diff mbox series

[Concept,15/16] boot: Show an indication for encrypted bootflows

Message ID 20251115185212.539268-16-sjg@u-boot.org
State New
Headers
Series Continue TKey development |

Commit Message

Simon Glass Nov. 15, 2025, 6:52 p.m. UTC 
  From: Simon Glass <simon.glass@canonical.com>

We don't support storing the OS on an encrypted partition, but in some
cases the root partition may be encrypted. Add an indication of this
when listing the bootflows.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 boot/bootflow.c      |  5 +++--
 cmd/bootflow.c       | 15 ++++++++++++---
 include/bootflow.h   |  4 ++++
 test/boot/bootflow.c | 44 +++++++++++++++++++++++---------------------
 4 files changed, 42 insertions(+), 26 deletions(-)
diff mbox series

Patch

diff --git a/boot/bootflow.c b/boot/bootflow.c
index 30e0644a09e..0c389f78a28 100644
--- a/boot/bootflow.c
+++ b/boot/bootflow.c
@@ -108,11 +108,12 @@  static void report_bootflow_err(struct bootflow *bflow, int err)
 void bootflow_show(int index, struct bootflow *bflow, bool errors)
 {
 	const char *name = bootflow_guess_label(bflow);
+	char enc_mark = (bflow->flags & BOOTFLOWF_ENCRYPTED) ? 'E' : ' ';
 
-	printf("%3x  %-11s  %-6s  %-9.9s %4x  %-25.25s %s\n", index,
+	printf("%3x  %-11s  %-6s  %-9.9s %4x  %c  %-25.25s %s\n", index,
 	       bflow->method ? bflow->method->name : "(none)",
 	       bootflow_state_get_name(bflow->state), name, bflow->part,
-	       bflow->name, bflow->fname ?: "");
+	       enc_mark, bflow->name, bflow->fname ?: "");
 	if (errors)
 		report_bootflow_err(bflow, bflow->err);
 }
diff --git a/cmd/bootflow.c b/cmd/bootflow.c
index caff52fcc7c..93c1acb4f51 100644
--- a/cmd/bootflow.c
+++ b/cmd/bootflow.c
@@ -20,13 +20,13 @@ 
 
 static void show_header(void)
 {
-	printf("Seq  Method       State   Uclass    Part  Name                      Filename\n");
-	printf("---  -----------  ------  --------  ----  ------------------------  ----------------\n");
+	printf("Seq  Method       State   Uclass    Part  E  Name                      Filename\n");
+	printf("---  -----------  ------  --------  ----  -  ------------------------  ----------------\n");
 }
 
 static void show_footer(int count, int num_valid)
 {
-	printf("---  -----------  ------  --------  ----  ------------------------  ----------------\n");
+	printf("---  -----------  ------  --------  ----  -  ------------------------  ----------------\n");
 	printf("(%d bootflow%s, %d valid)\n", count, count != 1 ? "s" : "",
 	       num_valid);
 }
@@ -370,6 +370,15 @@  static int do_bootflow_info(struct cmd_tbl *cmdtp, int flag, int argc,
 	printf("Method:    %s\n", bflow->method ? bflow->method->name : "(none)");
 	printf("State:     %s\n", bootflow_state_get_name(bflow->state));
 	printf("Partition: %d\n", bflow->part);
+
+	/* Show encryption status with LUKS version if applicable */
+	if (IS_ENABLED(CONFIG_BLK_LUKS)) {
+		if (bflow->flags & BOOTFLOWF_ENCRYPTED)
+			printf("Encrypted: LUKSv%d\n", bflow->luks_version);
+		else
+			printf("Encrypted: no\n");
+	}
+
 	printf("Subdir:    %s\n", bflow->subdir ? bflow->subdir : "(none)");
 	printf("Filename:  %s\n", bflow->fname);
 	printf("Buffer:    ");
diff --git a/include/bootflow.h b/include/bootflow.h
index 3a5c7bce847..82ebef2c5c8 100644
--- a/include/bootflow.h
+++ b/include/bootflow.h
@@ -55,12 +55,14 @@  enum bootflow_state_t {
  * @BOOTFLOWF_USE_BUILTIN_FDT: Indicates that current bootflow uses built-in FDT
  * @BOOTFLOWF_FAKE_GO: Do a 'fake' boot, up to the last possible point, then
  * return
+ * @BOOTFLOWF_ENCRYPTED: Indicates that the partition is encrypted (e.g., LUKS)
  */
 enum bootflow_flags_t {
 	BOOTFLOWF_USE_PRIOR_FDT		= BIT(0),
 	BOOTFLOWF_STATIC_BUF		= BIT(1),
 	BOOTFLOWF_USE_BUILTIN_FDT	= BIT(2),
 	BOOTFLOWF_FAKE_GO		= BIT(3),
+	BOOTFLOWF_ENCRYPTED		= BIT(4),
 };
 
