From: Kris Moore <kris@pcbsd.org>
To: grub-devel@gnu.org
Subject: Re: Patch to support GELI passphrase passthrough
Date: Wed, 22 Oct 2014 13:50:07 -0400 [thread overview]
Message-ID: <5447EE4F.5010002@pcbsd.org> (raw)
In-Reply-To: <20141022214724.19df0c1f@opensuse.site>
On 10/22/2014 13:47, Andrei Borzenkov wrote:
> В Wed, 22 Oct 2014 13:12:32 -0400
> Kris Moore <kris@pcbsd.org> пишет:
>
>>
>> Hey, just a small patch to submit today. If you rather I send this to
>> the bug tracker then I can do that also.
>>
>> This patch allows exporting the FreeBSD GELI passphrase to the kernel
>> environment, which we will be doing in PC-BSD to avoid prompting for the
>> passphrase a second time at bootup.
>>
>> if (!grub_password_get (passphrase, MAX_PASSPHRASE))
>> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
>>
>> + /* Set the GELI passphrase to GRUB env, for passing to FreeBSD kernel */
>> + grub_env_set ("gelipassphrase", passphrase);
>> +
> If I read BSD loader correctly, this should be kFreeBSD.gelipassphrase.
> Is geli freebsd-specific?
>
>> /* Calculate the PBKDF2 of the user supplied passphrase. */
>> if (grub_le_to_cpu32 (header.niter) != 0)
>> {
> It sounds more logical to export it after it has been verified?
>
> I tried to find out about this "gelipassphrase" kernel variable but did
> not find anything. Is it already used anywhere?
>
>> Let me know if you have any suggestions or need any changes. I'm
>> currently hacking on support for EFI framebuffer settings to be passed
>> to FreeBSD kernel as well, will send patches once I get things working
>> there.
>>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
Well, this patch just makes the variable available to grub.cfg file,
then we do some stuff there like this:
set kFreeBSD.kern.geom.eli.passphrase=<passphrase>
The patch for support in FreeBSD should be in HEAD soon, but here it is
if you want to take a look:
https://github.com/pcbsd/freebsd/commit/79f4efcf6a7d4268781adc227d76ed9f7f0b685d
--
Kris Moore
PC-BSD Software
iXsystems
next prev parent reply other threads:[~2014-10-22 17:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-22 17:12 Patch to support GELI passphrase passthrough Kris Moore
2014-10-22 17:47 ` Andrei Borzenkov
2014-10-22 17:50 ` Kris Moore [this message]
2014-10-27 14:56 ` Kris Moore
2014-11-28 19:36 ` Vladimir 'φ-coder/phcoder' Serbinenko
2014-12-08 22:20 ` Kris Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5447EE4F.5010002@pcbsd.org \
--to=kris@pcbsd.org \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.