Page MenuHomeFreeBSD
Differential D36081

zfskeys: if location is prompt then prompt during boot
Needs RevisionPublic
Actions

Authored by ambrisko on Aug 8 2022, 6:42 PM.
Tags
None
Referenced Files
Unknown Object (File)
Apr 22 2024, 8:31 AM
Unknown Object (File)
Apr 22 2024, 8:30 AM
Unknown Object (File)
Apr 19 2024, 10:01 PM
Unknown Object (File)
Apr 17 2024, 5:56 PM
Unknown Object (File)
Apr 6 2024, 10:44 PM
Unknown Object (File)
Jan 23 2024, 3:56 PM
Unknown Object (File)
Dec 20 2023, 4:03 AM
Unknown Object (File)
Dec 15 2023, 9:23 AM
View All 26 Files
Subscribers
grahamperrin
imp
Contributor Reviews (src)

Details

Reviewers
allanjude
0mp
jhb
Summary

Sometimes, prompting for the key is needed. If the ZFS key is to be
entered during boot, then prompt and accept the key during boot.

Test Plan

Tested with a ZFS encryption using a file for key and another test to prompt for key.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 46790
Build 43679: arc lint + arc unit

Event Timeline

ambrisko created this revision.Aug 8 2022, 6:42 PM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptAug 8 2022, 6:42 PM
ambrisko requested review of this revision.Aug 8 2022, 6:42 PM
Harbormaster completed remote builds in B46790: Diff 109018.Aug 8 2022, 6:42 PM
ambrisko edited the test plan for this revision. (Show Details)Aug 8 2022, 6:46 PM
ambrisko added a reviewer: allanjude.
imp added a comment.Aug 19 2022, 9:07 PM

Do docs need to be updated?
Otherwise, I like it.

libexec/rc/rc.d/zfskeys
51

kl == prompt, so why obfuscate by expanding it here?

allanjude added a reviewer: 0mp.Aug 20 2022, 2:19 AM
0mp requested changes to this revision.Sep 16 2022, 12:14 PM
In D36081#823478, @imp wrote:

Do docs need to be updated?

The rc.conf manual page does not document any of that at the moment. We probably should reference zfs-load-key(8) somewhere at least. This is not part of this revision though I'd say.

Otherwise, I like it.

I'm not sure if I don't understand the purpose of the /dev/tty redirects. Could you explain a bit the reason behind that construct?

Otherwise, seems OK as well

libexec/rc/rc.d/zfskeys
51

What's the reason for < /dev/tty > /dev/tty 2>/dev/tty?

This revision now requires changes to proceed.Sep 16 2022, 12:14 PM
ambrisko added inline comments.Sep 16 2022, 10:40 PM
libexec/rc/rc.d/zfskeys
51

Combining both questions.

I don't understand the "kl == prompt" question, if the key was set to prompt then we need to read the key from console. If is in not prompt mode then read the key from a file like the original code did. So when the ZFS key is set in prompt mode then it needs to read from /dev/tty etc. or it dies:

ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
Key prompt for hdd_zfs_data_1/encrypted.
Key load error: encryption failure
 Key failed to load for hdd_zfs_data_1/encrypted.
    ....
Mounting /etc/fstab filesystems failed, startup aborted
ERROR: ABORTING BOOT (sending SIGTERM to parent)!

with /dev/tty:

ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
Key prompt for hdd_zfs_data_1/encrypted.
Enter passphrase for 'hdd_zfs_data_1/encrypted':
<ZFS password entered>
Key loaded for hdd_zfs_data_1/encrypted.
Starting file system checks:
  ....
FreeBSD/amd64 (p15s) (ttyu0)

login:

/dev/tty makes it read and write to the console so the key can be entered.

jhb accepted this revision.Apr 18 2023, 10:08 PM
grahamperrin added a subscriber: grahamperrin.Apr 22 2023, 3:05 PM

Revision Contents
Changeset List

PathSize
libexec/
rc/
rc.d/
10 lines

Diff 109018

View Options

libexec/rc/rc.d/zfskeys

Loading...