 /**
@@ -93,6 +95,7 @@  enum bootflow_flags_t {
  * @fdt_size: Size of FDT file
  * @fdt_addr: Address of loaded fdt
  * @flags: Flags for the bootflow (see enum bootflow_flags_t)
+ * @luks_version: LUKS version (1 or 2) if BOOTFLOWF_ENCRYPTED is set, else 0
  * @cmdline: OS command line, or NULL if not known (allocated)
  * @x86_setup: Pointer to x86 setup block inside @buf, NULL if not present
  * @bootmeth_priv: Private data for the bootmeth
@@ -118,6 +121,7 @@  struct bootflow {
 	int fdt_size;
 	ulong fdt_addr;
 	int flags;
+	int luks_version;
 	char *cmdline;
 	void *x86_setup;
 	void *bootmeth_priv;
diff --git a/test/boot/bootflow.c b/test/boot/bootflow.c
index 7baff4b0b0d..a1390ad9a6d 100644
--- a/test/boot/bootflow.c
+++ b/test/boot/bootflow.c
@@ -40,8 +40,8 @@  extern U_BOOT_DRIVER(bootmeth_2script);
 static u16 __efi_runtime_data test_vendor[] = u"U-Boot testing";
 
 /* comment test strings */
-#define HEADER	"Seq  Method       State   Uclass    Part  Name                      Filename"
-#define EXT0	"  0  extlinux     ready   mmc          1  mmc1.bootdev.part_1       /extlinux/extlinux.conf"
+#define HEADER	"Seq  Method       State   Uclass    Part  E  Name                      Filename"
+#define EXT0	"  0  extlinux     ready   mmc          1     mmc1.bootdev.part_1       /extlinux/extlinux.conf"
 
 static int inject_response(struct unit_test_state *uts)
 {
@@ -194,28 +194,28 @@  static int bootflow_cmd_scan_e(struct unit_test_state *uts)
 	ut_assert_nextline(HEADER);
 	ut_assert_nextlinen("---");
 	ut_assert_nextline("Scanning bootdev 'mmc2.bootdev':");
-	ut_assert_nextline("  0  extlinux     media   mmc          0  mmc2.bootdev.whole        ");
+	ut_assert_nextline("  0  extlinux     media   mmc          0     mmc2.bootdev.whole        ");
 	ut_assert_nextline("     ** No partition found, err=-93: Protocol not supported");
-	ut_assert_nextline("  1  efi          media   mmc          0  mmc2.bootdev.whole        ");
+	ut_assert_nextline("  1  efi          media   mmc          0     mmc2.bootdev.whole        ");
 	ut_assert_nextline("     ** No partition found, err=-93: Protocol not supported");
-	ut_assert_nextline("  2  vbe          media   mmc          0  mmc2.bootdev.whole        ");
+	ut_assert_nextline("  2  vbe          media   mmc          0     mmc2.bootdev.whole        ");
 	ut_assert_nextline("     ** No partition found, err=-93: Protocol not supported");
 
 	ut_assert_nextline("Scanning bootdev 'mmc1.bootdev':");
-	ut_assert_nextline("  3  extlinux     media   mmc          0  mmc1.bootdev.whole        ");
+	ut_assert_nextline("  3  extlinux     media   mmc          0     mmc1.bootdev.whole        ");
 	ut_assert_nextline("     ** No partition found, err=-2: No such file or directory");
-	ut_assert_nextline("  4  efi          media   mmc          0  mmc1.bootdev.whole        ");
+	ut_assert_nextline("  4  efi          media   mmc          0     mmc1.bootdev.whole        ");
 	ut_assert_nextline("     ** No partition found, err=-2: No such file or directory");
-	ut_assert_nextline("  5  vbe          media   mmc          0  mmc1.bootdev.whole        ");
+	ut_assert_nextline("  5  vbe          media   mmc          0     mmc1.bootdev.whole        ");
 	ut_assert_nextline("     ** No partition found, err=-2: No such file or directory");
-	ut_assert_nextline("  6  extlinux     ready   mmc          1  mmc1.bootdev.part_1       /extlinux/extlinux.conf");
+	ut_assert_nextline("  6  extlinux     ready   mmc          1     mmc1.bootdev.part_1       /extlinux/extlinux.conf");
 	ut_assert_nextline(
-		"  7  efi          fs      mmc          1  mmc1.bootdev.part_1       /EFI/BOOT/%s",
+		"  7  efi          fs      mmc          1     mmc1.bootdev.part_1       /EFI/BOOT/%s",
 		efi_get_basename());
 
