From patchwork Tue Nov 11 12:41:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 47 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864916; bh=R3E2d/dscCRdsf7g7vbEPwImUlTs+BEvdyAugd2TjyE=; h=From:To:Date:CC:Subject:List-Id:List-Archive:List-Help:List-Owner: List-Post:List-Subscribe:List-Unsubscribe:From; b=frHEUMsnUZGIpIQc03KQDzvpbV5IzEYT9mShSkmWpcZxeltYgyMYdnCT6ulqQ1iIQ PXtoBsxrO76hnupOzIoRAbqpt091m45W739Okw4rgmkS4uDZrci1NTgJU29vWSDzA6 djLzyXB5SNNmocUCf0wSDZ4ln9wMB/y/YETveSPgrTydepmk3ZgErKQbzNsErjM8WV pwXMQbS9/QqHeb/BmeSLQpgYK5UOanwjIxqOFUfwPV2glU5G431MyfFDbWlHG2BB3W 7uUrUsaxOklXs6KGt9p2XFGd/VBEky0PHU3+DZg1gtUD3+uUoXMbX0oqe43sockMwg fqGSkaUZlWJ6g== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 062C0684C8 for ; Tue, 11 Nov 2025 05:41:56 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id s8wt08eGiz-G for ; Tue, 11 Nov 2025 05:41:55 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864915; bh=R3E2d/dscCRdsf7g7vbEPwImUlTs+BEvdyAugd2TjyE=; h=From:To:Date:CC:Subject:List-Id:List-Archive:List-Help:List-Owner: List-Post:List-Subscribe:List-Unsubscribe:From; b=EUpzMBA9aWFlJCtgxXof0R7Bc/VRAS1pHyGEzJ025kXlKiZNnsApRdgIldO7SnycI d3/kzC4nb6s9pFVzOECGbfXEe9TfCdSF9/35NIid5ewuYVjrgdmqfvVbvJCE2JKx5M WlcfdEa28kOhaGwzZJJZqZApKYZyuLQkOu6ip6iNZLAMJbVLZBMJY1kYQ6L4szL28f +K3DXmkK1Z1zaNUS1iXKfKR3UQ2tIop6+AedlFpbDPGG0Lngkrx3ONRFSrc0gE3f+3 A51gasC/3IGUg2FgJW6ioDjRlB4sYrsNbW8/QrzKHd/JSQY+L2TZ2SXMLJ9p+W/jGD PcYJDkNCaFi9Q== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id E7D9068484 for ; Tue, 11 Nov 2025 05:41:55 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864911; bh=hyj+GmWhOXl+MVhK/AzuAteXjjqMqOz0aw5QKwmNOuU=; h=From:To:Cc:Subject:Date:From; b=fE32yVPlkH+wIN77cnVhDM7VheGFxWf8xwCJiCJGeUXwe7juWFEixmXI98rQ0/utz Ra+R094Tra2KEubWqT7ZOTlVZy8yK9gUpZtPC5uIQp/I+lbBn9OogcpHwmoxs3VDHY PgTYEJJSTXA1pq2c/UqI2R3b5LUb1MhGkCbm6SYvhRMzHJWOvgHMF8Qk5FOgII1/FY 6CIaXsxy0DnKFVoVQsDGZNwVmTYEzf7pU0419jluWaKxyFkQRGyFPpqzmjvsewO/ex RL15oQ/kT5zKhd3RjDKXVLl1TZpJhScDHSbYH0eOYd2SabUmiE0qBpSL7pEd6270t5 +E0srz/73mRig== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 90A9268498; Tue, 11 Nov 2025 05:41:51 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id 1DAVrP41Qskn; Tue, 11 Nov 2025 05:41:51 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864907; bh=5rF8zit0Rmai+kmhVeFAnJbTQSW4EEsfyrsDasbxGEA=; h=From:To:Cc:Subject:Date:From; b=pANBhwqmHNRZP7zfT3iAr1KLcxSAO51yyH5KsR1m4HpryDgqwVUiwuUIzqZXS7ceK Ap84hTvGKST+IRj3hSGp6HK52//LKaP7xrt7Pi9hn6uEwbbecBN6yvvRSrcTb7wJJ6 DBvWK+nZ0/cF86IonZF10IGs3UZtghel9s+RgPoSO25f/M5YgJHKWwjRLJQ8syKe91 0Xawf7K70FGuhgarKo3J2Ph4y5IoTF17XJQ6q/6YpaDUQTMDmhS8z6WVwWkcW+RL1M xbd1kObbId1nZGBCOmCmESuJDE7lZ//vGMN2eHWJV1MMxgtCKRRfT98pVNAI3WCIPQ 7rdxvC2HYIlBQ== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id DC6B26841A; Tue, 11 Nov 2025 05:41:46 -0700 (MST) From: Simon Glass To: U-Boot Concept Date: Tue, 11 Nov 2025 05:41:06 -0700 Message-ID: <20251111124131.1198930-1-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Message-ID-Hash: NDL66ZZSUJ32U24P2V3MVA3QTSG6P4HE X-Message-ID-Hash: NDL66ZZSUJ32U24P2V3MVA3QTSG6P4HE