From patchwork Sat Nov 15 18:52:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 713 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1763232833; bh=L9MhGMAreRQh57guX4UWKoKNupXPKPdMWruIqZwpDSo=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=P9UrfMaNLcoQ9XUS2ZTrEKmS9kW/fzmbUKiB3QK5EOe4A4FSbCDljIzm4gAJGHur1 8E4x/eNwobnvoMEz0Tu10DYPNoODhiotQk0d2GoEkNu6QnBONgmPX8qIZPwDCCri28 0nGhhu5Lk2RFi621/fRaGLPo4IOTVFqMAF2fuXjng5c2Y1OMZ02I5NeWNm5AsO8XCw La8d2j3Kww4KD5OFCbqHR2Sq0DENWkGiSZC9HCKR+G4ZR41sdXN59yPUm8/PRQoSGn Y0VxKg8Sv0dJKzf+n2T43kGYr7px8sAfoEIClxKevd5svxp8H/xz4jdtP22NJZSxjY Z9zV12+Hyk8/A== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 3A04768570 for ; Sat, 15 Nov 2025 11:53:53 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 3nPziECZ723d for ; Sat, 15 Nov 2025 11:53:53 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1763232831; bh=L9MhGMAreRQh57guX4UWKoKNupXPKPdMWruIqZwpDSo=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=WTJONlp68vfFRwWYJLKFq42++Fh1lWZ1Z/FCSz1aJP/DQqxaLK8hHi29GUU7wsm8W g2agWo6PMd5xhxM0rJ4kdujgvfW6eX/AvY2NMm2MYG/iKsbcaCgHo2DxU9MmyBGxn9 lbI3xG1p8PH9ndb3y+CNyop4cWcK4n5XpCcSIe3qgq04Sm9OutDu3GthBXvpHUZ+05 3V48SYWbCAMdWnJZ2UTGLo1uiK9hKo08AofSL5gsRLKSg8lL1LpnkmVJSD2LslgAtQ vJGFZPsUU9CNe021mTXuKhZs4W1aJOOeUcGhYWljQm3CKO3e7Ge6IsEe7jPRepAkS3 SY4lB+mhEbW6Q== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 35BEA685B1 for ; Sat, 15 Nov 2025 11:53:51 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1763232829; bh=qX9VlkMNEMbUx+k8fBAuUVGo+qEKveQhzDQXia9YwMI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DMepQR0uHVP783wy9QVH1xyOgwclxvtwg8aSKUY9O3sRatd3y0w0OdvHdKoIW2PW0 roCkqelauRxDQzV91tqKwG1UhJ2KhSIX+9P5oGY7ndxDcJtmA+3EIb8ZvxiN+R4AJ9 xHCvkOqPUTG8DHOVVyLTarAF932lOzjPeydNPVWuP4DGrB7SUnpdDEtEQQyNmVNs4k 3x+Lew9WuFRqoRKC14m8EASUT0nNgh10Z9ndfWFgzFL7LzhzeNTnAOOhJZ865xk53r WAXFCfI3mqT49axXHE16eo7qH2PtofavDp/RRllaQLcgO2d/bhFffRPw9eAyjAomJp um0ll8RtDp5Bw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 1948068521; Sat, 15 Nov 2025 11:53:49 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id 66M4jVVYweoQ; Sat, 15 Nov 2025 11:53:49 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1763232828; bh=g/+wMm7UUlaqVXqRA56kucc67ow+YRMoUQOVsazLdjI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YIdAwrgAKKnfRkUfw8bugRhGYYMuIdeFGc4ZYYE1sQm43ecfnVlR4b0K50aZGuj5z JPvDWL/Aq3IZmprFTXg1wjinSCKTm8ATNm5wBpN1FXEWyr6vX8h37gUL9vl6dRjNRt o8HuLfBlK7ESCotuQjI2TqjFnEa3FEIhpqncdjAL6W1kluw/Lag1QBsleqnOkYhD0D HjNs2dkaNFSUX8Iew2BmgIgfKIuMKmVyfPeqivTNpRoFjMPOsMOFA59sU+5rYmtJDO C/CTlgAITtiPaIfqx89zjUMKYlnRZITH2aAOs0HUlfKizQpIGpiImG3OexupeqvWg5 h3STI3BwLXj/A== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 609D866654; Sat, 15 Nov 2025 11:53:48 -0700 (MST) From: Simon Glass To: U-Boot Concept Date: Sat, 15 Nov 2025 11:52:04 -0700 Message-ID: <20251115185212.539268-16-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251115185212.539268-1-sjg@u-boot.org> References: <20251115185212.539268-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: TZYCQ7JOGFVPDORMOX6TIY2LSPDBXD2T X-Message-ID-Hash: TZYCQ7JOGFVPDORMOX6TIY2LSPDBXD2T X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Simon Glass X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 