Page MenuHomeFreeBSD
Files F152012461

D45251.id138736.diff
No OneTemporary
Actions

D45251.id138736.diff
View Options

diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8
--- a/lib/geom/eli/geli.8
+++ b/lib/geom/eli/geli.8
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd April 24, 2024
+.Dd May 19, 2024
.Dt GELI 8
.Os
.Sh NAME
@@ -1197,6 +1197,11 @@
# geli attach -k /root/private0.key /dev/md0
Enter passphrase:
# mount /dev/md0.eli /private
+.Pp
+If two slots are used with passphrase and keyfile, the prompt about
+passphrase during boot can be disabled:
+.Bd -literal -offset indent
+geli_da1s3a_skip_passphrase="YES"
.Ed
.Sh ENCRYPTION MODES
.Nm
diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c
--- a/stand/libsa/geli/geliboot.c
+++ b/stand/libsa/geli/geliboot.c
@@ -32,11 +32,11 @@
struct known_dev {
char name[GELIDEV_NAMELEN];
- struct geli_dev *gdev;
+ struct geli_dev *gdev;
SLIST_ENTRY(known_dev) entries;
};
-SLIST_HEAD(known_dev_list, known_dev) known_devs_head =
+SLIST_HEAD(known_dev_list, known_dev) known_devs_head =
SLIST_HEAD_INITIALIZER(known_devs_head);
static geli_ukey saved_keys[GELI_MAX_KEYS];
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -1247,6 +1247,27 @@
return (g_eli_destroy(sc, FALSE));
}
+static bool
+geli_skip_passphrase(const char *provider)
+{
+ char name[64];
+ char *value;
+ bool skip;
+
+ skip = false;
+ snprintf(name, sizeof(name), "geli_%s_skip_passphrase", provider);
+ value = kern_getenv(name);
+
+ if (value != NULL && strcasecmp(value, "YES") == 0) {
+ printf("Skip passphrase for %s", provider);
+ skip = true;
+ }
+ if (value != NULL)
+ freeenv(value);
+
+ return (skip);
+}
+
static int
g_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider)
{
@@ -1325,7 +1346,7 @@
u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
u_int i, nkey, nkeyfiles, tries, showpass;
int error;
- bool skippassphrase;
+ bool skippassphrase, diskskippassphrase;
struct keybuf *keybuf;
g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name);
@@ -1387,6 +1408,7 @@
}
}
+ diskskippassphrase = geli_skip_passphrase(pp->name);
for (i = 0; i <= tries; i++) {
g_eli_crypto_hmac_init(&ctx, NULL, 0);
@@ -1409,7 +1431,7 @@
return (NULL);
}
- skippassphrase = false;
+ skippassphrase = diskskippassphrase;
if (i == 0 && nkeyfiles > 0 && md.md_iterations != -1) {
tries += 1;
skippassphrase = true;
@@ -1462,6 +1484,13 @@
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
explicit_bzero(key, sizeof(key));
if (error == -1) {
+ if (diskskippassphrase) {
+ G_ELI_DEBUG(0,
+ "Cannot decrypt Master Key for %s.",
+ pp->name);
+ g_eli_keyfiles_clear(pp->name);
+ return (NULL);
+ }
if (i == tries) {
G_ELI_DEBUG(0,
"Wrong key for %s. No tries left.",

File Metadata

Mime Type
text/plain
Expires
Mon, Apr 13, 2:26 AM (11 h, 22 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31389196
Default Alt Text
D45251.id138736.diff (3 KB)

Event Timeline