diff mbox series

[Concept,12/14] luks: Support a pre-derived key

Message ID 20251116212334.1603490-13-simon.glass@canonical.com
State New
Headers
Series luks: Integrate support for a TKey |

Commit Message

Simon Glass Nov. 16, 2025, 9:23 p.m. UTC 
  Update luks_unlock() to support a pre-derived key, such as that obtained
from a TKey. This must match the key_size of the LUKS partition,
otherwise it will fail to unlock.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 cmd/luks.c           |  2 +-
 drivers/block/luks.c | 11 ++++++-----
 include/luks.h       |  4 ++--
 test/boot/luks.c     |  2 +-
 4 files changed, 10 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/cmd/luks.c b/cmd/luks.c
index defd987776d..47d3e5bed7b 100644
--- a/cmd/luks.c
+++ b/cmd/luks.c
@@ -89,7 +89,7 @@  static int do_luks_unlock(struct cmd_tbl *cmdtp, int flag, int argc,
 
 	/* Unlock the partition to get the master key */
 	ret = luks_unlock(dev_desc->bdev, &info, (const u8 *)passphrase,
-			  strlen(passphrase), master_key, &key_size);
+			  strlen(passphrase), false, master_key, &key_size);
 	if (ret) {
 		printf("Failed to unlock LUKS partition (err %dE)\n", ret);
 		return CMD_RET_FAILURE;
diff --git a/drivers/block/luks.c b/drivers/block/luks.c
index 3fc54dbbb9a..10ef4a2e31a 100644
--- a/drivers/block/luks.c
+++ b/drivers/block/luks.c
@@ -590,7 +590,8 @@  out:
 }
 
 int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
-		const u8 *pass, size_t pass_len, u8 *master_key, u32 *key_sizep)
+		const u8 *pass, size_t pass_len, bool pre_derived,
+		u8 *master_key, u32 *key_sizep)
 {
 	uint version, hdr_blocks;
 	struct luks1_phdr *hdr;
@@ -625,12 +626,12 @@  int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
 	switch (version) {
 	case LUKS_VERSION_1:
 		hdr = (struct luks1_phdr *)buffer;
-		ret = unlock_luks1(blk, pinfo, hdr, pass, pass_len, master_key,
-				   false, key_sizep);
+		ret = unlock_luks1(blk, pinfo, hdr, pass, pass_len,
+				   pre_derived, master_key, key_sizep);
 		break;
 	case LUKS_VERSION_2:
-		ret = unlock_luks2(blk, pinfo, pass, pass_len, master_key,
-				   key_sizep);
+		ret = unlock_luks2(blk, pinfo, pass, pass_len, pre_derived,
+				   master_key, key_sizep);
 		break;
 	default:
 		log_debug("unsupported LUKS version %d\n", version);
diff --git a/include/luks.h b/include/luks.h
index 8826fa96507..da9be12e2a3 100644
--- a/include/luks.h
+++ b/include/luks.h
@@ -158,8 +158,8 @@  int luks_show_info(struct udevice *blk, struct disk_partition *pinfo);
  *		-EIO if failed to read from block device
  */
 int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
-		const u8 *pass, size_t pass_len, u8 *master_key,
-		u32 *key_size);
+		const u8 *pass, size_t pass_len, bool pre_derived,
+		u8 *master_key, u32 *key_size);
 
 /**
  * luks_create_blkmap() - Create a blkmap device for a LUKS partition
diff --git a/test/boot/luks.c b/test/boot/luks.c
index 93cc8ce6681..dfd6f7b411c 100644
--- a/test/boot/luks.c
+++ b/test/boot/luks.c
@@ -275,7 +275,7 @@  static int bootstd_test_luks2_unlock(struct unit_test_state *uts)
 	/* Test that unlock fails for partition 1 (not LUKS) */
 	ut_assertok(part_get_info(desc, 1, &info));
 	ut_asserteq(-ENOENT, luks_unlock(desc->bdev, &info, (const u8 *)"test",
-					 4, master_key, &key_size));
+					 4, false, master_key, &key_size));
 
 	/* Test unlocking partition 2 with correct passphrase */
 	ut_assertok(run_command("luks unlock mmc c:2 test", 0));