Page MenuHomeFreeBSD

Allow to verify keys in geli.
ClosedPublic

Authored by oshogbo on Apr 7 2018, 9:55 AM.
Tags
None
Referenced Files
F105947736: D15000.id41226.diff
Sun, Dec 22, 11:49 PM
Unknown Object (File)
Wed, Dec 4, 12:52 PM
Unknown Object (File)
Mon, Dec 2, 1:31 AM
Unknown Object (File)
Mon, Dec 2, 1:31 AM
Unknown Object (File)
Mon, Dec 2, 1:31 AM
Unknown Object (File)
Mon, Dec 2, 1:31 AM
Unknown Object (File)
Mon, Dec 2, 12:44 AM
Unknown Object (File)
Fri, Nov 29, 4:56 PM
Subscribers

Details

Summary

Introduce dry run options in geli attach.
This will allow us to verify if passphrase and key is valid without need to decrypt whole device.
This can be useful for example when we changed key and we wan't to verify it.
The device for this can be mounted or not.

Next step will be to introduce an optional flag to say which slot to use.
This can be useful to verify as well as in normal decryption.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sbin/geom/class/eli/geli.8
427–428 ↗(On Diff #41226)

What is the problem with -r -n?

-r just modifies attach to be readonly, and -n uses the device read-only. Right?

Even -d is just a modifier for attach, and dry run overrides. I don't really see a need to enforce exclusive use of these options.

sys/geom/eli/g_eli_ctl.c
96 ↗(On Diff #41226)

Probably this should be if (*dryrun && (*detach || *readonly)) if we actually want to enforce the constraint.

Maybe an if (*detach && *readonly) check is needed too. But as-is is wrong.

sbin/geom/class/eli/geli.8
425 ↗(On Diff #41226)

without decrypting *the* device

427–428 ↗(On Diff #41226)

If we are going to keep this, it should probably say *or* instead of and

oshogbo marked 4 inline comments as done.

Thanks @cem and @allanjude

sbin/geom/class/eli/geli.8
427–428 ↗(On Diff #41226)

Yea I was unsure about that but because it's just dry-run we should allow any flags.

This revision is now accepted and ready to land.Apr 9 2018, 8:41 PM

Thanks for working on this

This revision was automatically updated to reflect the committed changes.