[PATCH RFC 0/2] use confidential computing provisioned secrets for disk decryption

[Hyman Huang]

This patchset aims to supplement James's previous work, please refer to
the following link for details:
https://lists.gnu.org/archive/html/grub-devel/2020-12/msg00257.html

The alterations listed below were made in light of earlier research:
1. As Glenn advised, remove the first commit ([PATCH v3 1/3] cryptodisk:
   make the password getter and additional argument to recover_key) while
   maintaining the original recover key function declaration.

2. To decrypt the disk, use the password that was retrieved from the EFI
   secret area and store it in the key_data field of the
   grub_cryptomount_args_t. Then, pass the password to the
   grub_cryptodisk_scan_device function.

3. Modify the put method's function definition in struct
   grub_secret_entry, and use grub_errno to log method errors.

We uploaded this series with the intention of receiving feedback, as
the title suggests. Any suggestions and feedback regarding this patchset
are welcom. 

Thanks,

Yong

Hyman Huang (2):
  cryptodisk: add OS provided secret support
  efi: Add API for retrieving the EFI secret for cryptodisk

 grub-core/Makefile.core.def    |   8 +++
 grub-core/disk/cryptodisk.c    |  49 ++++++++++++-
 grub-core/disk/efi/efisecret.c | 123 +++++++++++++++++++++++++++++++++
 include/grub/cryptodisk.h      |  14 ++++
 include/grub/efi/api.h         |  15 ++++
 5 files changed, 206 insertions(+), 3 deletions(-)
 create mode 100644 grub-core/disk/efi/efisecret.c

-- 
2.39.3