diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 5503637611bd..595da069f73c 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -1,1047 +1,1046 @@ .include MAN= aac.4 \ aacraid.4 \ acpi.4 \ ${_acpi_asus.4} \ ${_acpi_asus_wmi.4} \ ${_acpi_dock.4} \ ${_acpi_fujitsu.4} \ ${_acpi_hp.4} \ ${_acpi_ibm.4} \ ${_acpi_panasonic.4} \ ${_acpi_rapidstart.4} \ ${_acpi_sony.4} \ acpi_ged.4 \ acpi_thermal.4 \ acpi_battery.4 \ ${_acpi_toshiba.4} \ acpi_video.4 \ ${_acpi_wmi.4} \ ada.4 \ adm6996fc.4 \ ads111x.4 \ ae.4 \ ${_aesni.4} \ age.4 \ agp.4 \ ahc.4 \ ahci.4 \ ahd.4 \ ${_aibs.4} \ aio.4 \ alc.4 \ ale.4 \ alpm.4 \ altera_atse.4 \ altera_avgen.4 \ altera_jtag_uart.4 \ altera_sdcard.4 \ altq.4 \ amdpm.4 \ ${_amdsbwd.4} \ ${_amdsmb.4} \ ${_amdsmn.4} \ ${_amdtemp.4} \ ${_bxe.4} \ ${_aout.4} \ ${_apic.4} \ arcmsr.4 \ arswitch.4 \ ${_asmc.4} \ at45d.4 \ ata.4 \ ath.4 \ ath_hal.4 \ atkbd.4 \ atkbdc.4 \ ${_atopcase.4} \ atp.4 \ ${_atf_test_case.4} \ ${_atrtc.4} \ ${_attimer.4} \ audit.4 \ auditpipe.4 \ aue.4 \ axe.4 \ axge.4 \ axp.4 \ bce.4 \ bcm5974.4 \ bcma.4 \ bfe.4 \ bge.4 \ ${_bhyve.4} \ bhnd.4 \ bhnd_chipc.4 \ bhnd_pmu.4 \ bhndb.4 \ bhndb_pci.4 \ blackhole.4 \ bnxt.4 \ boottrace.4 \ bpf.4 \ bridge.4 \ bwi.4 \ bwn.4 \ ${_bytgpio.4} \ capsicum.4 \ cardbus.4 \ carp.4 \ cas.4 \ cc_cdg.4 \ cc_chd.4 \ cc_cubic.4 \ cc_dctcp.4 \ cc_hd.4 \ cc_htcp.4 \ cc_newreno.4 \ cc_vegas.4 \ ${_ccd.4} \ ccr.4 \ cd.4 \ cdce.4 \ cdceem.4 \ cfi.4 \ cfumass.4 \ ${_cgem.4} \ ch.4 \ chromebook_platform.4 \ ${_chvgpio.4} \ ciss.4 \ ${_coretemp.4} \ cp2112.4 \ ${_cpuctl.4} \ cpufreq.4 \ crypto.4 \ ctl.4 \ cue.4 \ cxgb.4 \ cxgbe.4 \ cxgbev.4 \ cyapa.4 \ da.4 \ dc.4 \ dcons.4 \ dcons_crom.4 \ ddb.4 \ devctl.4 \ disc.4 \ disk.4 \ divert.4 \ ${_dpms.4} \ ds1307.4 \ ds3231.4 \ ${_dtrace_provs} \ dummynet.4 \ edsc.4 \ ehci.4 \ em.4 \ ena.4 \ enc.4 \ enic.4 \ epair.4 \ est.4 \ et.4 \ etherswitch.4 \ eventtimers.4 \ exca.4 \ e6060sw.4 \ fd.4 \ fdc.4 \ fdt.4 \ fdt_pinctrl.4 \ fdtbus.4 \ ffclock.4 \ filemon.4 \ firewire.4 \ ${_ftgpio.4} \ ${_ftwd.4} \ full.4 \ fwe.4 \ fwip.4 \ fwohci.4 \ fxp.4 \ - gbde.4 \ gdb.4 \ gem.4 \ genet.4 \ genetlink.4 \ geom.4 \ geom_linux_lvm.4 \ geom_uzip.4 \ gif.4 \ ${_gve.4} \ gpio.4 \ gpioiic.4 \ gpiokeys.4 \ gpioled.4 \ gpioths.4 \ gre.4 \ h_ertt.4 \ hconf.4 \ hcons.4 \ hgame.4 \ hidbus.4 \ hidquirk.4 \ hidraw.4 \ hifn.4 \ hkbd.4 \ hms.4 \ hmt.4 \ hpen.4 \ hpet.4 \ ${_hpt27xx.4} \ ${_hptiop.4} \ ${_hptmv.4} \ ${_hptnr.4} \ ${_hptrr.4} \ hsctrl.4 \ htu21.4 \ ${_hv_kvp.4} \ ${_hv_netvsc.4} \ ${_hv_storvsc.4} \ ${_hv_utils.4} \ ${_hv_vmbus.4} \ ${_hv_vss.4} \ hwpmc.4 \ ${_hwpstate_intel.4} \ i2ctinyusb.4 \ iavf.4 \ ichsmb.4 \ ${_ichwd.4} \ icmp.4 \ icmp6.4 \ ida.4 \ ietp.4 \ if_ipsec.4 \ iflib.4 \ ifmib.4 \ ig4.4 \ igmp.4 \ iic.4 \ iic_gpiomux.4 \ iicbb.4 \ iicbus.4 \ iichid.4 \ iicmux.4 \ iicsmb.4 \ ${_igc.4} \ ${_imcsmb.4} \ inet.4 \ inet6.4 \ intpm.4 \ intro.4 \ ${_io.4} \ ${_ioat.4} \ ip.4 \ ip6.4 \ ipfirewall.4 \ ipheth.4 \ ${_ipmi.4} \ ips.4 \ ipsec.4 \ ipw.4 \ ipwfw.4 \ isci.4 \ isl.4 \ ismt.4 \ isp.4 \ ispfw.4 \ ${_itwd.4} \ iwi.4 \ iwifw.4 \ iwm.4 \ iwmfw.4 \ iwn.4 \ iwnfw.4 \ iwlwifi.4 \ iwlwififw.4 \ ixgbe.4 \ ixl.4 \ jedec_dimm.4 \ jme.4 \ kbdmux.4 \ kcov.4 \ keyboard.4 \ kld.4 \ ksyms.4 \ ksz8995ma.4 \ ktls.4 \ ktr.4 \ kue.4 \ ${_kvmclock.4} \ lagg.4 \ le.4 \ led.4 \ lge.4 \ ${_linux.4} \ liquidio.4 \ lm75.4 \ lo.4 \ lp.4 \ lpbb.4 \ lpt.4 \ ltc430x.4 \ mac.4 \ mac_biba.4 \ mac_bsdextended.4 \ mac_ddb.4 \ mac_ifoff.4 \ mac_ipacl.4 \ mac_lomac.4 \ mac_mls.4 \ mac_none.4 \ mac_ntpd.4 \ mac_partition.4 \ mac_portacl.4 \ mac_priority.4 \ mac_seeotheruids.4 \ mac_stub.4 \ mac_test.4 \ malo.4 \ max44009.4 \ md.4 \ mdio.4 \ me.4 \ mem.4 \ mfi.4 \ ${_mgb.4} \ miibus.4 \ mld.4 \ mlx.4 \ mlx4en.4 \ mlx5en.4 \ mmc.4 \ mmcsd.4 \ mod_cc.4 \ mos.4 \ mouse.4 \ mpi3mr.4 \ mpr.4 \ mps.4 \ mpt.4 \ mrsas.4 \ msk.4 \ mtio.4 \ multicast.4 \ muge.4 \ mvs.4 \ mwl.4 \ mwlfw.4 \ mx25l.4 \ mxge.4 \ my.4 \ net80211.4 \ netdump.4 \ netfpga10g_nf10bmac.4 \ netgdb.4 \ netgraph.4 \ netintro.4 \ netlink.4 \ netmap.4 \ ${_nfe.4} \ ${_nfsmb.4} \ ng_async.4 \ ng_bpf.4 \ ng_bridge.4 \ ng_btsocket.4 \ ng_car.4 \ ng_checksum.4 \ ng_cisco.4 \ ng_deflate.4 \ ng_device.4 \ nge.4 \ ng_echo.4 \ ng_eiface.4 \ ng_etf.4 \ ng_ether.4 \ ng_ether_echo.4 \ ng_frame_relay.4 \ ng_gif.4 \ ng_gif_demux.4 \ ng_hci.4 \ ng_hole.4 \ ng_hub.4 \ ng_iface.4 \ ng_ipfw.4 \ ng_ip_input.4 \ ng_ksocket.4 \ ng_l2cap.4 \ ng_l2tp.4 \ ng_lmi.4 \ ng_macfilter.4 \ ng_mppc.4 \ ng_nat.4 \ ng_netflow.4 \ ng_one2many.4 \ ng_patch.4 \ ng_pipe.4 \ ng_ppp.4 \ ng_pppoe.4 \ ng_pptpgre.4 \ ng_pred1.4 \ ng_rfc1490.4 \ ng_socket.4 \ ng_source.4 \ ng_split.4 \ ng_tag.4 \ ng_tcpmss.4 \ ng_tee.4 \ ng_tty.4 \ ng_ubt.4 \ ng_UI.4 \ ng_vjc.4 \ ng_vlan.4 \ ng_vlan_rotate.4 \ nmdm.4 \ ${_ntb.4} \ ${_ntb_hw_amd.4} \ ${_ntb_hw_intel.4} \ ${_ntb_hw_plx.4} \ ${_ntb_transport.4} \ ${_nda.4} \ ${_if_ntb.4} \ null.4 \ numa.4 \ nvd.4 \ ${_nvdimm.4} \ nvme.4 \ nvmf.4 \ nvmf_tcp.4 \ nvmft.4 \ ${_nvram.4} \ oce.4 \ ocs_fc.4\ ohci.4 \ openfirm.4 \ orm.4 \ ${_ossl.4} \ ow.4 \ ow_temp.4 \ owc.4 \ ovpn.4 \ ${_padlock.4} \ pass.4 \ pca954x.4 \ pccard.4 \ pccbb.4 \ pcf.4 \ pcf8574.4 \ pcf8591.4 \ ${_pchtherm.4} \ pci.4 \ pcib.4 \ pcic.4 \ pcm.4 \ ${_pf.4} \ ${_pflog.4} \ ${_pflow.4} \ ${_pfsync.4} \ pim.4 \ pms.4 \ polling.4 \ ppbus.4 \ ppc.4 \ ppi.4 \ procdesc.4 \ proto.4 \ ps4dshock.4 \ psm.4 \ pst.4 \ pt.4 \ ptnet.4 \ pts.4 \ pty.4 \ puc.4 \ pwmc.4 \ ${_qat.4} \ ${_qat_c2xxx.4} \ ${_qlxge.4} \ ${_qlxgb.4} \ ${_qlxgbe.4} \ ${_qlnxe.4} \ ral.4 \ random.4 \ rctl.4 \ re.4 \ rgephy.4 \ rights.4 \ rl.4 \ rndtest.4 \ route.4 \ rtnetlink.4 \ rtsx.4 \ rtw88.4 \ rtwn.4 \ rtwnfw.4 \ rtwn_pci.4 \ rue.4 \ sa.4 \ safe.4 \ safexcel.4 \ sbp.4 \ sbp_targ.4 \ scc.4 \ sched_4bsd.4 \ sched_ule.4 \ screen.4 \ scsi.4 \ sctp.4 \ sdhci.4 \ sem.4 \ send.4 \ ses.4 \ ${_sfxge.4} \ sg.4 \ sge.4 \ siba.4 \ siftr.4 \ siis.4 \ simplebus.4 \ sis.4 \ sk.4 \ ${_smartpqi.4} \ smb.4 \ smbios.4 \ smbus.4 \ smp.4 \ smsc.4 \ snd_als4000.4 \ snd_atiixp.4 \ snd_cmi.4 \ snd_cs4281.4 \ snd_csa.4 \ snd_emu10k1.4 \ snd_emu10kx.4 \ snd_envy24.4 \ snd_envy24ht.4 \ snd_es137x.4 \ snd_fm801.4 \ snd_hda.4 \ snd_hdspe.4 \ snd_ich.4 \ snd_maestro3.4 \ snd_neomagic.4 \ snd_solo.4 \ snd_spicds.4 \ snd_t4dwave.4 \ snd_uaudio.4 \ snd_via8233.4 \ snd_via82c686.4 \ snd_vibes.4 \ sndstat.4 \ snp.4 \ spigen.4 \ ${_spkr.4} \ splash.4 \ ste.4 \ stf.4 \ stge.4 \ ${_sume.4} \ ${_superio.4} \ sym.4 \ syncache.4 \ syncer.4 \ syscons.4 \ sysmouse.4 \ tap.4 \ targ.4 \ tcp.4 \ tcp_bbr.4 \ tcp_rack.4 \ tdfx.4 \ termios.4 \ textdump.4 \ ti.4 \ timecounters.4 \ ${_tpm.4} \ tslog.4 \ tty.4 \ tun.4 \ twe.4 \ tws.4 \ udp.4 \ udplite.4 \ ure.4 \ vale.4 \ vga.4 \ vge.4 \ viapm.4 \ ${_viawd.4} \ virtio.4 \ virtio_balloon.4 \ virtio_blk.4 \ virtio_console.4 \ virtio_gpu.4 \ virtio_random.4 \ virtio_scsi.4 \ ${_vmci.4} \ vkbd.4 \ vlan.4 \ vxlan.4 \ ${_vmd.4} \ ${_vmm.4} \ ${_vmx.4} \ vr.4 \ vt.4 \ vte.4 \ vtnet.4 \ watchdog.4 \ ${_wbwd.4} \ ${_wdatwd.4} \ wg.4 \ witness.4 \ wlan.4 \ wlan_acl.4 \ wlan_amrr.4 \ wlan_ccmp.4 \ wlan_tkip.4 \ wlan_wep.4 \ wlan_xauth.4 \ wmt.4 \ ${_wpi.4} \ wsp.4 \ xb360gp.4 \ ${_xen.4} \ xhci.4 \ xl.4 \ ${_xnb.4} \ xpt.4 \ zero.4 MLINKS= ads111x.4 ads1013.4 \ ads111x.4 ads1014.4 \ ads111x.4 ads1015.4 \ ads111x.4 ads1113.4 \ ads111x.4 ads1114.4 \ ads111x.4 ads1115.4 MLINKS+=ae.4 if_ae.4 MLINKS+=age.4 if_age.4 MLINKS+=agp.4 agpgart.4 MLINKS+=alc.4 if_alc.4 MLINKS+=ale.4 if_ale.4 MLINKS+=altera_atse.4 atse.4 MLINKS+=altera_sdcard.4 altera_sdcardc.4 MLINKS+=altq.4 ALTQ.4 MLINKS+=ath.4 if_ath.4 MLINKS+=aue.4 if_aue.4 MLINKS+=axe.4 if_axe.4 MLINKS+=bce.4 if_bce.4 MLINKS+=bfe.4 if_bfe.4 MLINKS+=bge.4 if_bge.4 MLINKS+=bnxt.4 if_bnxt.4 MLINKS+=bridge.4 if_bridge.4 MLINKS+=bwi.4 if_bwi.4 MLINKS+=bwn.4 if_bwn.4 MLINKS+=${_bxe.4} ${_if_bxe.4} MLINKS+=cas.4 if_cas.4 MLINKS+=cdce.4 if_cdce.4 MLINKS+=cfi.4 cfid.4 MLINKS+=crypto.4 cryptodev.4 MLINKS+=cue.4 if_cue.4 MLINKS+=cxgb.4 if_cxgb.4 MLINKS+=cxgbe.4 if_cxgbe.4 \ cxgbe.4 vcxgbe.4 \ cxgbe.4 if_vcxgbe.4 \ cxgbe.4 cxl.4 \ cxgbe.4 if_cxl.4 \ cxgbe.4 vcxl.4 \ cxgbe.4 if_vcxl.4 \ cxgbe.4 cc.4 \ cxgbe.4 if_cc.4 \ cxgbe.4 vcc.4 \ cxgbe.4 if_vcc.4 MLINKS+=cxgbev.4 if_cxgbev.4 \ cxgbev.4 cxlv.4 \ cxgbev.4 if_cxlv.4 \ cxgbev.4 ccv.4 \ cxgbev.4 if_ccv.4 MLINKS+=dc.4 if_dc.4 MLINKS+=disc.4 if_disc.4 MLINKS+=edsc.4 if_edsc.4 MLINKS+=em.4 if_em.4 \ em.4 igb.4 \ em.4 if_igb.4 \ em.4 lem.4 \ em.4 if_lem.4 MLINKS+=enc.4 if_enc.4 MLINKS+=epair.4 if_epair.4 MLINKS+=et.4 if_et.4 MLINKS+=fd.4 stderr.4 \ fd.4 stdin.4 \ fd.4 stdout.4 MLINKS+=fdt.4 FDT.4 MLINKS+=firewire.4 ieee1394.4 MLINKS+=fwe.4 if_fwe.4 MLINKS+=fwip.4 if_fwip.4 MLINKS+=fxp.4 if_fxp.4 MLINKS+=gem.4 if_gem.4 MLINKS+=genet.4 if_genet.4 MLINKS+=geom.4 GEOM.4 MLINKS+=gif.4 if_gif.4 MLINKS+=gpio.4 gpiobus.4 MLINKS+=gpioths.4 dht11.4 MLINKS+=gpioths.4 dht22.4 MLINKS+=gre.4 if_gre.4 MLINKS+=hpet.4 acpi_hpet.4 MLINKS+=${_hptrr.4} ${_rr232x.4} MLINKS+=${_attimer.4} ${_i8254.4} MLINKS+=ip.4 rawip.4 MLINKS+=ipfirewall.4 ipaccounting.4 \ ipfirewall.4 ipacct.4 \ ipfirewall.4 ipfw.4 MLINKS+=ipheth.4 if_ipheth.4 MLINKS+=ipw.4 if_ipw.4 MLINKS+=iwi.4 if_iwi.4 MLINKS+=iwlwifi.4 if_iwlwifi.4 MLINKS+=iwm.4 if_iwm.4 MLINKS+=iwn.4 if_iwn.4 MLINKS+=ixgbe.4 ix.4 MLINKS+=ixgbe.4 if_ix.4 MLINKS+=ixgbe.4 if_ixgbe.4 MLINKS+=ixl.4 if_ixl.4 MLINKS+=iavf.4 if_iavf.4 MLINKS+=jme.4 if_jme.4 MLINKS+=kue.4 if_kue.4 MLINKS+=lagg.4 trunk.4 MLINKS+=lagg.4 if_lagg.4 MLINKS+=le.4 if_le.4 MLINKS+=lge.4 if_lge.4 MLINKS+=lo.4 loop.4 MLINKS+=lp.4 plip.4 MLINKS+=malo.4 if_malo.4 MLINKS+=md.4 vn.4 MLINKS+=mem.4 kmem.4 MLINKS+=mfi.4 mfi_linux.4 \ mfi.4 mfip.4 MLINKS+=mlx5en.4 mce.4 MLINKS+=mos.4 if_mos.4 MLINKS+=msk.4 if_msk.4 MLINKS+=mwl.4 if_mwl.4 MLINKS+=mxge.4 if_mxge.4 MLINKS+=my.4 if_my.4 MLINKS+=netfpga10g_nf10bmac.4 if_nf10bmac.4 MLINKS+=netintro.4 net.4 \ netintro.4 networking.4 MLINKS+=${_nfe.4} ${_if_nfe.4} MLINKS+=nge.4 if_nge.4 MLINKS+=openfirm.4 openfirmware.4 MLINKS+=ow.4 onewire.4 MLINKS+=pccbb.4 cbb.4 MLINKS+=pcm.4 snd.4 \ pcm.4 sound.4 MLINKS+=pms.4 pmspcv.4 MLINKS+=ptnet.4 if_ptnet.4 MLINKS+=ral.4 if_ral.4 MLINKS+=re.4 if_re.4 MLINKS+=rl.4 if_rl.4 MLINKS+=rtwn_pci.4 if_rtwn_pci.4 MLINKS+=rue.4 if_rue.4 MLINKS+=scsi.4 cam.4 MLINKS+=scsi.4 scbus.4 MLINKS+=scsi.4 SCSI.4 MLINKS+=sge.4 if_sge.4 MLINKS+=sis.4 if_sis.4 MLINKS+=sk.4 if_sk.4 MLINKS+=smp.4 SMP.4 MLINKS+=smsc.4 if_smsc.4 MLINKS+=snd_envy24.4 snd_ak452x.4 MLINKS+=${_spkr.4} ${_speaker.4} MLINKS+=splash.4 screensaver.4 MLINKS+=ste.4 