luks2: Improve error reporting when decrypting/verifying key

While we already set up error messages in both luks2_verify_key() and
luks2_decrypt_key(), we do not ever print them. This makes it really
hard to discover why a given key actually failed to decrypt a disk.

Improve this by including the error message in the user-visible output.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index e3ff7c83d86b698ccf9b758fdf93a11692577d4b..a48bddf5de3dd9c75d493835721ce4785c23f744 100644 (file)
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -610,14 +610,16 @@ luks2_recover_key (grub_disk_t disk,
                               (const grub_uint8_t *) passphrase, grub_strlen (passphrase));
       if (ret)
        {
-         grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" failed\n", i);
+         grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" failed: %s\n",
+                       i, grub_errmsg);
          continue;
        }
 
       ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
       if (ret)
        {
-         grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE"\n", i);
+         grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE": %s\n",
+                       i, grub_errmsg);
          continue;
        }