From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1RkakU-000121-Nw
	for mharc-grub-devel@gnu.org; Tue, 10 Jan 2012 07:24:18 -0500
Received: from eggs.gnu.org ([140.186.70.92]:43645)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Darren.Moffat@Oracle.COM>) id 1RkakN-00010O-7R
	for grub-devel@gnu.org; Tue, 10 Jan 2012 07:24:16 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Darren.Moffat@Oracle.COM>) id 1RkakE-0008Ax-TK
	for grub-devel@gnu.org; Tue, 10 Jan 2012 07:24:11 -0500
Received: from acsinet15.oracle.com ([141.146.126.227]:62319)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Darren.Moffat@Oracle.COM>) id 1RkakE-0008Ai-Lh
	for grub-devel@gnu.org; Tue, 10 Jan 2012 07:24:02 -0500
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93])
	by acsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id
	q0ACO0Gb019213
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <grub-devel@gnu.org>; Tue, 10 Jan 2012 12:24:01 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157])
	by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	q0ACNxjG011199
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <grub-devel@gnu.org>; Tue, 10 Jan 2012 12:24:00 GMT
Received: from abhmt110.oracle.com (abhmt110.oracle.com [141.146.116.62])
	by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id
	q0ACNxa8029202
	for <grub-devel@gnu.org>; Tue, 10 Jan 2012 06:23:59 -0600
Received: from [10.163.198.80] (/10.163.198.80)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Tue, 10 Jan 2012 04:23:59 -0800
Message-ID: <4F0C2DDE.7070703@Oracle.COM>
Date: Tue, 10 Jan 2012 12:23:58 +0000
From: Darren J Moffat <Darren.Moffat@Oracle.COM>
Organization: Oracle Solaris Security
User-Agent: Mozilla/5.0 (X11; SunOS i86pc;
	rv:8.0) Gecko/20111202 Thunderbird/8.0
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: ZFS Crypto key hand off to kernel
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
X-CT-RefId: str=0001.0A090208.4F0C2DE1.0166,ss=1,re=0.000,fgs=0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 1)
X-Received-From: 141.146.126.227
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 12:24:16 -0000

I've been testing the ZFS Crypto support in GRUB2 with Solaris 11 and 
found it works great - many thanks!

The 'zfskey' command works very nicely, however the key is only 
available to grub and isn't handed off to the kernel that GRUB2 starts up.

I'm considering an extension to the multiboot2 spec to provide a 
mechanism to hand off the key from GRUB2 to the running kernel.

I would like for this not to be specific to the ZFS crypto support but 
to be usable for LUKS and other systems that allow for an encrypted 
root/boot where both GRUB2 and the kernel need the same key.

Is this something that would be of interest for GRUB2 ?  If so I'll look 
at developing the spec update and a patch for GRUB2 to support it for 
the zfs crypto support.

-- 
Darren J Moffat