From: Kris Moore <kris@pcbsd.org>
To: grub-devel@gnu.org
Subject: Re: Patch to support GELI passphrase passthrough
Date: Mon, 27 Oct 2014 10:56:22 -0400 [thread overview]
Message-ID: <544E5D16.2070306@pcbsd.org> (raw)
In-Reply-To: <5447EE4F.5010002@pcbsd.org>
On 10/22/2014 13:50, Kris Moore wrote:
> On 10/22/2014 13:47, Andrei Borzenkov wrote:
>> В Wed, 22 Oct 2014 13:12:32 -0400
>> Kris Moore <kris@pcbsd.org> пишет:
>>
>>> Hey, just a small patch to submit today. If you rather I send this to
>>> the bug tracker then I can do that also.
>>>
>>> This patch allows exporting the FreeBSD GELI passphrase to the kernel
>>> environment, which we will be doing in PC-BSD to avoid prompting for the
>>> passphrase a second time at bootup.
>>>
>>> if (!grub_password_get (passphrase, MAX_PASSPHRASE))
>>> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
>>>
>>> + /* Set the GELI passphrase to GRUB env, for passing to FreeBSD kernel */
>>> + grub_env_set ("gelipassphrase", passphrase);
>>> +
>> If I read BSD loader correctly, this should be kFreeBSD.gelipassphrase.
>> Is geli freebsd-specific?
>>
>>> /* Calculate the PBKDF2 of the user supplied passphrase. */
>>> if (grub_le_to_cpu32 (header.niter) != 0)
>>> {
>> It sounds more logical to export it after it has been verified?
>>
>> I tried to find out about this "gelipassphrase" kernel variable but did
>> not find anything. Is it already used anywhere?
>>
>>> Let me know if you have any suggestions or need any changes. I'm
>>> currently hacking on support for EFI framebuffer settings to be passed
>>> to FreeBSD kernel as well, will send patches once I get things working
>>> there.
>>>
>> _______________________________________________
>> Grub-devel mailing list
>> Grub-devel@gnu.org
>> https://lists.gnu.org/mailman/listinfo/grub-devel
> Well, this patch just makes the variable available to grub.cfg file,
> then we do some stuff there like this:
>
> set kFreeBSD.kern.geom.eli.passphrase=<passphrase>
>
> The patch for support in FreeBSD should be in HEAD soon, but here it is
> if you want to take a look:
>
> https://github.com/pcbsd/freebsd/commit/79f4efcf6a7d4268781adc227d76ed9f7f0b685d
>
Any further thoughts on this patch? The FreeBSD integration hit HEAD a
few days back.
https://github.com/freebsd/freebsd/commit/bdb0ac02b9fd8f331fa70c8a4c29495b7ee43293
The reason I don't export the variable directly is so that when GRUB is
used to boot older versions of FreeBSD we don't set that variable, where
it isn't cleared from kernel memory. I would rather users enable it in
their grub.cfg manually, just so they know what it is doing.
--
Kris Moore
PC-BSD Software
iXsystems
next prev parent reply other threads:[~2014-10-27 14:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-22 17:12 Patch to support GELI passphrase passthrough Kris Moore
2014-10-22 17:47 ` Andrei Borzenkov
2014-10-22 17:50 ` Kris Moore
2014-10-27 14:56 ` Kris Moore [this message]
2014-11-28 19:36 ` Vladimir 'φ-coder/phcoder' Serbinenko
2014-12-08 22:20 ` Kris Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=544E5D16.2070306@pcbsd.org \
--to=kris@pcbsd.org \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.