 	ut_assert_skip_to_line("Scanning bootdev 'mmc0.bootdev':");
 	ut_assert_skip_to_line(
-		" 5f  vbe          media   mmc          0  mmc0.bootdev.whole        ");
+		" 5f  vbe          media   mmc          0     mmc0.bootdev.whole        ");
 	ut_assert_nextline("     ** No partition found, err=-93: Protocol not supported");
 	ut_assert_nextline("No more bootdevs");
 	ut_assert_nextlinen("---");
@@ -226,9 +226,9 @@  static int bootflow_cmd_scan_e(struct unit_test_state *uts)
 	ut_assert_nextline("Showing all bootflows");
 	ut_assert_nextline(HEADER);
 	ut_assert_nextlinen("---");
-	ut_assert_nextline("  0  extlinux     media   mmc          0  mmc2.bootdev.whole        ");
-	ut_assert_nextline("  1  efi          media   mmc          0  mmc2.bootdev.whole        ");
-	ut_assert_skip_to_line(" 5f  vbe          media   mmc          0  mmc0.bootdev.whole        ");
+	ut_assert_nextline("  0  extlinux     media   mmc          0     mmc2.bootdev.whole        ");
+	ut_assert_nextline("  1  efi          media   mmc          0     mmc2.bootdev.whole        ");
+	ut_assert_skip_to_line(" 5f  vbe          media   mmc          0     mmc0.bootdev.whole        ");
 	ut_assert_nextlinen("---");
 	ut_assert_nextline("(96 bootflows, 1 valid)");
 	ut_assert_console_end();
@@ -253,6 +253,8 @@  static int bootflow_cmd_info(struct unit_test_state *uts)
 	ut_assert_nextline("Method:    extlinux");
 	ut_assert_nextline("State:     ready");
 	ut_assert_nextline("Partition: 1");
+	if (IS_ENABLED(CONFIG_BLK_LUKS))
+		ut_assert_nextline("Encrypted: no");
 	ut_assert_nextline("Subdir:    (none)");
 	ut_assert_nextline("Filename:  /extlinux/extlinux.conf");
 	ut_assert_nextlinen("Buffer:    ");
@@ -503,7 +505,7 @@  static int bootflow_system(struct unit_test_state *uts)
 	bootstd_clear_glob();
 	ut_assertok(run_command("bootflow scan -lH", 0));
 	ut_assert_skip_to_line(
-		"  1  efi_mgr      ready   (none)       0  <NULL>                    ");
+		"  1  efi_mgr      ready   (none)       0     <NULL>                    ");
 	ut_assert_skip_to_line("No more bootdevs");
 	ut_assert_skip_to_line("(2 bootflows, 2 valid)");
 	ut_assert_console_end();
@@ -1309,8 +1311,8 @@  static int bootflow_cros(struct unit_test_state *uts)
 	ut_assert_nextlinen("Seq");
 	ut_assert_nextlinen("---");
 	ut_assert_nextlinen("  0  extlinux");
-	ut_assert_nextlinen("  1  cros         ready   mmc          2  mmc5.bootdev.part_2       ");
-	ut_assert_nextlinen("  2  cros         ready   mmc          4  mmc5.bootdev.part_4       ");
+	ut_assert_nextlinen("  1  cros         ready   mmc          2     mmc5.bootdev.part_2       ");
+	ut_assert_nextlinen("  2  cros         ready   mmc          4     mmc5.bootdev.part_4       ");
 	ut_assert_nextlinen("---");
 	ut_assert_skip_to_line("(3 bootflows, 3 valid)");
 
@@ -1346,7 +1348,7 @@  static int bootflow_android_image_v4(struct unit_test_state *uts)
 	ut_assert_nextlinen("Seq");
 	ut_assert_nextlinen("---");
 	ut_assert_nextlinen("  0  extlinux");
-	ut_assert_nextlinen("  1  android      ready   mmc          0  mmc7.bootdev.whole        ");
+	ut_assert_nextlinen("  1  android      ready   mmc          0     mmc7.bootdev.whole        ");
 	ut_assert_nextlinen("---");
 	ut_assert_skip_to_line("(2 bootflows, 2 valid)");
 
@@ -1369,7 +1371,7 @@  static int bootflow_android_image_v2(struct unit_test_state *uts)
 	ut_assert_nextlinen("Seq");
 	ut_assert_nextlinen("---");
 	ut_assert_nextlinen("  0  extlinux");
-	ut_assert_nextlinen("  1  android      ready   mmc          0  mmc8.bootdev.whole        ");
+	ut_assert_nextlinen("  1  android      ready   mmc          0     mmc8.bootdev.whole        ");
 	ut_assert_nextlinen("---");
 	ut_assert_skip_to_line("(2 bootflows, 2 valid)");
 
@@ -1415,9 +1417,9 @@  static int bootflow_efi(struct unit_test_state *uts)
 	ut_assert_nextlinen("---");
 	ut_assert_nextlinen("  0  extlinux");
 	ut_assert_nextlinen(
-		"  1  efi          ready   usb          1  hub1.p2.usb_mass_storage. /EFI/BOOT/BOOTSBOX.EFI");
+		"  1  efi          ready   usb          1     hub1.p2.usb_mass_storage. /EFI/BOOT/BOOTSBOX.EFI");
 	ut_assert_nextlinen(
-		"  2  extlinux     ready   usb          1  hub1.p4.usb_mass_storage. /extlinux/extlinux.conf");
+		"  2  extlinux     ready   usb          1     hub1.p4.usb_mass_storage. /extlinux/extlinux.conf");
 	ut_assert_nextlinen("---");
 	ut_assert_skip_to_line("(3 bootflows, 3 valid)");
 	ut_assert_console_end();