I have not had a chance to test this code yet, but reading it over it looks good to me.
We need to decide how to de-conflict with the sysctl:
kern.geom.eli.visible_passphrase: Visibility of passphrase prompt (0 = invisible, 1 = visible, 2 = asterisk)
|1116 ↗||(On Diff #31256)|
This should be overridden by the new flag, should it not?
Can you undo the whitespace change from geliboot.c? Phabricator doesn't seem to have a good option to hide white space changes and it detracts from reviewing the (security sensitive) functional change.
Thanks I miss that!
I thing we should go from the specific case (In our case the disk) to the general options (sysctl).
So for me the most important option is the option per disk.
I submited change.
Bad Pharbricator ;/
For the purpose of review I revert the style changes in the geli_attach function.
Insted of changing whole style I left extra brackets where SLIST_FOREACH_SAFE was.
I hope this make it more readable.
I know the review passed correctly but I had some issue with this patch.
I think by default we should present the most secure version of the system.
So by default I would disable the stars during the boot and I changed the flag to allow to show stars.
I know that this functionality is already in the release but I feel much bather doing it that way.
I hope you will agree with me :)
If it is going to be on by default, it should be enabled even in the absence of -h when you do geli init. And we need a -H flag for init/label to be able to disable it.
|299 ↗||(On Diff #32136)|
if this is the default, then should init only have the option to disable it? Or at least have both?
|506 ↗||(On Diff #32136)|
maybe example on this to to mention printing of * characters
|963 ↗||(On Diff #32136)|
so if hidepass is -1 (not specified), it is not enabled by default? I thought you wanted it on by default?
This is not clear.
The geli password typed at boot is now hidden. To restore the previous behavior, see geli(8) for configuration options.
It is really hard to tell what this means. Guessing:
When entering the passphrase to boot from this encrypted root filesystem, echo .Ql * characters. This makes the length of the passphrase visible.
Why is this being repeated? See above for a somewhat more clear version.
Disable echoing of any characters when a passphrase is entered to boot from this encrypted root filesystem. This hides the passphrase length.