luks-device-mapping-with-options breaks bootloader

  • Open
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Tadhg McDonald-Jensen
Owner
unassigned
Submitted by
Tadhg McDonald-Jensen
Severity
important
T
T
Tadhg McDonald-Jensen wrote on 7 May 20:54 +0200
(address . bug-guix@gnu.org)
CAP5DvDj1Xgkr5Mzy2XEzj6O86Nm=Z=hczhKQpCYKhV8Z7mg=BA@mail.gmail.com
using the `luks-device-mapping-with-options` mapped device type defined in
(gnu system mapped-devices) causes grub or other bootloaders to not
properly attempt to mount the encrypted drive. This is caused by the
commit 39a9404 which identifies luks mapped devices by checking if the type
is equal to `luks-device-mapping`, so by using a different routine that is
a proxy to that one it doesn't forward it to grub in the
store-crypto-devices list.

For anyone who finds this before it is fixed, you can boot your device by
hitting 'c' in grub and typing these commands:
grub> insmod luks
grub> insmod luks2
grub> cryptomount (XXX)
grub> set root=(crypto)
grub> configfile (YYY)/grub/grub.cfg

Where (XXX) is the encrypted partition and (YYY) is the boot partition with
the grub config, these can be found by doing `ls` command.
Attachment: file
L
L
Ludovic Courtès wrote on 25 May 11:40 +0200
control message for bug #70826
(address . control@debbugs.gnu.org)
87le3y2psc.fsf@gnu.org
severity 70826 important
quit
L
L
Ludovic Courtès wrote on 25 May 11:47 +0200
Re: bug#70826: luks-device-mapping-with-options breaks bootloader
(name . Tadhg McDonald-Jensen)(address . tadhgmister@gmail.com)(address . 70826@debbugs.gnu.org)
87ikz22pgo.fsf@gnu.org
Hi,

Tadhg McDonald-Jensen <tadhgmister@gmail.com> skribis:

Toggle quote (8 lines)
> using the `luks-device-mapping-with-options` mapped device type defined in
> (gnu system mapped-devices) causes grub or other bootloaders to not
> properly attempt to mount the encrypted drive. This is caused by the
> commit 39a9404 which identifies luks mapped devices by checking if the type
> is equal to `luks-device-mapping`, so by using a different routine that is
> a proxy to that one it doesn't forward it to grub in the
> store-crypto-devices list.

Ouch, indeed. The immediate fix is:
Toggle diff (21 lines)
diff --git a/gnu/system.scm b/gnu/system.scm
index c76f4d7c502..bb851b1b75f 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -667,10 +667,13 @@ (define (operating-system-boot-mapped-devices os)
(define operating-system-bootloader-crypto-devices
(mlambdaq (os) ;to avoid duplicated output
"Return the sources of the LUKS mapped devices specified by UUID."
+ (define (luks-device? m)
+ (memq (mapped-device-type m)
+ (list luks-device-mapping-with-options
+ luks-device-mapping)))
+
;; XXX: Device ordering is important, we trust the returned one.
- (let* ((luks-devices (filter (lambda (m)
- (eq? luks-device-mapping
- (mapped-device-type m)))
+ (let* ((luks-devices (filter luks-device?
(operating-system-boot-mapped-devices os)))
(uuid-crypto-devices non-uuid-crypto-devices
(partition (compose uuid? mapped-device-source)
Not ideal, but it fixes the problem.

I’ll go ahead with this patch if there are no objections.

Thanks!

Ludo’.
T
T
Tadhg McDonald-Jensen wrote on 25 May 16:30 +0200
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 70826@debbugs.gnu.org)
ecfd1524-9d20-491c-b2be-8b7122c28d71@gmail.com
That unfortunately doesn't fix the problem,
`luks-device-mapping-with-options` is a routine that returns the
`mapped-device-kind` so it won't check by equality.

A possible solution is to check whether the `mapped-device-kind-close`
routines are the same as these are shared.


Toggle diff (79 lines)
diff --git a/gnu/system.scm b/gnu/system.scm
index cb6e719ca6..b564bf3788 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -661,10 +661,12 @@ (define (operating-system-boot-mapped-devices os)
(define operating-system-bootloader-crypto-devices
(mlambdaq (os) ;to avoid duplicated output
"Return the sources of the LUKS mapped devices specified by UUID."
+ (define (luks-device? m)
+ (eq? (mapped-device-kind-close (mapped-device-type m))
+ (mapped-device-kind-close luks-device-mapping)))
+
;; XXX: Device ordering is important, we trust the returned one.
- (let* ((luks-devices (filter (lambda (m)
- (eq? luks-device-mapping
- (mapped-device-type m)))
+ (let* ((luks-devices (filter luks-device?
(operating-system-boot-mapped-devices
os)))
(uuid-crypto-devices non-uuid-crypto-devices
(partition (compose uuid?
mapped-device-source)



(I apologize if my email client is adding line wraps to the diffs, I
will look into it after sending this)

I tried to implement this initially but it didn't work on my previous
attempt so I abandoned trying to submit a patch, but this version does
do the trick even if it seems inelegant.

On 2024-05-25 5:47 a.m., Ludovic Courtès wrote:
> Hi,
>
> Tadhg McDonald-Jensen <tadhgmister@gmail.com> skribis:
>
>> using the `luks-device-mapping-with-options` mapped device type defined in
>> (gnu system mapped-devices) causes grub or other bootloaders to not
>> properly attempt to mount the encrypted drive. This is caused by the
>> commit 39a9404 which identifies luks mapped devices by checking if the type
>> is equal to `luks-device-mapping`, so by using a different routine that is
>> a proxy to that one it doesn't forward it to grub in the
>> store-crypto-devices list.
>
> Ouch, indeed. The immediate fix is:
>
>
> diff --git a/gnu/system.scm b/gnu/system.scm
> index c76f4d7c502..bb851b1b75f 100644
> --- a/gnu/system.scm
> +++ b/gnu/system.scm
> @@ -667,10 +667,13 @@ (define (operating-system-boot-mapped-devices os)
> (define operating-system-bootloader-crypto-devices
> (mlambdaq (os) ;to avoid duplicated output
> "Return the sources of the LUKS mapped devices specified by UUID."
> + (define (luks-device? m)
> + (memq (mapped-device-type m)
> + (list luks-device-mapping-with-options
> + luks-device-mapping)))
> +
> ;; XXX: Device ordering is important, we trust the returned one.
> - (let* ((luks-devices (filter (lambda (m)
> - (eq? luks-device-mapping
> - (mapped-device-type m)))
> + (let* ((luks-devices (filter luks-device?
> (operating-system-boot-mapped-devices os)))
> (uuid-crypto-devices non-uuid-crypto-devices
> (partition (compose uuid? mapped-device-source)
>
>
>
> Not ideal, but it fixes the problem.
>
> I’ll go ahead with this patch if there are no objections.
>
> Thanks!
>
> Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 70826@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 70826
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch