@node cryptomount
@subsection cryptomount
-@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile [@option{-O} keyoffset] [@option{-S} keysize] ] | [@option{-P} protector] ] [@option{-H} file] device|@option{-u} uuid|@option{-a}|@option{-b}
+@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile [@option{-O} keyoffset] [@option{-S} keysize] ] | [@option{-P} protector] | [@option{-A}] ] [@option{-H} file] device|@option{-u} uuid|@option{-a}|@option{-b}
Setup access to encrypted device. A passphrase will be requested interactively,
if neither the @option{-p} nor @option{-k} options are given. The option
@option{-p} can be used to supply a passphrase (useful for scripts).
options @option{-O} and @option{-S} optionally supplying the offset and size,
respectively, of the key data in the given key file. Besides the keyfile,
the key can be stored in a key protector, and option @option{-P} configures
-specific key protector, e.g. tpm2, to retrieve the key from.
+specific key protector, e.g. tpm2, to retrieve the key from. The option @option{-A}
+enables hardware acceleration in libgcrypt to speed up decryption.
The @option{-H} options can be used to supply cryptomount backends with an
alternative header file (aka detached header). Not all backends have headers
nor support alternative header files (currently only LUKS1 and LUKS2 support them).
#include <grub/partition.h>
#include <grub/key_protector.h>
#include <grub/safemath.h>
+#include <grub/hwfeatures-gcry.h>
#ifdef GRUB_UTIL
#include <grub/emu/hostdisk.h>
OPTION_KEYFILE_OFFSET,
OPTION_KEYFILE_SIZE,
OPTION_HEADER,
- OPTION_PROTECTOR
+ OPTION_PROTECTOR,
+ OPTION_HWACCEL
};
static const struct grub_arg_option options[] =
{"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING},
{"protector", 'P', GRUB_ARG_OPTION_REPEATABLE,
N_("Unlock volume(s) using key protector(s)."), 0, ARG_TYPE_STRING},
+ {"hw-accel", 'A', 0, N_("Enable hardware acceleration."), 0, 0},
{0, 0, 0, 0, 0, 0}
};
}
static grub_err_t
-grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+__grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
{
struct grub_arg_list *state = ctxt->state;
struct grub_cryptomount_args cargs = {0};
}
}
+static grub_err_t
+grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+{
+ struct grub_arg_list *state = ctxt->state;
+ grub_err_t err;
+
+ if (state[OPTION_HWACCEL].set)
+ grub_enable_gcry_hwf ();
+
+ err = __grub_cmd_cryptomount (ctxt, argc, args);
+
+ if (state[OPTION_HWACCEL].set)
+ grub_reset_gcry_hwf ();
+
+ return err;
+}
+
static struct grub_disk_dev grub_cryptodisk_dev = {
.name = "cryptodisk",
.id = GRUB_DISK_DEVICE_CRYPTODISK_ID,
cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
N_("[ [-p password] | [-k keyfile"
" [-O keyoffset] [-S keysize] ] ] [-H file]"
- " [-P protector [-P protector ...]]"
+ " [-P protector [-P protector ...]] | [-A]"
" <SOURCE|-u UUID|-a|-b>"),
N_("Mount a crypto device."), options);
grub_procfs_register ("luks_script", &luks_script);
"feature_default_font_path", "feature_all_video_module",
"feature_menuentry_id", "feature_menuentry_options", "feature_200_final",
"feature_nativedisk_cmd", "feature_timeout_style",
- "feature_search_cryptodisk_only", "feature_tpm2_cap_pcrs"
+ "feature_search_cryptodisk_only", "feature_tpm2_cap_pcrs",
+ "feature_gcry_hw_accel"
};
GRUB_MOD_INIT(normal)
projects / thirdparty / grub.git / commitdiff
