From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1XXZ3r-0002T7-St for mharc-grub-devel@gnu.org; Fri, 26 Sep 2014 13:12:03 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58619) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XXZ3k-0002MC-Pq for grub-devel@gnu.org; Fri, 26 Sep 2014 13:12:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XXZ3e-0005GF-4b for grub-devel@gnu.org; Fri, 26 Sep 2014 13:11:56 -0400 Received: from mail.ixsystems.com ([69.198.165.135]:48317) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XXZ3d-0005FP-Sn for grub-devel@gnu.org; Fri, 26 Sep 2014 13:11:50 -0400 Received: from localhost (mail.ixsystems.com [10.2.55.1]) by mail.iXsystems.com (Postfix) with ESMTP id D7EB37A16B for ; Fri, 26 Sep 2014 10:11:42 -0700 (PDT) Received: from mail.iXsystems.com ([10.2.55.1]) by localhost (mail.ixsystems.com [10.2.55.1]) (maiad, port 10024) with ESMTP id 09357-09 for ; Fri, 26 Sep 2014 10:11:42 -0700 (PDT) Received: from [172.16.0.232] (unknown [92.247.20.226]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.iXsystems.com (Postfix) with ESMTPSA id B44757A162 for ; Fri, 26 Sep 2014 10:11:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ixsystems.com; s=newknight0; t=1411751502; bh=yAcmV/gWP+AlkdAQtfWZhuGSagPgUkDyqWlShKPpWtA=; h=Date:From:To:Subject; b=HZ1aDkZOIm9F+ZljrjnPrayuxD7sezHbhCmdcqCbdh9F8GjpO2AoRsLxpc00gVE+j R/RRkIQxhybMhvylyK6QMlUn3WeO8D5kw+ftE3aJ/iBNz/gqvbLcW13g6o//IEcNxG Fk9J5dVjOuRfwCjzIHmCTZSLF9bFyo8HLIeZdBN4= Message-ID: <54259E48.4040502@pcbsd.org> Date: Fri, 26 Sep 2014 13:11:36 -0400 From: Kris Moore User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 To: grub-devel@gnu.org Subject: Question about GRUB/GELI support Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: FreeBSD 9.x X-Received-From: 69.198.165.135 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 17:12:02 -0000 Hey, quick question about GRUB's support for GELI. We are using it to boot Free/PC-BSD with GELI v5, and it works great there. However FreeBSD updated their geli implementation very slightly to v7, which only changes which part of the master key is used for encrypt / decrypt. https://github.com/freebsd/freebsd/commit/38de8ef1dd0e468ff1e3ec1c431f465= e270beba3 I think the line in GRUB that needs tweaking is on or around 440 of grub-core/disk/geli.c, where it calls grub_crypto_pbkdf2 (dev->hash..... I'm having trouble figuring out which part of that would be the equivalent of Freebsd's mkey -> ekey change, or if that data is even exposed in GRUB's version. Any tips or pointers? I'm also doing some other patches to GRUB so we can pass the GELI key as a variable to the kernel, skipping the prompting at mount-root. That seems to work well, but I wanted to see if I could knock out both fixes at the same time. Once its done, I'll be happy to forward the patch for upstream inclusion. Thanks! --=20 Kris Moore PC-BSD Software iXsystems