From patchwork Fri Oct 31 06:54:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 670 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893788; bh=hKapjywgMB78wct1rF3NBXUSrIqHVEI91SGCyfmpXmQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=cWnZ90DiFQRf7sar02eBdIB4dJQoMabzujzlA29pl1LF1mjjCFqGnm4fEHhmrx8ZE hIK8S5EIbNKtizLPZWEIsEf6xTmE9j7Vm+przhP+jVHQYJIjpPzRJjamIkjK9+fkfT GxkQ52lj02Vac8kYuyFfh1ihPelPeJwb7FY/gaCXib80KoTTwsW++/d1kbaR9uLCUR sTJEE+VdKkTWhLA45LnARWloXfoTr8Ofo5L5lBBs7myl9Pc9hFa35AdA6MUk9vA8O0 4AgN6gjSmcyxzdm2nPYBklnTujfCp+Hp+GasGr4n1k7llagAJ3RKiwrx+xFfN1xibu 4z+R4HLjA4ooA== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id D612E68397 for ; Fri, 31 Oct 2025 00:56:28 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id Kon4aGNXw1d0 for ; Fri, 31 Oct 2025 00:56:28 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893786; bh=hKapjywgMB78wct1rF3NBXUSrIqHVEI91SGCyfmpXmQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=PEeTN7tfWB0UVn4gEco6lpQD1h0CgTtbctC24JpRg+dhLDs+xoN3kKfU/3LqG+Q+J /Q5y1sIpSXbfWV09fX/Va2/u5mBkP0bx6rJP5ep00IQR41GXXn2LNBlQDhELtdfNR5 bMvqtCq28XzxT0rWTmY+f2vQlr4KwRMHwwv9KOuKXpJ0D6OpLgnV1y0jvrKeADObz3 JJ/V3L3uIjb65zJHJJ8ASedMt8LKgh5p2Y1I5tp5nO4sxhYAHfqu/2ggIrOp3JvIYF rWYihfRaWG0VzKhTFIuaPLN78aNdylYkQWq1Cpk7aVrhUaLD0bXbILJEkXWInMBSTt NJxZnlAHj36CA== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id CEC5D5FBA9 for ; Fri, 31 Oct 2025 00:56:26 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893783; bh=0jOPJKeHfgLnwCIuuginjo74GdcQiP7hh8ghXrHf8tM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=v1eKLBZw15qVjUyA5p3qNDhHsyxSwKriYlHmBZVLlt0pCcMSm8j7g/9RBKl8m/DAe U3Oq3pWMgqKZBCJoJ2teFYYIIXqiY2u08igS3J/81H7fUix3Fgm+igXiLiaRBr6yen SpHNQfu8+9Hb1v25QZXYuWz8tZeD1LQk3xKGB6KweSzl5RhJSIPn/cTYN/hzTJRrdH 65wNn4qVstlcoz+G750oCd+hhAZY6j6GcLoqeRJxvJq8PPXcjuqm5MYVo3Mh/yi3Ml SO8t+OrSwUy88mR45fFXLUdqaYzbIWrCrG0QuPMw6xYoRHPYqGiv86HvoyVnD2JoYr Wgbc3OLGzSXfg== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id E5B5C5FBA9; Fri, 31 Oct 2025 00:56:23 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id GGIJaeexQPyj; Fri, 31 Oct 2025 00:56:23 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1761893783; bh=8Z72hCNuIEkhX6BYJjldXjJt2BRFcwb5+aOgcogORm8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DPKzMd0hz4hF6pWkZqPlQ/iUMVZ+zAY5USgYHbVe4RqRuUYGmIaWJChNBRoGhgLst jjKrbxNaezw/ABfF+JjoqorKIC+K47+WWfyG7nPaf+HtrGxclsJSseYLkMMoYho8dd LR44dPFfgDNb7CYupXmGDMGGudoq0Qpn2iEUR2yVraTe3vIfy0zl27YgVxupo7saP/ axhIwZyfZD2FvjmLoNcEabuZ6oMTsPZZuzXlT2ct3spkSnYy2I5yllYgK1eSad6uV0 TWeeoav2/cQXLQPzGuqgGYsS8WKeeFoKgV6hjVJidLOiGLIHDBgcTvVgiQKtS/TlTs AfwjKjlBNFTuw== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id BF42A682E9; Fri, 31 Oct 2025 00:56:22 -0600 (MDT) From: Simon Glass To: U-Boot Concept Date: Fri, 31 Oct 2025 00:54:16 -0600 Message-ID: <20251031065439.3251464-21-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251031065439.3251464-1-sjg@u-boot.org> References: <20251031065439.3251464-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: BEDQVWAU6C7ZFPM5ZOOCUYW6C6TCLF73 X-Message-ID-Hash: BEDQVWAU6C7ZFPM5ZOOCUYW6C6TCLF73 X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Simon Glass , Claude X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 20/24] luks: Show the JSON information for LUKSv2 List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass Extract the full information for version 2, which is JSON format. Show this with the 'luks