From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
To: Daniel Kiper <dkiper@net-space.pl>
Cc: "Vladimir 'phcoder' Serbinenko" <phcoder@gmail.com>,
Patrick Steinhardt <ps@pks.im>,
The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: State of Argon2 support
Date: Sun, 11 Feb 2024 16:01:49 -0500 [thread overview]
Message-ID: <CAAQmekcuGU5Ft2=kvUaFa25yTd7Z52=quNbsgb54f2FbLXJDmQ@mail.gmail.com> (raw)
In-Reply-To: <20240202141014.bxhhcchssi7h4qhc@tomti.i.net-space.pl>
On Fri, Feb 2, 2024 at 9:10 AM Daniel Kiper <dkiper@net-space.pl> wrote:
>
> On Tue, Jan 30, 2024 at 10:18:20AM -0500, Nikolaos Chatzikonstantinou wrote:
> > I want to share a small update:
> >
> > I'm reading the GRUB source code for the memory manager to get a bit
> > acclimated. I was surprised to see libgcrypt depend on <stdio.h>.
>
> Hmmm...
>
> > Asking around, the monocypher library was brought to my attention,
> > <https://monocypher.org/>. No external dependencies, the license is
> > compatible, just two files monocypher.c and .h that can be bundled,
> > supports argon2, and it's already used by some bootloaders/firmware
> > (ArduPilot Project, Joulescope). It is however written in pure C99; it
> > seems to me that it supports architectures that a C99 compiler can
> > target.
> >
> > While the goal of upgrading libgcrypt is noble, it is a bit scary as
> > libgcrypt seems difficult to navigate for me, the import_gcry.py
> > script also being hard to read. So I have the following questions:
> >
> > 1) What are the cryptographic requirements of GRUB? I.e. which
> > features and algorithms does GRUB require right now?
> > 2) Can we include monocypher just for the purpose of unlocking
> > argon2-configured luks2 partitions?
> > 3) Is it of interest to replace libgcrypt entirely (if possible, with
> > monocypher e.g.?)
>
> If this change will not break (much) currently existing features and
> simplify the code I am OK with doing this experiment.
>
> > If the best plan to go ahead with is to upgrade libgcrypt, as I've
> > said before, it would be good to know the version currently bundled
> > with GRUB (I'm just reiterating this point.) But from my viewpoint,
>
> Let me poke Vladimir once again...
>
> > libgcrypt is a userland library with a wide range of features; perhaps
> > not the most appropriate for a bootloader. I'm wondering if the
> > reasons that led to choosing libgcrypt in the past for GRUB can be
> > reevaluated now that there are more options for cryptographic
> > libraries.
>
> As I said above, I am OK with reevaluating current libgcrypt approach.
Ping on this; Vladimir if you are busy that is ok, just give me a
later date and I can ping you later. You said something about the end
of the week, so I keep thinking about this... But for me it's not
urgent. If you want to respond in 2 months, that's fine too, but just
let me know so that I can put it past me for now.
Regards,
Nikolaos Chatzikonstantinou
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
prev parent reply other threads:[~2024-02-11 21:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-22 17:29 State of Argon2 support Nikolaos Chatzikonstantinou
2023-12-23 3:43 ` Oskari Pirhonen
2024-01-01 19:48 ` Patrick Steinhardt
2024-01-04 15:49 ` Nikolaos Chatzikonstantinou
2024-01-23 16:57 ` Daniel Kiper
2024-01-24 5:05 ` Nikolaos Chatzikonstantinou
2024-01-24 5:46 ` Nikolaos Chatzikonstantinou
2024-01-24 6:23 ` Nikolaos Chatzikonstantinou
2024-01-25 18:15 ` Daniel Kiper
2024-01-26 8:18 ` Nikolaos Chatzikonstantinou
2024-01-26 9:55 ` Patrick Steinhardt
2024-01-26 18:00 ` Daniel Kiper
2024-01-26 17:50 ` Daniel Kiper
2024-01-26 20:31 ` Vladimir 'phcoder' Serbinenko
2024-01-30 15:18 ` Nikolaos Chatzikonstantinou
2024-02-02 14:10 ` Daniel Kiper
2024-02-11 21:01 ` Nikolaos Chatzikonstantinou [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAQmekcuGU5Ft2=kvUaFa25yTd7Z52=quNbsgb54f2FbLXJDmQ@mail.gmail.com' \
--to=nchatz314@gmail.com \
--cc=dkiper@net-space.pl \
--cc=grub-devel@gnu.org \
--cc=phcoder@gmail.com \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).