15/16] boot: Show an indication for encrypted bootflows List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass We don't support storing the OS on an encrypted partition, but in some cases the root partition may be encrypted. Add an indication of this when listing the bootflows. Signed-off-by: Simon Glass --- boot/bootflow.c | 5 +++-- cmd/bootflow.c | 15 ++++++++++++--- include/bootflow.h | 4 ++++ test/boot/bootflow.c | 44 +++++++++++++++++++++++--------------------- 4 files changed, 42 insertions(+), 26 deletions(-) diff --git a/boot/bootflow.c b/boot/bootflow.c index 30e0644a09e..0c389f78a28 100644 --- a/boot/bootflow.c +++ b/boot/bootflow.c @@ -108,11 +108,12 @@ static void report_bootflow_err(struct bootflow *bflow, int err) void bootflow_show(int index, struct bootflow *bflow, bool errors) { const char *name = bootflow_guess_label(bflow); + char enc_mark = (bflow->flags & BOOTFLOWF_ENCRYPTED) ? 'E' : ' '; - printf("%3x %-11s %-6s %-9.9s %4x %-25.25s %s\n", index, + printf("%3x %-11s %-6s %-9.9s %4x %c %-25.25s %s\n", index, bflow->method ? bflow->method->name : "(none)", bootflow_state_get_name(bflow->state), name, bflow->part, - bflow->name, bflow->fname ?: ""); + enc_mark, bflow->name, bflow->fname ?: ""); if (errors) report_bootflow_err(bflow, bflow->err); } diff --git a/cmd/bootflow.c b/cmd/bootflow.c index caff52fcc7c..93c1acb4f51 100644 --- a/cmd/bootflow.c +++ b/cmd/bootflow.c @@ -20,13 +20,13 @@ static void show_header(void) { - printf("Seq Method State Uclass Part Name Filename\n"); - printf("--- ----------- ------ -------- ---- ------------------------ ----------------\n"); + printf("Seq Method State Uclass Part E Name Filename\n"); + printf("--- ----------- ------ -------- ---- - ------------------------ ----------------\n"); } static void show_footer(int count, int num_valid) { - printf("--- ----------- ------ -------- ---- ------------------------ ----------------\n"); + printf("--- ----------- ------ -------- ---- - ------------------------ ----------------\n"); printf("(%d bootflow%s, %d valid)\n", count, count != 1 ? "s" : "", num_valid); } @@ -370,6 +370,15 @@ static int do_bootflow_info(struct cmd_tbl *cmdtp, int flag, int argc, printf("Method: %s\n", bflow->method ? bflow->method->name : "(none)"); printf("State: %s\n", bootflow_state_get_name(bflow->state)); printf("Partition: %d\n", bflow->part); + + /* Show encryption status with LUKS version if applicable */ + if (IS_ENABLED(CONFIG_BLK_LUKS)) { + if (bflow->flags & BOOTFLOWF_ENCRYPTED) + printf("Encrypted: LUKSv%d\n", bflow->luks_version); + else + printf("Encrypted: no\n"); + } + printf("Subdir: %s\n", bflow->subdir ? bflow->subdir : "(none)"); printf("Filename: %s\n", bflow->fname); printf("Buffer: "); diff --git a/include/bootflow.h b/include/bootflow.h index 3a5c7bce847..82ebef2c5c8 100644 --- a/include/bootflow.h +++ b/include/bootflow.h @@ -55,12 +55,14 @@ enum bootflow_state_t { * @BOOTFLOWF_USE_BUILTIN_FDT: Indicates that current bootflow uses built-in FDT * @BOOTFLOWF_FAKE_GO: Do a 'fake' boot, up to the last possible point, then * return + * @BOOTFLOWF_ENCRYPTED: Indicates that the partition is encrypted (e.g., LUKS) */ enum bootflow_flags_t { BOOTFLOWF_USE_PRIOR_FDT = BIT(0), BOOTFLOWF_STATIC_BUF = BIT(1), BOOTFLOWF_USE_BUILTIN_FDT = BIT(2), BOOTFLOWF_FAKE_GO = BIT(3), + BOOTFLOWF_ENCRYPTED = BIT(4), }; /** @@ -93,6 +95,7 @@ enum bootflow_flags_t { * @fdt_size: Size of FDT file * @fdt_addr: Address of loaded fdt * @flags: Flags for the bootflow (see enum bootflow_flags_t) + * @luks_version: LUKS version (1 or 2) if BOOTFLOWF_ENCRYPTED is set, else 0 * @cmdline: OS command line, or NULL if not known (allocated) * @x86_setup: Pointer to x86 setup block inside @buf, NULL if not present * @bootmeth_priv: Private data for the bootmeth @@ -118,6 +121,7 @@ struct bootflow { int fdt_size; ulong fdt_addr; int flags; + int luks_version; char *cmdline; void *x86_setup; void *bootmeth_priv; diff --git a/test/boot/bootflow.c b/test/boot/bootflow.c index 7baff4b0b0d..a1390ad9a6d 100644 --- a/test/boot/bootflow.c +++ b/test/boot/bootflow.c @@ -40,8 +40,8 @@ extern U_BOOT_DRIVER(bootmeth_2script); static u16 __efi_runtime_data test_vendor[] = u"U-Boot testing"; /* comment test strings */ -#define HEADER "Seq Method State Uclass Part Name Filename" -#define EXT0 " 0 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf" +#define HEADER "Seq Method State Uclass Part E Name Filename" +#define EXT0 " 0 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf" static int inject_response(struct unit_test_state *uts) { @@ -194,28 +194,28 @@ static int bootflow_cmd_scan_e(struct unit_test_state *uts) ut_assert_nextline(HEADER); ut_assert_nextlinen("---"); ut_assert_nextline("Scanning bootdev 'mmc2.bootdev':"); - ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); - ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); - ut_assert_nextline(" 2 vbe media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 2 vbe media mmc 0 mmc2.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); ut_assert_nextline("Scanning bootdev 'mmc1.bootdev':"); - ut_assert_nextline(" 3 extlinux media mmc 0 mmc1.bootdev.whole "); + ut_assert_nextline(" 3 extlinux media mmc 0 mmc1.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-2: No such file or directory"); - ut_assert_nextline(" 4 efi media mmc 0 mmc1.bootdev.whole "); + ut_assert_nextline(" 4 efi media mmc 0 mmc1.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-2: No such file or directory"); - ut_assert_nextline(" 5 vbe media mmc 0 mmc1.bootdev.whole "); + ut_assert_nextline(" 5 vbe media mmc 0 mmc1.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-2: No such file or directory"); - ut_assert_nextline(" 6 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf"); + ut_assert_nextline(" 6 extlinux ready mmc 1 mmc1.bootdev.part_1 /extlinux/extlinux.conf"); ut_assert_nextline( - " 7 efi fs mmc 1 mmc1.bootdev.part_1 /EFI/BOOT/%s", + " 7 efi fs mmc 1 mmc1.bootdev.part_1 /EFI/BOOT/%s", efi_get_basename()); ut_assert_skip_to_line("Scanning bootdev 'mmc0.bootdev':"); ut_assert_skip_to_line( - " 5f vbe media mmc 0 mmc0.bootdev.whole "); + " 5f vbe media mmc 0 mmc0.bootdev.whole "); ut_assert_nextline(" ** No partition found, err=-93: Protocol not supported"); ut_assert_nextline("No more bootdevs"); ut_assert_nextlinen("---"); @@ -226,9 +226,9 @@ static int bootflow_cmd_scan_e(struct unit_test_state *uts) ut_assert_nextline("Showing all bootflows"); ut_assert_nextline(HEADER); ut_assert_nextlinen("---"); - ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); - ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); - ut_assert_skip_to_line(" 5f vbe media mmc 0 mmc0.bootdev.whole "); + ut_assert_nextline(" 0 extlinux media mmc 0 mmc2.bootdev.whole "); + ut_assert_nextline(" 1 efi media mmc 0 mmc2.bootdev.whole "); + ut_assert_skip_to_line(" 5f vbe media mmc 0 mmc0.bootdev.whole "); ut_assert_nextlinen("---"); ut_assert_nextline("(96 bootflows, 1 valid)"); ut_assert_console_end(); @@ -253,6 +253,8 @@ static int bootflow_cmd_info(struct unit_test_state *uts) ut_assert_nextline("Method: extlinux"); ut_assert_nextline("State: ready"); ut_assert_nextline("Partition: 1"); + if (IS_ENABLED(CONFIG_BLK_LUKS)) + ut_assert_nextline("Encrypted: no"); ut_assert_nextline("Subdir: (none)"); ut_assert_nextline("Filename: /extlinux/extlinux.conf"); ut_assert_nextlinen("Buffer: "); @@ -503,7 +505,7 @@ static int bootflow_system(struct unit_test_state *uts) bootstd_clear_glob(); ut_assertok(run_command("bootflow scan -lH", 0)); ut_assert_skip_to_line( - " 1 efi_mgr ready (none) 0 "); + " 1 efi_mgr ready (none) 0 "); ut_assert_skip_to_line("No more bootdevs"); ut_assert_skip_to_line("(2 bootflows, 2 valid)"); ut_assert_console_end(); @@ -1309,8 +1311,8 @@ static int bootflow_cros(struct unit_test_state *uts) ut_assert_nextlinen("Seq"); ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); - ut_assert_nextlinen(" 1 cros ready mmc 2 mmc5.bootdev.part_2 "); - ut_assert_nextlinen(" 2 cros ready mmc 4 mmc5.bootdev.part_4 "); + ut_assert_nextlinen(" 1 cros ready mmc 2 mmc5.bootdev.part_2 "); + ut_assert_nextlinen(" 2 cros ready mmc 4 mmc5.bootdev.part_4 "); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(3 bootflows, 3 valid)"); @@ -1346,7 +1348,7 @@ static int bootflow_android_image_v4(struct unit_test_state *uts) ut_assert_nextlinen("Seq"); ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); - ut_assert_nextlinen(" 1 android ready mmc 0 mmc7.bootdev.whole "); + ut_assert_nextlinen(" 1 android ready mmc 0 mmc7.bootdev.whole "); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(2 bootflows, 2 valid)"); @@ -1369,7 +1371,7 @@ static int bootflow_android_image_v2(struct unit_test_state *uts) ut_assert_nextlinen("Seq"); ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); - ut_assert_nextlinen(" 1 android ready mmc 0 mmc8.bootdev.whole "); + ut_assert_nextlinen(" 1 android ready mmc 0 mmc8.bootdev.whole "); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(2 bootflows, 2 valid)"); @@ -1415,9 +1417,9 @@ static int bootflow_efi(struct unit_test_state *uts) ut_assert_nextlinen("---"); ut_assert_nextlinen(" 0 extlinux"); ut_assert_nextlinen( - " 1 efi ready usb 1 hub1.p2.usb_mass_storage. /EFI/BOOT/BOOTSBOX.EFI"); + " 1 efi ready usb 1 hub1.p2.usb_mass_storage. /EFI/BOOT/BOOTSBOX.EFI"); ut_assert_nextlinen( - " 2 extlinux ready usb 1 hub1.p4.usb_mass_storage. /extlinux/extlinux.conf"); + " 2 extlinux ready usb 1 hub1.p4.usb_mass_storage. /extlinux/extlinux.conf"); ut_assert_nextlinen("---"); ut_assert_skip_to_line("(3 bootflows, 3 valid)"); ut_assert_console_end();