git.ipfire.org Git - thirdparty/grub.git/commit

author	Maxim Suhanov <dfirblog@gmail.com>
	Sun, 2 Mar 2025 15:08:22 +0000 (18:08 +0300)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 6 May 2025 15:14:03 +0000 (17:14 +0200)
commit	7a584fbde0c339816a57d55fc165a854039cf0b2
tree	465e1fb854a70492b47ab16d8d9813308375247d	tree
parent	ed691c0e0e20d9d0e8d8305a120e8c61d6be3d38	commit \| diff

disk/diskfilter: Introduce the "cryptocheck" command

This command examines a given diskfilter device, e.g., an LVM disk,
and checks if underlying disks, physical volumes, are cryptodisks,
e.g., LUKS disks, this layout is called "LVM-on-LUKS".

The return value is 0 when all underlying disks (of a given device)
are cryptodisks (1 if at least one disk is unencrypted or in an
unknown state).

Users are encouraged to include the relevant check before loading
anything from an LVM disk that is supposed to be encrypted.

This further supports the CLI authentication, blocking bypass
attempts when booting from an encrypted LVM disk.

Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>