[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch to support GELI passphrase passthrough

From: Kris Moore
Subject: Re: Patch to support GELI passphrase passthrough
Date: Wed, 22 Oct 2014 13:50:07 -0400
User-agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2

On 10/22/2014 13:47, Andrei Borzenkov wrote:
> В Wed, 22 Oct 2014 13:12:32 -0400
> Kris Moore <address@hidden> пишет:
>> Hey, just a small patch to submit today. If you rather I send this to
>> the bug tracker then I can do that also.
>> This patch allows exporting the FreeBSD GELI passphrase to the kernel
>> environment, which we will be doing in PC-BSD to avoid prompting for the
>> passphrase a second time at bootup.
>>    if (!grub_password_get (passphrase, MAX_PASSPHRASE))
>>      return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
>> +  /* Set the GELI passphrase to GRUB env, for passing to FreeBSD kernel */
>> +  grub_env_set ("gelipassphrase", passphrase);
>> +
> If I read BSD loader correctly, this should be kFreeBSD.gelipassphrase.
> Is geli freebsd-specific?
>>    /* Calculate the PBKDF2 of the user supplied passphrase.  */
>>    if (grub_le_to_cpu32 (header.niter) != 0)
>>      {
> It sounds more logical to export it after it has been verified?
> I tried to find out about this "gelipassphrase" kernel variable but did
> not find anything. Is it already used anywhere?
>> Let me know if you have any suggestions or need any changes. I'm
>> currently hacking on support for EFI framebuffer settings to be passed
>> to FreeBSD kernel as well, will send patches once I get things working
>> there.
> _______________________________________________
> Grub-devel mailing list
> address@hidden

Well, this patch just makes the variable available to grub.cfg file,
then we do some stuff there like this:

set kFreeBSD.kern.geom.eli.passphrase=<passphrase>

The patch for support in FreeBSD should be in HEAD soon, but here it is
if you want to take a look:

Kris Moore
PC-BSD Software

reply via email to

[Prev in Thread] Current Thread [Next in Thread]