geli: Allow disabling passphrase prompt
Needs ReviewPublic
Actions

Authored by oshogbo on May 19 2024, 1:51 PM.

Details

Reviewers

manu
emaste
asomers
markj
allanjude

Summary

When using mixed decryption methods, it might be useful to disable
the passphrase prompt to allow the boot process to fail gracefully.
For example, if a device is not essential for booting, it can be
ignored during the boot process. Later, we can remotely access
the machine and decrypt the device, instead of requiring a user
to connect a keyboard to the server.

I have decided to implement this as a bootloader setting rather
than a geli flag. This approach allows us to simply unset this
flag during boot in the bootloader CLI, without the need for an
additional FreeBSD box to unset the geli flag on the disk.

This change is based on: https://reviews.freebsd.org/D45250

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 57765
Build 54653: arc lint + arc unit

Event Timeline

oshogbo created this revision.May 19 2024, 1:51 PM

Herald added a reviewer: manu. · View Herald TranscriptMay 19 2024, 1:51 PM

Herald added subscribers: dab, imp. · View Herald Transcript

oshogbo requested review of this revision.May 19 2024, 1:51 PM

Harbormaster completed remote builds in B57764: Diff 138736.May 19 2024, 1:51 PM

oshogbo edited the summary of this revision. (Show Details)May 19 2024, 1:52 PM

oshogbo added reviewers: emaste, asomers, markj, allanjude.

Ommit style changes.

Harbormaster completed remote builds in B57765: Diff 138737.May 19 2024, 1:53 PM

markj added inline comments.May 20 2024, 3:18 PM

stand/libsa/geli/geliboot.c
39	Unrelated style changes.
sys/geom/eli/g_eli.c
1259	I suspect that some valid provider names contain characters that cannot be in a kenv variable name. Do we need to handle that somehow?
1262	Just a suggestion, plain "Skip" is too unclear IMO.