to_line(" 5f vbe media mmc 0 mmc0.bootdev.whole "); + ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); + ut_assert_skip_to_line(" 5f vbe media mmc 0 mmc0.bootdev.whole "); ut_assert_nextlinen("---"); ut_assert_nextline("(96 bootflows, 1 valid)"); ut_assert_console_end(); @@ -253,6 +253,8 @@ static int bootflow_cmd_info(struct unit_test_state *uts) ut_assert_nextline("Method: extlinux"); ut_assert_nextline("State: ready"); ut_assert_nextline("Partition: 1"); + if (IS_ENABLED(CONFIG_BLK_LUKS)) + ut_assert_nextline("Encrypted: no"); ut_assert_nextline("Subdir: (none)"); ut_assert_nextline("Filename: /extlinux/extlinux.conf"); ut_assert_nextlinen("Buffer: "); @@ -503,7 +505,7 @@ static int bootflow_system(struct unit_test_state *uts) bootstd_clear_glob(); ut_assertok(run_command("bootflow scan -lH", 0)); ut_assert_skip_to_line( - " 1 efi_mgr ready (none) 0 <NULL> "); + " 1 efi_mgr ready (none) 0 <NULL> "); ut_assert_skip_to_line("No more bootdevs"); ut_assert_skip_to_line("(2 bootflows, 2 valid)"); ut_assert_console_end(); @@ -1309,8 +1311,8 @@ static int bootflow_cros(struct unit_test_state *uts) ut_assert_nextlinen("Seq"); ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); - ut_assert_nextlinen(" 1 cros ready mmc 2 mmc5.bootdev.part_2 "); - ut_assert_nextlinen(" 2 cros ready mmc 4 mmc5.bootdev.part_4 "); + ut_assert_nextlinen(" 1 cros ready mmc 2 mmc5.bootdev.part_2 "); + ut_assert_nextlinen(" 2 cros ready mmc 4 mmc5.bootdev.part_4 "); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(3 bootflows, 3 valid)"); @@ -1346,7 +1348,7 @@ static int bootflow_android_image_v4(struct unit_test_state *uts) ut_assert_nextlinen("Seq"); ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); - ut_assert_nextlinen(" 1 android ready mmc 0 mmc7.bootdev.whole "); + ut_assert_nextlinen(" 1 android ready mmc 0 mmc7.bootdev.whole "); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(2 bootflows, 2 valid)"); @@ -1369,7 +1371,7 @@ static int bootflow_android_image_v2(struct unit_test_state *uts) ut_assert_nextlinen("Seq"); ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); - ut_assert_nextlinen(" 1 android ready mmc 0 mmc8.bootdev.whole "); + ut_assert_nextlinen(" 1 android ready mmc 0 mmc8.bootdev.whole "); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(2 bootflows, 2 valid)"); @@ -1415,9 +1417,9 @@ static int bootflow_efi(struct unit_test_state *uts) ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); ut_assert_nextlinen( - " 1 efi ready usb 1 hub1.p2.usb_mass_storage. /EFI/BOOT/BOOTSBOX.EFI"); + " 1 efi ready usb 1 hub1.p2.usb_mass_storage. /EFI/BOOT/BOOTSBOX.EFI"); ut_assert_nextlinen( - " 2 extlinux ready usb 1 hub1.p4.usb_mass_storage. /extlinux/extlinux.conf"); + " 2 extlinux ready usb 1 hub1.p4.usb_mass_storage. /extlinux/extlinux.conf"); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(3 bootflows, 3 valid)"); ut_assert_console_end(); -- 2.43.0