From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Xh00c-0003GH-VD for mharc-grub-devel@gnu.org; Wed, 22 Oct 2014 13:47:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46826) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xh00V-0003EG-Vo for grub-devel@gnu.org; Wed, 22 Oct 2014 13:47:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xh00O-0002KK-IJ for grub-devel@gnu.org; Wed, 22 Oct 2014 13:47:35 -0400 Received: from mail-la0-x235.google.com ([2a00:1450:4010:c03::235]:40267) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xh00O-0002GJ-9A for grub-devel@gnu.org; Wed, 22 Oct 2014 13:47:28 -0400 Received: by mail-la0-f53.google.com with SMTP id gq15so3336361lab.26 for ; Wed, 22 Oct 2014 10:47:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=u6rAG/ROBycrEf0KH6DS7oEEeEZnhw2J0IDSQd1etig=; b=yPa6S/P0TOByr+5lb2gpa2QeTqzn299V6Q6TMNyDACa8OPIrasd0WE8rHxGrpugasa wQ3GIApMTtBwN7GhSZaIsB/es2zI92Qmd2LtQEtE+Fru5UUtu2ZAryune7xR5YzN1FXU uHUbn8XfRC+WQ+i7b18g/9VsP2rKJc/zAdjyZMAXshVVOB5AL4ZmpkWARrmeQ0L6gadl waNetLGinM8fsOUHvjxrOCj4TAnFXgOP50usabe3ZMNS8ttGtVeMCUIconTMxY3Mvehi 0k4+oLVeWdFKX/g88GZW25FiKTe8GmfhlcQhS7b5oMbyDLoske49DIAVQ5LMQE9ORd9U VUBg== X-Received: by 10.152.25.130 with SMTP id c2mr25218071lag.80.1414000046967; Wed, 22 Oct 2014 10:47:26 -0700 (PDT) Received: from opensuse.site (ppp91-76-139-38.pppoe.mtu-net.ru. [91.76.139.38]) by mx.google.com with ESMTPSA id mn4sm6070704lbb.4.2014.10.22.10.47.25 for (version=SSLv3 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 22 Oct 2014 10:47:26 -0700 (PDT) Date: Wed, 22 Oct 2014 21:47:24 +0400 From: Andrei Borzenkov To: Kris Moore Subject: Re: Patch to support GELI passphrase passthrough Message-ID: <20141022214724.19df0c1f@opensuse.site> In-Reply-To: <5447E580.1010409@pcbsd.org> References: <5447E580.1010409@pcbsd.org> X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.23; x86_64-suse-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c03::235 Cc: grub-devel@gnu.org X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2014 17:47:42 -0000 =D0=92 Wed, 22 Oct 2014 13:12:32 -0400 Kris Moore =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >=20 >=20 > Hey, just a small patch to submit today. If you rather I send this to > the bug tracker then I can do that also. >=20 > This patch allows exporting the FreeBSD GELI passphrase to the kernel > environment, which we will be doing in PC-BSD to avoid prompting for the > passphrase a second time at bootup. >=20 > if (!grub_password_get (passphrase, MAX_PASSPHRASE)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); > =20 > + /* Set the GELI passphrase to GRUB env, for passing to FreeBSD kernel = */ > + grub_env_set ("gelipassphrase", passphrase); > + If I read BSD loader correctly, this should be kFreeBSD.gelipassphrase. Is geli freebsd-specific? > /* Calculate the PBKDF2 of the user supplied passphrase. */ > if (grub_le_to_cpu32 (header.niter) !=3D 0) > { It sounds more logical to export it after it has been verified? I tried to find out about this "gelipassphrase" kernel variable but did not find anything. Is it already used anywhere? > Let me know if you have any suggestions or need any changes. I'm > currently hacking on support for EFI framebuffer settings to be passed > to FreeBSD kernel as well, will send patches once I get things working > there. >=20