info' command. Use the mmc12 disk to check this. Require the JSON for LUKS. Co-developed-by: Claude Signed-off-by: Simon Glass --- doc/usage/cmd/luks.rst | 29 ++++++++++ drivers/block/Kconfig | 1 + drivers/block/luks.c | 23 ++++++++ test/boot/luks.c | 118 ++++++++++++++++++++++++++++++++++++++--- 4 files changed, 165 insertions(+), 6 deletions(-) diff --git a/doc/usage/cmd/luks.rst b/doc/usage/cmd/luks.rst index b88fcd96439..c3b03eeff2e 100644 --- a/doc/usage/cmd/luks.rst +++ b/doc/usage/cmd/luks.rst @@ -106,6 +106,35 @@ Display LUKS header information for a LUKS2 partition:: Label: Checksum alg: sha256 + JSON metadata (12288 bytes): + { + "keyslots": { + "0": { + "type": "luks2", + "key_size": 64, + "kdf": { + "type": "argon2id", + "time": 6, + "memory": 1048576, + "cpus": 4, + ... + }, + ... + } + }, + "tokens": {}, + "segments": { + "0": { + "type": "crypt", + "offset": "16777216", + "encryption": "aes-xts-plain64", + ... + } + }, + "digests": { ... }, + "config": { ... } + } + Display LUKS header information for a LUKS1 partition:: => luks info mmc 1:1 diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig index b07012ec7c9..34cd2ee8e59 100644 --- a/drivers/block/Kconfig +++ b/drivers/block/Kconfig @@ -278,6 +278,7 @@ config BLK_LUKS select SHA256 select PBKDF2 select PKCS5_MBEDTLS if MBEDTLS_LIB_CRYPTO + select JSON help This provides support for detecting and decrypting LUKS (Linux Unified Key Setup) encrypted partitions. LUKS is a disk encryption specification diff --git a/drivers/block/luks.c b/drivers/block/luks.c index 597359b98ff..c43cb9a3dd3 100644 --- a/drivers/block/luks.c +++ b/drivers/block/luks.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -103,6 +104,28 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo) printf("UUID: %.40s\n", luks2_hdr->uuid); printf("Label: %.48s\n", luks2_hdr->label); printf("Checksum alg: %.32s\n", luks2_hdr->csum_alg); + + if (IS_ENABLED(CONFIG_JSON)) { + u64 json_size; + char *json_start; + int blocks; + + /* Read the full header to get JSON area */ + blocks = (hdr_size + desc->blksz - 1) / desc->blksz; + ALLOC_CACHE_ALIGN_BUFFER(unsigned char, full_hdr, blocks * desc->blksz); + + if (blk_read(blk, pinfo->start, blocks, full_hdr) != blocks) { + printf("Error: failed to read full LUKS2 header\n"); + return -EIO; + } + + /* JSON starts after the 4096-byte binary header */ + json_start = (char *)(full_hdr + 4096); + json_size = hdr_size - 4096; + + printf("\nJSON metadata (%llx bytes):\n", json_size); + json_print_pretty(json_start, (int)json_size); + } } else { printf("Unknown LUKS version\n"); return -EPROTONOSUPPORT; diff --git a/test/boot/luks.c b/test/boot/luks.c index fadd3819ffe..70ee0fb0824 100644 --- a/test/boot/luks.c +++ b/test/boot/luks.c @@ -20,19 +20,49 @@ DECLARE_GLOBAL_DATA_PTR; -/* Common function to setup mmc11 device */ -static int setup_mmc11(struct unit_test_state *uts, struct udevice **mmcp) +/** + * setup_mmc_device() - Set up an MMC device for testing + * + * This function binds and probes an MMC device specified by its device tree + * node name. It is used to prepare MMC devices containing test disk images + * with various configurations (e.g., LUKS1, LUKS2 encryption). + * + * @uts: Unit test state + * @node_name: Name of the device tree node (e.g., "mmc11", "mmc12") + * @mmcp: Returns pointer to the MMC device + * Return: 0 if OK, -ve on error + */ +static int setup_mmc_device(struct unit_test_state *uts, const char *node_name, + struct udevice **mmcp) { + struct udevice *mmc; ofnode root, node; - /* Enable the mmc11 node */ + /* Enable the specified mmc node */ root = oftree_root(oftree_default()); - node = ofnode_find_subnode(root, "mmc11"); + node = ofnode_find_subnode(root, node_name); ut_assert(ofnode_valid(node)); - ut_assertok(lists_bind_fdt(gd->dm_root, node, mmcp, NULL, false)); + ut_assertok(lists_bind_fdt(gd->dm_root, node, &mmc, NULL, false)); /* Probe the device */ - ut_assertok(device_probe(*mmcp)); + ut_assertok(device_probe(mmc)); + *mmcp = mmc; + + return 0; +} + +/* Setup mmc11 device */ +static int setup_mmc11(struct unit_test_state *uts, struct udevice **mmcp) +{ + ut_assertok(setup_mmc_device(uts, "mmc11", mmcp)); + + return 0; +} + +/* Setup mmc12 device */ +static int setup_mmc12(struct unit_test_state *uts, struct udevice **mmcp) +{ + ut_assertok(setup_mmc_device(uts, "mmc12", mmcp)); return 0; } @@ -107,3 +137,79 @@ static int bootstd_test_luks_info(struct unit_test_state *uts) return 0; } BOOTSTD_TEST(bootstd_test_luks_info, UTF_DM | UTF_SCAN_FDT | UTF_CONSOLE); + +/* Test LUKSv2 detection on mmc12 partitions */ +static int bootstd_test_luks2_detect(struct unit_test_state *uts) +{ + struct disk_partition info; + struct blk_desc *desc; + struct udevice *mmc; + int ret; + + ut_assertok(setup_mmc12(uts, &mmc)); + desc = blk_get_by_device(mmc); + ut_assertnonnull(desc); + ut_assertnonnull(desc->bdev); + + /* Check partition 1 - should NOT be LUKS */ + ut_assertok(part_get_info(desc, 1, &info)); + ret = luks_detect(desc->bdev, &info); + ut_assert(ret < 0); /* Should fail - not LUKS */ + + /* Check partition 2 - should BE LUKS */ + ut_assertok(part_get_info(desc, 2, &info)); + ut_assertok(luks_detect(desc->bdev, &info)); + + /* Verify it's LUKS version 2 */ + ut_asserteq(2, luks_get_version(desc->bdev, &info)); + + return 0; +} +BOOTSTD_TEST(bootstd_test_luks2_detect, UTF_DM | UTF_SCAN_FDT | UTF_CONSOLE); + +/* Test LUKSv2 command on mmc12 partitions */ +static int bootstd_test_luks2_cmd(struct unit_test_state *uts) +{ + struct udevice *mmc; + + ut_assertok(setup_mmc12(uts, &mmc)); + + /* Test partition 1 - should NOT be LUKS */ + ut_asserteq(1, run_command("luks detect mmc c:1", 0)); + ut_assert_nextlinen("Not a LUKS partition (error -"); + ut_assert_console_end(); + + /* Test partition 2 - should BE LUKS */ + ut_assertok(run_command("luks detect mmc c:2", 0)); + ut_assert_nextline("LUKS2 encrypted partition detected"); + ut_assert_console_end(); + + return 0; +} +BOOTSTD_TEST(bootstd_test_luks2_cmd, UTF_DM | UTF_SCAN_FDT | UTF_CONSOLE); + +/* Test LUKSv2 info command on mmc12 partition 2 */ +static int bootstd_test_luks2_info(struct unit_test_state *uts) +{ + struct udevice *mmc; + + ut_assertok(setup_mmc12(uts, &mmc)); + + /* Test partition 2 LUKS info */ + ut_assertok(run_command("luks info mmc c:2", 0)); + ut_assert_nextline("Version: 2"); + ut_assert_nextlinen("Header size:"); + ut_assert_nextlinen("Sequence ID:"); + ut_assert_nextlinen("UUID:"); + ut_assert_nextlinen("Label:"); + ut_assert_nextlinen("Checksum alg:"); + + /* Verify JSON metadata section is present (skip empty line first) */ + ut_assert_skip_to_line(""); + ut_assert_nextlinen("JSON metadata ("); + ut_assert_nextline("{"); + /* JSON output varies and there is little value in checking it here */ + + return 0; +} +BOOTSTD_TEST(bootstd_test_luks2_info, UTF_DM | UTF_SCAN_FDT | UTF_CONSOLE);