From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1cuJWp-000685-Ul for mharc-grub-devel@gnu.org; Sat, 01 Apr 2017 09:57:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54661) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cuJWn-00066g-DO for grub-devel@gnu.org; Sat, 01 Apr 2017 09:57:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cuJWk-0004J8-9j for grub-devel@gnu.org; Sat, 01 Apr 2017 09:57:17 -0400 Received: from mail-lf0-x243.google.com ([2a00:1450:4010:c07::243]:33513) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cuJWk-0004IU-2b for grub-devel@gnu.org; Sat, 01 Apr 2017 09:57:14 -0400 Received: by mail-lf0-x243.google.com with SMTP id r36so9535222lfi.0 for ; Sat, 01 Apr 2017 06:57:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=chz70mGLVTGa6ZoSaFNY+VM/SLv1p+OeYYoYvquIrLQ=; b=BlgK/krPlyIjlkpvXvN8H3n1nToNOHayhGqtjAN9Lpyvs8PndIk6PNVBLJQfjuqdS/ 827Qlf3sSf9e5LMHGsCHX5GPmcZ/e5Mey5RMWRbD8Xvdy0dZgSWMo3WhUN2GciNkemA+ vkVUS3jGBepwfOYMmAuGKAehsVgIwnqdJLLnyqa7tGy5pI9aKA7CTaIp5MIyZbrb/sjg dtQlvUpspuo/hCWnFnXG/QGsm9e6QTs2tco1UrYbFNKCQOX66ZODAvoJQLmBbdDGaZM1 oNg5DUtWQVIHuuT2U82nV9AiiEGd+LKqP3ro89EUl9t+I55l7DNDROZHvuMFnOXx5w4+ i/+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=chz70mGLVTGa6ZoSaFNY+VM/SLv1p+OeYYoYvquIrLQ=; b=Bc/UAn2+6kgDLP1dcYuBtsRkF9Svuh/mA0mKhAceIc3lXEkDqMG1fgJRWO9pYbJHx7 p/NAm0BWE5+GSp62f0vNJyOhO/vWgvxEOA7a2Ev4kbBC3bJeu135YZ3qRTR/RcdSNW4C 33B5XzXeLYMGYkn/Wef8kVKqF/xCEgtl87RWL2OFrl2P7Z8NbFaM8/MvHopZjvYPQZpn vYtCAdGly9y//850d91i+lWooYycJXEiFnq2+QoUJJnuXNzfMrSrII0YBZXBmM/4DQMr oPWt9R9ZP5K88+Q7p5VJTjvViFvwemOOeNsEqVlB8Db1RXfeCuALLeD2vF1Y8cU47JsS XWqQ== X-Gm-Message-State: AFeK/H2anRv+T7qoNOhXg8Iu88XrsaLHbJar8CgAieD9DTbLA97OdHl6jMPQHS6cdR2oug== X-Received: by 10.25.77.2 with SMTP id a2mr2751708lfb.143.1491055032336; Sat, 01 Apr 2017 06:57:12 -0700 (PDT) Received: from [192.168.1.6] (ppp109-252-90-38.pppoe.spdop.ru. [109.252.90.38]) by smtp.gmail.com with ESMTPSA id h10sm1530409ljh.59.2017.04.01.06.57.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 01 Apr 2017 06:57:11 -0700 (PDT) Subject: Re: Integrating a FreeBSD/GELI change To: The development of GNU GRUB References: <5098c6fc-7ab5-6386-4ae2-a3fe2a343de4@metricspace.net> From: Andrei Borzenkov Message-ID: <8da05611-54db-25c9-31c0-ca91a96252b6@gmail.com> Date: Sat, 1 Apr 2017 16:57:05 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <5098c6fc-7ab5-6386-4ae2-a3fe2a343de4@metricspace.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="62vdSsGNqFQRF3bELOtHPCLVbBPB4Jl9k" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::243 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Apr 2017 13:57:18 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --62vdSsGNqFQRF3bELOtHPCLVbBPB4Jl9k Content-Type: multipart/mixed; boundary="cduIs6S14h5GFrm93Lvh4VmUKQTliHKlP" From: Andrei Borzenkov To: The development of GNU GRUB Message-ID: <8da05611-54db-25c9-31c0-ca91a96252b6@gmail.com> Subject: Re: Integrating a FreeBSD/GELI change References: <5098c6fc-7ab5-6386-4ae2-a3fe2a343de4@metricspace.net> In-Reply-To: <5098c6fc-7ab5-6386-4ae2-a3fe2a343de4@metricspace.net> --cduIs6S14h5GFrm93Lvh4VmUKQTliHKlP Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable 01.04.2017 15:57, Eric McCorkle =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > Hello, >=20 > I've been working on a series of changes designed to expand FreeBSD's > full-disk encryption support via GELI (its preferred disk encryption > mechanism). One of the important parts of this landed in HEAD last nig= ht: >=20 > https://github.com/freebsd/freebsd/commit/6a205a32527153697eb4df4114ff0= cd3c7cd6fd8 >=20 > This adds a general mechanism for passing keys into the FreeBSD kernel > at boot. At present, this is used exclusively by the GELI subsystem. >=20 > FreeBSD currently supports full-disk encryption for i386 BIOS. I am > actively working on EFI support and would like to make sure that GRUB > also supports full-disk encryption as well (as GRUB is our best option > for a coreboot setup). >=20 >=20 > Basically, to add support for this, I'd need to do two things: >=20 > 1) Ensure that GRUB can handle an entirely GELI-encrypted disk hosting = a > FreeBSD system (I suspect it can, but I've never done a GRUB/GELI setup= > before) >=20 > 2) An additional metadata item needs to get generated when booting the > FreeBSD kernel that contains all the GELI keys. (For those who don't > know, FreeBSD has a kernel metadata mechanism that is used to pass some= > information into the kernel: for example, the EFI console on EFI, some > BIOS information on i386 BIOS, and so on) >=20 >=20 > I've never submitted a patch to GRUB before, so I'm interested in 1) ho= w > hard would this be, I suppose like with any other software project of reasonable size. > 2) where should I look in the source code, and GELI is in grub-core/disk/geli.c, generic framework for device encryption (which GELI plugs in) in grub-core/disk/cryptodisk.c and FreeBSD loader in grub-core/loader/i386/bsd*. There was proposed patch that stored secret in environment variable that was later used by loader (I think; I am not sure whether loader part was actually implemented). Search this list for subject Patch to support GELI passphrase passthrough=E2=80=8B from Kris Moore (October 2014) > 3) what is the procedure for submitting patches like this? > Just send patches to this list. Better inline using git send-email to make it easier to comment. --cduIs6S14h5GFrm93Lvh4VmUKQTliHKlP-- --62vdSsGNqFQRF3bELOtHPCLVbBPB4Jl9k Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAljfsbYACgkQR6LMutpd94wDBgCgmPnYew66zNFQ1A+S+g7GuDBY hukAniAhMBjYffFjGzMwf6zT+C9+VbVr =flfH -----END PGP SIGNATURE----- --62vdSsGNqFQRF3bELOtHPCLVbBPB4Jl9k--