diff options
author | Glenn Washburn <development@efficientek.com> | 2022-07-22 03:04:50 -0500 |
---|---|---|
committer | Daniel Kiper <daniel.kiper@oracle.com> | 2022-08-10 14:24:46 +0200 |
commit | a768876c0df0c9258e9c7502cdb54675eeb5f7ec (patch) | |
tree | 846f2ff9034b5b966b575111f27c9add8b4552b6 | |
parent | 294c0501e918c4bdea2f9fba02564865b1714655 (diff) | |
download | grub-a768876c0df0c9258e9c7502cdb54675eeb5f7ec.tar.gz |
disk/luks2: Continue trying all keyslots even if there are some failures
luks2_get_keyslot() can fail for a variety of reasons that do not necessarily
mean the next keyslot should not be tried (e.g. a new kdf type). So always
try the next slot. This will make GRUB more resilient to non-spec json data
that 3rd party systems may add. We do not care if some of the keyslots are
unusable, only if there is at least one that is.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
-rw-r--r-- | grub-core/disk/luks2.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index bf741d70f..5b3b36c8a 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -610,7 +610,15 @@ luks2_recover_key (grub_disk_t source, grub_errno = GRUB_ERR_NONE; ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, json_idx); if (ret) - goto err; + { + /* + * luks2_get_keyslot() can fail for a variety of reasons that do not + * necessarily mean the next keyslot should not be tried (e.g. a new + * kdf type). So always try the next slot. + */ + grub_dprintf ("luks2", "Failed to get keyslot %" PRIuGRUB_UINT64_T "\n", keyslot.idx); + continue; + } if (grub_errno != GRUB_ERR_NONE) grub_dprintf ("luks2", "Ignoring unhandled error %d from luks2_get_keyslot\n", grub_errno); |