if_ste.4 MLINKS+=stf.4 if_stf.4 MLINKS+=stge.4 if_stge.4 MLINKS+=syncache.4 syncookies.4 MLINKS+=syscons.4 sc.4 MLINKS+=tap.4 if_tap.4 \ tap.4 vmnet.4 \ tap.4 if_vmnet.4 MLINKS+=tdfx.4 tdfx_linux.4 MLINKS+=ti.4 if_ti.4 MLINKS+=tun.4 if_tun.4 MLINKS+=ure.4 if_ure.4 MLINKS+=vge.4 if_vge.4 MLINKS+=vlan.4 if_vlan.4 MLINKS+=vxlan.4 if_vxlan.4 MLINKS+=${_vmx.4} ${_if_vmx.4} MLINKS+=vr.4 if_vr.4 MLINKS+=vte.4 if_vte.4 MLINKS+=vtnet.4 if_vtnet.4 MLINKS+=watchdog.4 SW_WATCHDOG.4 MLINKS+=wg.4 if_wg.4 MLINKS+=wlan.4 wifi.4 MLINKS+=${_wpi.4} ${_if_wpi.4} MLINKS+=xl.4 if_xl.4 .if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" _acpi_asus.4= acpi_asus.4 _acpi_asus_wmi.4= acpi_asus_wmi.4 _acpi_dock.4= acpi_dock.4 _acpi_fujitsu.4=acpi_fujitsu.4 _acpi_hp.4= acpi_hp.4 _acpi_ibm.4= acpi_ibm.4 _acpi_panasonic.4=acpi_panasonic.4 _acpi_rapidstart.4=acpi_rapidstart.4 _acpi_sony.4= acpi_sony.4 _acpi_toshiba.4=acpi_toshiba.4 _acpi_wmi.4= acpi_wmi.4 _aesni.4= aesni.4 _aout.4= aout.4 _apic.4= apic.4 _atrtc.4= atrtc.4 _attimer.4= attimer.4 _aibs.4= aibs.4 _amdsbwd.4= amdsbwd.4 _amdsmb.4= amdsmb.4 _amdsmn.4= amdsmn.4 _amdtemp.4= amdtemp.4 _asmc.4= asmc.4 _atopcase.4= atopcase.4 _bxe.4= bxe.4 _bytgpio.4= bytgpio.4 _chvgpio.4= chvgpio.4 _coretemp.4= coretemp.4 _cpuctl.4= cpuctl.4 _dpms.4= dpms.4 _ftgpio.4= ftgpio.4 _ftwd.4= ftwd.4 _hpt27xx.4= hpt27xx.4 _hptiop.4= hptiop.4 _hptmv.4= hptmv.4 _hptnr.4= hptnr.4 _hptrr.4= hptrr.4 _hv_kvp.4= hv_kvp.4 _hv_netvsc.4= hv_netvsc.4 _hv_storvsc.4= hv_storvsc.4 _hv_utils.4= hv_utils.4 _hv_vmbus.4= hv_vmbus.4 _hv_vss.4= hv_vss.4 _hwpstate_intel.4= hwpstate_intel.4 _i8254.4= i8254.4 _ichwd.4= ichwd.4 _if_bxe.4= if_bxe.4 _if_nfe.4= if_nfe.4 _if_urtw.4= if_urtw.4 _if_vmx.4= if_vmx.4 _if_wpi.4= if_wpi.4 _igc.4= igc.4 _imcsmb.4= imcsmb.4 _io.4= io.4 _itwd.4= itwd.4 _kvmclock.4= kvmclock.4 _mgb.4= mgb.4 _nda.4= nda.4 _nfe.4= nfe.4 _nfsmb.4= nfsmb.4 _if_ntb.4= if_ntb.4 _ntb.4= ntb.4 _ntb_hw_amd.4= ntb_hw_amd.4 _ntb_hw_intel.4= ntb_hw_intel.4 _ntb_hw_plx.4= ntb_hw_plx.4 _ntb_transport.4=ntb_transport.4 _nvram.4= nvram.4 _padlock.4= padlock.4 _pchtherm.4= pchtherm.4 _qat.4= qat.4 _qat_c2xxx.4= qat_c2xxx.4 _rr232x.4= rr232x.4 _speaker.4= speaker.4 _spkr.4= spkr.4 _superio.4= superio.4 _tpm.4= tpm.4 _urtw.4= urtw.4 _viawd.4= viawd.4 _vmci.4= vmci.4 _vmd.4= vmd.4 _vmx.4= vmx.4 _wbwd.4= wbwd.4 _wdatwd.4= wdatwd.4 _wpi.4= wpi.4 _xen.4= xen.4 _xnb.4= xnb.4 .endif .if ${MACHINE_CPUARCH} == "amd64" _ioat.4= ioat.4 _nvdimm.4= nvdimm.4 _qlxge.4= qlxge.4 _qlxgb.4= qlxgb.4 _qlxgbe.4= qlxgbe.4 _qlnxe.4= qlnxe.4 _sfxge.4= sfxge.4 _smartpqi.4= smartpqi.4 _sume.4= sume.4 MLINKS+=qlxge.4 if_qlxge.4 MLINKS+=qlxgb.4 if_qlxgb.4 MLINKS+=qlxgbe.4 if_qlxgbe.4 MLINKS+=qlnxe.4 if_qlnxe.4 MLINKS+=sfxge.4 if_sfxge.4 MLINKS+=sume.4 if_sume.4 .if ${MK_BHYVE} != "no" _bhyve.4= bhyve.4 _vmm.4= vmm.4 .endif .endif .if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" || \ ${MACHINE_CPUARCH} == "aarch64" _gve.4= gve.4 _ipmi.4= ipmi.4 _linux.4= linux.4 _ossl.4= ossl.4 .endif .if ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "aarch64" || \ ${MACHINE_CPUARCH} == "riscv" _cgem.4= cgem.4 MLINKS+=cgem.4 if_cgem.4 .endif .if empty(MAN_ARCH) || ${MAN_ARCH} == "all" __arches= ${:!/bin/sh -c "/bin/ls -d ${.CURDIR}/man4.*"!:E} .else __arches= ${MAN_ARCH} .endif .for __arch in ${__arches:O:u} .if exists(${.CURDIR}/man4.${__arch}) SUBDIR+= man4.${__arch} .endif .endfor .if ${MK_BLUETOOTH} != "no" MAN+= ng_bluetooth.4 .endif .if ${MK_CCD} != "no" _ccd.4= ccd.4 .endif .if ${MK_CDDL} != "no" _dtrace_provs= dtrace_audit.4 \ dtrace_io.4 \ dtrace_ip.4 \ dtrace_kinst.4 \ dtrace_lockstat.4 \ dtrace_proc.4 \ dtrace_sched.4 \ dtrace_sctp.4 \ dtrace_tcp.4 \ dtrace_udp.4 \ dtrace_udplite.4 MLINKS+= dtrace_audit.4 dtaudit.4 .endif .if ${MK_EFI} != "no" MAN+= efidev.4 MLINKS+= efidev.4 efirtc.4 .endif .if ${MK_ISCSI} != "no" MAN+= cfiscsi.4 MAN+= iscsi.4 MAN+= iser.4 .endif .if ${MK_OFED} != "no" MAN+= mlx4ib.4 MAN+= mlx5ib.4 .endif .if ${MK_MLX5TOOL} != "no" MAN+= mlx5io.4 .endif .if ${MK_TESTS} != "no" ATF= ${SRCTOP}/contrib/atf .PATH: ${ATF}/doc _atf_test_case.4= atf-test-case.4 .endif .if ${MK_PF} != "no" _pf.4= pf.4 _pflog.4= pflog.4 _pflow.4= pflow.4 _pfsync.4= pfsync.4 .endif .if ${MK_USB} != "no" MAN+= \ otus.4 \ otusfw.4 \ rsu.4 \ rsufw.4 \ rtwn_usb.4 \ rum.4 \ run.4 \ runfw.4 \ u3g.4 \ uark.4 \ uart.4 \ uath.4 \ ubsa.4 \ ubser.4 \ ubtbcmfw.4 \ uchcom.4 \ ucom.4 \ ucycom.4 \ udav.4 \ udbp.4 \ udl.4 \ uep.4 \ ufoma.4 \ uftdi.4 \ ugen.4 \ ugold.4 \ uhci.4 \ uhid.4 \ uhso.4 \ uipaq.4 \ ukbd.4 \ uled.4 \ ulpt.4 \ umass.4 \ umcs.4 \ umct.4 \ umodem.4 \ umoscom.4 \ ums.4 \ unix.4 \ upgt.4 \ uplcom.4 \ ural.4 \ urio.4 \ urndis.4 \ ${_urtw.4} \ usb.4 \ usb_quirk.4 \ usb_template.4 \ usbhid.4 \ usfs.4 \ uslcom.4 \ uvisor.4 \ uvscom.4 \ zyd.4 MLINKS+=otus.4 if_otus.4 MLINKS+=rsu.4 if_rsu.4 MLINKS+=rtwn_usb.4 if_rtwn_usb.4 MLINKS+=rum.4 if_rum.4 MLINKS+=run.4 if_run.4 MLINKS+=u3g.4 u3gstub.4 MLINKS+=uath.4 if_uath.4 MLINKS+=udav.4 if_udav.4 MLINKS+=upgt.4 if_upgt.4 MLINKS+=ural.4 if_ural.4 MLINKS+=urndis.4 if_urndis.4 MLINKS+=${_urtw.4} ${_if_urtw.4} MLINKS+=zyd.4 if_zyd.4 .endif .include diff --git a/share/man/man4/gbde.4 b/share/man/man4/gbde.4 deleted file mode 100644 index 79acfbe81444..000000000000 --- a/share/man/man4/gbde.4 +++ /dev/null @@ -1,302 +0,0 @@ -.\" -.\" Copyright (c) 2002 Poul-Henning Kamp -.\" Copyright (c) 2002 Networks Associates Technology, Inc. -.\" All rights reserved. -.\" -.\" This software was developed for the FreeBSD Project by Poul-Henning Kamp -.\" and NAI Labs, the Security Research Division of Network Associates, Inc. -.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the -.\" DARPA CHATS research program. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd October 19, 2002 -.Dt GBDE 4 -.Os -.Sh NAME -.Nm gbde -.Nd Geom Based Disk Encryption -.Sh SYNOPSIS -.Cd "options GEOM_BDE" -.Sh DESCRIPTION -.Bf -symbolic -NOTICE: -Please be aware that this code has not yet received much review -and analysis by qualified cryptographers and therefore should be considered -a slightly suspect experimental facility. -.Pp -We cannot at this point guarantee that the on-disk format will not change -in response to reviews or bug-fixes, so potential users are advised to -be prepared that -.Xr dump 8 Ns / Ns Xr restore 8 -based migrations may be called for in the future. -.Ef -.Pp -The objective of this facility is to provide a high degree of -denial of access to the contents of a -.Dq cold -storage device. -.Pp -Be aware that if the computer is compromised while up and running -.Em and -the storage device is actively attached and opened with a valid -pass-phrase, this facility offers no protection or denial of access -to the contents of the storage device. -.Pp -If, on the other hand, the device is -.Dq cold , -it should present a formidable -challenge for an attacker to gain access to the contents in the absence of -a valid pass-phrase. -.Pp -Four cryptographic barriers must be passed to gain access to the data, -and only a valid pass-phrase will yield this access. -.Pp -When the pass-phrase is entered, it is hashed with SHA2 into a 512 bit -.Dq key-material . -This is a way of producing cryptographic usable keys from a typically -.No all- Ns Tn ASCII -pass-phrase of an unpredictable user-selected length. -.Ss First barrier: the location of the \&"lock-sector". -During initialization, up to four independent but mutually aware -.Dq lock -sectors are written to the device in randomly chosen -locations. -These lock-sectors contain the 2048 random bit master-key and a number -of parameters of the layout geometry (more on this later). -Since the entire device will contain isotropic data, there is no -short-cut to rapidly determine which sequence of bytes contain a lock-sector. -.Pp -To locate a lock-sector, a small piece of data called the -.Dq metadata -and the key-material must be available. -The key-material decrypts the -metadata, which contains the byte offset on the device where the -corresponding lock-sector is located. -If the metadata is lost or unavailable but the key-material is at -hand, it would be feasible to do a brute force scan where each byte offset -of the device is checked to see if it contains the lock-sector data. -.Ss Second barrier: decryption of the master-key using key-material. -The lock-sector contains an encrypted copy of an architecture neutral -byte-sequence which encodes the fields of the lock-structure. -The order in which these fields are encoded is determined from the key-material. -The encoded byte stream is encrypted with 256bit AES in CBC mode. -.Ss Third barrier: decryption of the sector key. -For each sector, an MD5 hash over a -.Dq salt -from the lock-sector and the sector number is used to -.Dq cherry-pick -a subset of the master key, -which hashed together with the sector offset through MD5 produces the -.Dq kkey , -the key which encrypts the sector key. -.Ss Fourth barrier: decryption of the sector data. -The actual payload of the sector is encrypted with 128 bit AES in CBC mode -using a single-use random bits key. -.Ss Examining the reverse path -Assuming an attacker knows an amount of plaintext and has managed to -locate the corresponding encrypted sectors on the device, gaining access -to the plaintext context of other sectors is a daunting task: -.Pp -First he will have to derive from the encrypted sector and the known plain -text the sector key(s) used. -At the time of writing, it has been speculated that it could maybe be -possible to break open AES in only 2^80 operations; even so, that is still -a very impossible task. -.Pp -Armed with one or more sector keys, our patient attacker will then go -through essentially the same exercise, using the sector key and the -encrypted sector key to find the key used to encrypt the sector key. -.Pp -Armed with one or more of these -.Dq kkeys , -our attacker has to -run them backwards through MD5. -Even though he knows that the input to MD5 was 24 bytes and has the value -of 8 of these bytes from the sector number, he is still faced with 2^128 -equally likely possibilities. -.Pp -Having successfully done that, our attacker has successfully discovered -up to 16 bytes of the master-key, but is still unaware which 16 bytes, -and in which other sectors any of these known bytes contribute to the kkey. -.Pp -To unravel the last bit, the attacker has to guess the 16 byte random-bits -salt stored in the lock-sector to recover the indexes into the masterkey. -.Pp -Any attacker with access to the necessary machine power to even attempt -this attack will be better off attempting to brute-force the pass-phrase. -.Ss Positive denial facilities -Considering the infeasibility of the above attack, -gaining access to the pass-phrase will be of paramount importance for an -attacker, -and a number of scenarios can be imagined where undue pressure will be -applied to an individual to divulge the pass-phrase. -.Pp -A -.Dq Blackening -feature provides a way for the user, given a moment of -opportunity, to destroy the master-key in such a way that the pass-phrase -will be acknowledged as good but access to the data will still be -denied. -.Ss A practical analogy -For persons who think cryptography is only slightly more interesting than -watching silicon sublimate the author humbly offers this analogy to the -keying scheme for a protected device: -.Pp -Imagine an installation with a vault with walls of several hundred meters -thick solid steel. -This vault can only be feasibly accessed using the -single key, which has a complexity comparable to a number with 600 digits. -.Pp -This key exists in four copies, each of which is stored in one of -four small safes, each of which can be opened -with unique key which has a complexity comparable to an 80 digit -number. -.Pp -In addition to the masterkey, each of the four safes also contains -the exact locations of all four key-safes which are located in -randomly chosen places on the outside surface of the vault where they -are practically impossible to detect when they are closed. -.Pp -Finally, each safe contains four switches which are wired to a bar -of dynamite inside each of the four safes. -.Pp -In addition to this, a keyholder after opening his key-safe is -also able to install a copy of the master-key and re-key any of -key-safes (including his own). -.Pp -In normal use, the user will open the safe for which he has the key, -take out the master-key and access the vault. -When done, he will lock up the master-key in the safe again. -.Pp -If a keyholder-X for some reason distrusts keyholder-Y, she -has the option of opening her own safe, flipping one of the switches -and detonating the bar of dynamite in safe-Y. -This will obliterate the master-key in that safe and thereby deny -keyholder-Y access to the vault. -.Pp -Should the facility come under attack, any of the keyholders can detonate -all four bars of dynamite and thereby make sure that access to the -vault is denied to everybody, keyholders and attackers alike. -Should the facility fall to the enemy, and a keyholder be forced to apply -his personal key, he can do so in confidence that the contents of his safe -will not yield access to the vault, and the enemy will hopefully realize -that applying further pressure on the personnel will not give access to -the vault. -.Pp -The final point to make here is that it is perfectly possible to -make a detached copy of any one of these keys, including the master -key, and deposit or hide it as one sees fit. -.Ss Steganography support -When the device is initialized, it is possible to restrict the encrypted -data to a single contiguous area of the device. -If configured with care, this area could masquerade as some sort of -valid data or as random trash left behind by the systems operation. -.Pp -This can be used to offer a plausible deniability of existence, where -it will be impossible to prove that this specific area of the device -is in fact used to store encrypted data and not just random junk. -.Pp -The main obstacle in this is that the output from any encryption algorithm -worth its salt is so totally random looking that it stands out like a sore -thumb amongst practically any other sort of data which contains at least -some kind of structure or identifying byte sequences. -.Pp -Certain file formats like ELF contain multiple distinct sections, and it -would be possible to locate things just right in such a way that a device -contains a partition with a file system with a large executable, -.Pq Dq "a backup copy of my kernel" -where a non-loaded ELF section is laid out -consecutively on the device and thereby could be used to contain a -.Nm -encrypted device. -.Pp -Apart from the ability to instruct -.Nm -which those sectors are, no support is provided for creating such a setup. -.Ss Deployment suggestions -For personal use, it may be wise to make a backup copy of the masterkey -or use one of the four keys as a backup. -Fitting protection of this key is up to yourself, your local circumstances and -your imagination. -.Pp -For company or institutional use, it is strongly advised to make a copy -of the master-key and put it under whatever protection you have at your -means. -If you fail to do this, a disgruntled employee can deny you access to -the data -.Dq "by accident" . -(The employee can still intentionally deny access by applying another -encryption scheme to the data, but that problem has no technical solution.) -.Ss Cryptographic strength -This section lists the specific components which contribute to the cryptographic -strength of -.Nm . -.Pp -The payload is encrypted with AES in CBC mode using a 128 bit random -single-use key -.Pq Dq "the skey" . -AES is well documented. -.Pp -No IV is used in the encryption of the sectors, the assumption being -that since the key is random bits and single-use, an IV adds nothing to the -security of AES. -.Pp -The random key is produced with -.Xr arc4rand 9 -which is believed to do a respectable job at producing unpredictable bytes. -.Pp -The skey is stored on the device in a location which can be derived from -the location of the encrypted payload data. -The stored copy is encrypted with AES in CBC mode using a 128 bit key -.Pq Dq "the kkey" -derived -from a subset of the master key chosen by the output of an MD5 hash -over a 16 byte random bit static salt and the sector offset. -Up to 6.25% of the masterkey (16 bytes out of 2048 bits) will be selected -and hashed through MD5 with the sector offset to generate the kkey. -.Pp -Up to four copies of the master-key and associated geometry information -is stored on the device in static randomly chosen sectors. -The exact location inside the sector is randomly chosen. -The order in which the fields are encoded depends on the key-material. -The encoded byte-stream is encrypted with AES in CBC mode using 256 bit -key-material. -.Pp -The key-material is derived from the user-entered pass-phrase using -512 bit SHA2. -.Pp -No chain is stronger than its weakest link, which usually is poor pass-phrases. -.Sh SEE ALSO -.Xr gbde 8 -.Sh HISTORY -This software was developed for the -.Fx -Project by -.An Poul-Henning Kamp -and NAI Labs, the Security Research Division of Network Associates, Inc.\& -under DARPA/SPAWAR contract N66001-01-C-8035 -.Pq Dq CBOSS , -as part of the -DARPA CHATS research program. -.Sh AUTHORS -.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org