Ext4 filesystem now allows users to choose directory trees to be stored encrypted. However, GRUB refuses to boot from such partitions, even if none of the boot-critical files are actually affected. The following patch fixes this. It was tested on the latest release version of ext4.
Please let me know if more information is needed.
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index cdce63b..eca10e4 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -2,6 +2,7 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2003,2004,2005,2007,2008,2009 Free Software Foundation, Inc.
+ * Copyright (C) 2016 Google, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -102,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_64BIT 0x0080
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
+#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
/* The set of back-incompatible features this driver DOES support. Add (OR)
* flags here as the related features are implemented into the driver. */
@@ -120,9 +122,12 @@ GRUB_MOD_LICENSE ("GPLv3+");
* mmp: Not really back-incompatible - was added as such to
* avoid multiple read-write mounts. Safe to ignore for this
* RO driver.
+ * encrypt: We assume boot files are not encrypted (grub config, kernel,
+ * initramd etc.). If we are wrong, boot will fail as it should.
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
- | EXT4_FEATURE_INCOMPAT_MMP)
+ | EXT4_FEATURE_INCOMPAT_MMP \
+ | EXT4_FEATURE_INCOMPAT_ENCRYPT)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U