X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt , Simon Glass X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 00/15] luks: Provide support for LUKSv2 List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass Modern systems mostly use LUKSv2 as it is more secure that v1. This series provides an implementation of this feature, making use of the existing 'luks unlock' command. One interesting part of this series is a converter from JSON to FDT, so that U-Boot's existing ofnode interface can be used to access the hierarchical data in JSON text. This obviously results in quite a bit of new code, but it is more robust than trying to parse the text directly using strstr(), etc. The choice of JSON for LUKS was presumably made with larger code bases in mind, rather than a firmware implementation. Simon Glass (15): mbedtls: Allow use of XTS functions mbedtls: Allow use of base64 test: Check for null string in assert functions json: Provide a way to convert JSON to FDT lib: Bring in argon2 library lib: Adapt argon2 library for U-Boot lib: Plumb in argon2 library test: Shorten the encrypt_passphrase parameter for FsHelper test: Add a way to create a LUKS2 partition with XTS test: Switch mmc12 over to use argon2id luks: Export the af_merge() function luks: Tidy up the code style in the block driver luks: Provide an implementation of luks2 luks: Enable LUKSv2 support in the luks command luks: Update docs and tests for LUKSv2 cmd/luks.c | 5 +- configs/sandbox_defconfig | 4 +- doc/usage/cmd/luks.rst | 42 +- doc/usage/luks.rst | 302 +++++++-- drivers/block/Makefile | 2 +- drivers/block/luks.c | 233 +++++-- drivers/block/luks2.c | 974 +++++++++++++++++++++++++++ drivers/block/luks_internal.h | 43 ++ drivers/misc/Kconfig | 2 +- fs/btrfs/Kconfig | 2 +- include/argon2.h | 448 ++++++++++++ include/json.h | 34 + include/luks.h | 4 +- include/test/ut.h | 28 +- lib/Kconfig | 14 +- lib/Makefile | 4 + lib/argon2/Makefile | 10 + lib/argon2/argon2_wrapper.c | 469 +++++++++++++ lib/argon2/blake2/blake2-impl.h | 156 +++++ lib/argon2/blake2/blake2.h | 90 +++ lib/argon2/blake2/blake2b.c | 391 +++++++++++ lib/argon2/blake2/blamka-round-ref.h | 57 ++ lib/argon2/core.c | 616 +++++++++++++++++ lib/argon2/core.h | 229 +++++++ lib/argon2/ref.c | 195 ++++++ lib/json.c | 612 ++++++++++++++++- lib/mbedtls/Makefile | 5 + lib/mbedtls/mbedtls_def_config.h | 8 + test/boot/luks.c | 29 + test/lib/json.c | 337 ++++++++- test/py/img/common.py | 9 +- test/py/img/ubuntu.py | 6 +- test/py/tests/fs_helper.py | 52 +- test/py/tests/test_ut.py | 3 +- 34 files changed, 5256 insertions(+), 159 deletions(-) create mode 100644 drivers/block/luks2.c create mode 100644 drivers/block/luks_internal.h create mode 100644 include/argon2.h create mode 100644 lib/argon2/Makefile create mode 100644 lib/argon2/argon2_wrapper.c create mode 100644 lib/argon2/blake2/blake2-impl.h create mode 100644 lib/argon2/blake2/blake2.h create mode 100644 lib/argon2/blake2/blake2b.c create mode 100644 lib/argon2/blake2/blamka-round-ref.h create mode 100644 lib/argon2/core.c create mode 100644 lib/argon2/core.h create mode 100644 lib/argon2/ref.c