freebsd-dev/sbin/geom/class/shsec/gshsec.8

.\" Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd January 8, 2005
.Dt GSHSEC 8
.Os
.Sh NAME
.Nm gshsec
.Nd "control utility for shared secret devices"
.Sh SYNOPSIS
.Nm
.Cm label
.Op Fl hv
.Ar name
.Ar prov
.Ar prov
.Op Ar prov Op Ar ...
.Nm
.Cm stop
.Op Fl fv
.Ar name
.Op Ar name Op Ar ...
.Nm
.Cm clear
.Op Fl v
.Ar prov
.Op Ar prov Op Ar ...
.Nm
.Cm dump
.Ar prov
.Op Ar prov Op Ar ...
.Nm
.Cm list
.Op Ar name Op Ar ...
.Nm
.Cm load
.Op Fl v
.Nm
.Cm unload
.Op Fl v
.Sh DESCRIPTION
The
.Nm
utility is used for setting up a device which contains shared secret.
The secret is shared between the given providers.
To collect the secret, all providers are needed.
If one of the components is missing, there is no way to get any useful data from
the rest of them.
The first argument to
.Nm
indicates an action to be performed:
.Bl -tag -width ".Cm destroy"
.It Cm label
Set up a shared secret device from the given components with the specified
.Ar name .
Metadata are stored in every component's last sector.
.It Cm stop
Turn off an existing shared secret device by its
.Ar name .
This command does not touch on-disk metadata!
.It Cm clear
Clear metadata on the given providers.
.It Cm dump
Dump metadata stored on the given providers.
.It Cm list
List all or the given currently configured shared secret devices.
.It Cm load
Load
.Pa geom_shsec.ko
kernel module.
.It Cm unload
Unload
.Pa geom_shsec.ko
kernel module.
.El
.Pp
Additional options:
.Bl -tag -width ".Fl f"
.It Fl f
Force the removal of the specified shared secret device.
.It Fl h
Hardcode providers' names in metadata.
.It Fl v
Be more verbose.
.El
.Sh EXAMPLES
The following example shows how to created a shared secret device.
Secret will be split between a slice on the local disk and a USB Pen drive.
.Bd -literal -offset indent
gshsec label -v secret /dev/ad0s1 /dev/da0
newfs /dev/shsec/secret
.Ed
.Pp
From now on, when USB Pen drive will be inserted, it will be automatically
detected and connected making secret available via
.Pa /dev/shsec/secret
device.
.Sh DIAGNOSTICS
Exit status is 0 on success, and 1 if the command fails.
.Sh SEE ALSO
.Xr geom 4 ,
.Xr gbde 8 ,
.Xr geom 8 ,
.Xr newfs 8
.Sh HISTORY
The
.Nm
utility appeared in
.Fx 5.4 .
.Sh AUTHORS
.An Pawel Jakub Dawidek Aq pjd@FreeBSD.org
Introduce a new GEOM class - SHSEC. It provides sharing secret between the given providers. Without even one of the configured components there should be no way to get the secret. Supported by: WHEEL Sp. z o.o. http://www.wheel.pl 2005-01-11 18:06:44 +00:00			`.\" Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org>`
			`.\" All rights reserved.`
			`.\"`
			`.\" Redistribution and use in source and binary forms, with or without`
			`.\" modification, are permitted provided that the following conditions`
			`.\" are met:`
			`.\" 1. Redistributions of source code must retain the above copyright`
			`.\" notice, this list of conditions and the following disclaimer.`
			`.\" 2. Redistributions in binary form must reproduce the above copyright`
			`.\" notice, this list of conditions and the following disclaimer in the`
			`.\" documentation and/or other materials provided with the distribution.`
			`.\"`
			.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
			`.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
			`.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE`
			`.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
			`.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
			`.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT`
			`.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
			`.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`.\" SUCH DAMAGE.`
			`.\"`
			`.\" $FreeBSD$`
			`.\"`
			`.Dd January 8, 2005`
			`.Dt GSHSEC 8`
			`.Os`
			`.Sh NAME`
			`.Nm gshsec`
			`.Nd "control utility for shared secret devices"`
			`.Sh SYNOPSIS`
			`.Nm`
			`.Cm label`
			`.Op Fl hv`
			`.Ar name`
			`.Ar prov`
			`.Ar prov`
			`.Op Ar prov Op Ar ...`
			`.Nm`
			`.Cm stop`
			`.Op Fl fv`
			`.Ar name`
			`.Op Ar name Op Ar ...`
			`.Nm`
			`.Cm clear`
			`.Op Fl v`
			`.Ar prov`
			`.Op Ar prov Op Ar ...`
			`.Nm`
			`.Cm dump`
			`.Ar prov`
			`.Op Ar prov Op Ar ...`
			`.Nm`
			`.Cm list`
			`.Op Ar name Op Ar ...`
			`.Nm`
			`.Cm load`
			`.Op Fl v`
			`.Nm`
			`.Cm unload`
			`.Op Fl v`
			`.Sh DESCRIPTION`
			`The`
			`.Nm`
			`utility is used for setting up a device which contains shared secret.`
			`The secret is shared between the given providers.`
			`To collect the secret, all providers are needed.`
			`If one of the components is missing, there is no way to get any useful data from`
			`the rest of them.`
			`The first argument to`
			`.Nm`
			`indicates an action to be performed:`
			`.Bl -tag -width ".Cm destroy"`
			`.It Cm label`
			`Set up a shared secret device from the given components with the specified`
			`.Ar name .`
			`Metadata are stored in every component's last sector.`
			`.It Cm stop`
			`Turn off an existing shared secret device by its`
			`.Ar name .`
			`This command does not touch on-disk metadata!`
			`.It Cm clear`
			`Clear metadata on the given providers.`
			`.It Cm dump`
			`Dump metadata stored on the given providers.`
			`.It Cm list`
			`List all or the given currently configured shared secret devices.`
			`.It Cm load`
			`Load`
			`.Pa geom_shsec.ko`
			`kernel module.`
			`.It Cm unload`
			`Unload`
			`.Pa geom_shsec.ko`
			`kernel module.`
			`.El`
			`.Pp`
			`Additional options:`
			`.Bl -tag -width ".Fl f"`
			`.It Fl f`
			`Force the removal of the specified shared secret device.`
			`.It Fl h`
			`Hardcode providers' names in metadata.`
			`.It Fl v`
			`Be more verbose.`
			`.El`
			`.Sh EXAMPLES`
			`The following example shows how to created a shared secret device.`
			`Secret will be split between a slice on the local disk and a USB Pen drive.`
			`.Bd -literal -offset indent`
			`gshsec label -v secret /dev/ad0s1 /dev/da0`
			`newfs /dev/shsec/secret`
			`.Ed`
			`.Pp`
			`From now on, when USB Pen drive will be inserted, it will be automatically`
			`detected and connected making secret available via`
			`.Pa /dev/shsec/secret`
			`device.`
			`.Sh DIAGNOSTICS`
			`Exit status is 0 on success, and 1 if the command fails.`
			`.Sh SEE ALSO`
			`.Xr geom 4 ,`
			`.Xr gbde 8 ,`
			`.Xr geom 8 ,`
			`.Xr newfs 8`
			`.Sh HISTORY`
			`The`
			`.Nm`
			`utility appeared in`
			`.Fx 5.4 .`
			`.Sh AUTHORS`
			`.An Pawel Jakub Dawidek Aq pjd@FreeBSD.org`