From 6abf8af3c54abc04c4ec71c75d10fcfbc190e181 Mon Sep 17 00:00:00 2001
From: Patrick Colp <patrick.colp@oracle.com>
Date: Fri, 15 Nov 2024 15:34:56 +0800
Subject: [PATCH] cryptodisk: Fallback to passphrase

If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase.

Before requesting the passphrase, the error from the key protector(s)
has to be cleared, or the later code, e.g., LUKS code, may stop as
grub_errno is set. This commit prints error from the key protector(s)
and sets grub_errno to GRUB_ERR_NONE to have a fresh start.

Signed-off-by: Patrick Colp <patrick.colp@oracle.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
---
 grub-core/disk/cryptodisk.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 6f7394942..4219f1fb6 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1167,6 +1167,10 @@ grub_cryptodisk_scan_device_real (const char *name,
 	  ret = cr->recover_key (source, dev, cargs);
 	  if (ret != GRUB_ERR_NONE)
 	    {
+	      /* Reset key data to trigger the passphrase prompt later */
+	      cargs->key_data = NULL;
+	      cargs->key_len = 0;
+
 	      part = grub_partition_get_name (source->partition);
 	      grub_dprintf ("cryptodisk",
 			    "recovered a key from key protector %s but it "
@@ -1192,7 +1196,6 @@ grub_cryptodisk_scan_device_real (const char *name,
 		  source->name, source->partition != NULL ? "," : "",
 		  part != NULL ? part : N_("UNKNOWN"), dev->uuid);
       grub_free (part);
-      goto error;
     }
 
   if (cargs->key_len)
@@ -1207,6 +1210,24 @@ grub_cryptodisk_scan_device_real (const char *name,
       unsigned long tries = 3;
       const char *tries_env;
 
+      /*
+       * Print the error from key protectors and clear grub_errno.
+       *
+       * Since '--protector' cannot coexist with '--password' and
+       * '--key-file', in case key protectors fail, only
+       * "cargs->key_len == 0" is expected, so cryptomount falls back
+       * here to request the passphrase.
+       *
+       * To avoid the error from key protectors stops the further code,
+       * print the error to notify the user why key protectors fail and
+       * clear grub_errno to have a fresh start.
+       */
+      if (grub_errno != GRUB_ERR_NONE)
+	{
+	  grub_print_error ();
+	  grub_errno = GRUB_ERR_NONE;
+	}
+
       askpass = 1;
       cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
       if (cargs->key_data == NULL)