Page MenuHomeFreeBSD
Differential D15000

Allow to verify keys in geli.
ClosedPublic
Actions

Authored by oshogbo on Apr 7 2018, 9:55 AM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 10 2024, 6:51 PM
Unknown Object (File)
Oct 1 2024, 9:55 PM
Unknown Object (File)
Sep 18 2024, 12:39 AM
Unknown Object (File)
Sep 15 2024, 4:01 AM
Unknown Object (File)
Sep 12 2024, 1:05 PM
Unknown Object (File)
Sep 5 2024, 1:48 AM
Unknown Object (File)
Sep 4 2024, 2:23 PM
Unknown Object (File)
Sep 1 2024, 12:13 PM
View All 78 Files
Subscribers
imp

Details

Reviewers
pjd
allanjude
cem
Group Reviewers
manpages
Commits
rS332361: Introduce dry run option for attaching the device.
Summary

Introduce dry run options in geli attach.
This will allow us to verify if passphrase and key is valid without need to decrypt whole device.
This can be useful for example when we changed key and we wan't to verify it.
The device for this can be mounted or not.

Next step will be to introduce an optional flag to say which slot to use.
This can be useful to verify as well as in normal decryption.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

oshogbo created this revision.Apr 7 2018, 9:55 AM
cem added inline comments.Apr 8 2018, 4:56 PM
sbin/geom/class/eli/geli.8
427–428 ↗(On Diff #41226)

What is the problem with -r -n?

-r just modifies attach to be readonly, and -n uses the device read-only. Right?

Even -d is just a modifier for attach, and dry run overrides. I don't really see a need to enforce exclusive use of these options.

sys/geom/eli/g_eli_ctl.c
96 ↗(On Diff #41226)

Probably this should be if (*dryrun && (*detach || *readonly)) if we actually want to enforce the constraint.

Maybe an if (*detach && *readonly) check is needed too. But as-is is wrong.

allanjude added inline comments.Apr 8 2018, 6:13 PM
sbin/geom/class/eli/geli.8
425 ↗(On Diff #41226)

without decrypting *the* device

427–428 ↗(On Diff #41226)

If we are going to keep this, it should probably say *or* instead of and

oshogbo updated this revision to Diff 41303.Apr 9 2018, 8:31 PM
oshogbo marked 4 inline comments as done.

Thanks @cem and @allanjude

sbin/geom/class/eli/geli.8
427–428 ↗(On Diff #41226)

Yea I was unsure about that but because it's just dry-run we should allow any flags.

cem accepted this revision.Apr 9 2018, 8:41 PM
This revision is now accepted and ready to land.Apr 9 2018, 8:41 PM
allanjude accepted this revision.Apr 9 2018, 10:23 PM

Thanks for working on this

Closed by commit rS332361: Introduce dry run option for attaching the device. (authored by oshogbo). · Explain WhyApr 10 2018, 1:22 PM
This revision was automatically updated to reflect the committed changes.
Herald added a reviewer: manpages. · View Herald TranscriptApr 10 2018, 1:22 PM
Herald added a subscriber: imp. · View Herald Transcript

Revision Contents
Changeset List

PathSize
head/
sbin/
geom/
class/
eli/
7 lines
3 lines
sys/
geom/
eli/
11 lines

Diff 41320

View Options

head/sbin/geom/class/eli/geli.8

Loading...
View Options

head/sbin/geom/class/eli/geom_eli.c

Loading...
View Options

head/sys/geom/eli/g_eli_ctl.c

Loading...