135e0bc886
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may look like this: tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub/sealed.tpm cryptomount -u <PART-UUID> -P tpm2 search --fs-uuid --set=root <FS-UUID> Since the disk search order is based on the order of module loading, the attacker could insert a malicious disk with the same FS-UUID root to trick GRUB to boot into the malicious root and further dump memory to steal the unsealed key. Do defend against such an attack, we can specify the hint provided by "grub-probe" to search the encrypted partition first: search --fs-uuid --set=root --hint='cryptouuid/<PART-UUID>' <FS-UUID> However, for LVM on an encrypted partition, the search hint provided by "grub-probe" is: --hint='lvmid/<VG-UUID>/<LV-UUID>' It doesn't guarantee to look up the logical volume from the encrypted partition, so the attacker may have the chance to fool GRUB to boot into the malicious disk. To minimize the attack surface, this commit tweaks the disk device search in diskfilter to look up cryptodisk devices first and then others, so that the auto-unlocked disk will be found first, not the attacker's disk. Cc: Fabian Vogt <fvogt@suse.com> Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com>
This is GRUB 2, the second version of the GRand Unified Bootloader. GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more robust, more powerful, and more portable. See the file NEWS for a description of recent changes to GRUB 2. See the file INSTALL for instructions on how to build and install the GRUB 2 data and program files. See the file MAINTAINERS for information about the GRUB maintainers, etc. If you found a security vulnerability in the GRUB please check the SECURITY file to get more information how to properly report this kind of bugs to the maintainers. Please visit the official web page of GRUB 2, for more information. The URL is <http://www.gnu.org/software/grub/grub.html>. More extensive documentation is available in the Info manual, accessible using 'info grub' after building and installing GRUB 2. There are a number of important user-visible differences from the first version of GRUB, now known as GRUB Legacy. For a summary, please see: info grub Introduction 'Changes from GRUB Legacy'