Add support for initializing swap devices with random one-shot keys. Note

that the keys are currently generated by computing the MD5 checksum of 512 bytes read from /dev/random, and are passed to gbde on the command line. Sponsored by: Teleplan AS
2004-02-03 11:26:08 +00:00 · 2004-02-03 11:26:08 +00:00 · 92ccb54121
commit 92ccb54121
parent 422e174e05
5 changed files with 119 additions and 1 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -45,6 +45,8 @@ rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
 # Experimental - test before enabling
 gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
 gbde_devices="NO" 	# Devices to automatically attach (list, or AUTO)
+gbde_swap_enable="NO"	# Set to YES to automatically initialize gbde swap
+			# devices listed in fstab with a random one-shot key

 fsck_y_enable="NO"	# Set to YES to do fsck -y if the initial preen fails.
 background_fsck="YES"	# Attempt to run fsck in the background where possible.
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@ -12,7 +12,7 @@ FILES=	DAEMON LOGIN NETWORKING SERVERS \
 	dmesg dumpon \
 	early.sh \
 	fsck \
-	gbde \
+	gbde gbde_swap \
 	hostname \
 	inetd initdiskless initrandom \
 	ip6addrctl ip6fw ipfilter ipfs ipfw ipmon \
--- a/etc/rc.d/encswap
+++ b/etc/rc.d/encswap
@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# REQUIRE: random
+# KEYWORD: FreeBSD
+
+. /etc/rc.subr
+
+name="gbde_swap"
+start_cmd="gbde_swap_attach"
+stop_cmd="gbde_swap_detach"
+
+gbde_swap_attach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q`
+		device="${device%.bde}"
+		lockfile="/var/run/${device##*/}.lock"
+		gbde init "${device}" -L "${lockfile}" -P "${passphrase}" ||
+			return 1
+		gbde attach "${device}" -l "${lockfile}" -p "${passphrase}" ||
+			return 1
+	done
+}
+
+gbde_swap_detach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		device="${device%.bde}"
+		gbde detach "${device}"
+	done
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/etc/rc.d/gbde_swap
+++ b/etc/rc.d/gbde_swap
@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# REQUIRE: random
+# KEYWORD: FreeBSD
+
+. /etc/rc.subr
+
+name="gbde_swap"
+start_cmd="gbde_swap_attach"
+stop_cmd="gbde_swap_detach"
+
+gbde_swap_attach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q`
+		device="${device%.bde}"
+		lockfile="/var/run/${device##*/}.lock"
+		gbde init "${device}" -L "${lockfile}" -P "${passphrase}" ||
+			return 1
+		gbde attach "${device}" -l "${lockfile}" -p "${passphrase}" ||
+			return 1
+	done
+}
+
+gbde_swap_detach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		device="${device%.bde}"
+		gbde detach "${device}"
+	done
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@ -929,6 +929,14 @@ will attempt to automatically initialize your .bde devices in
 List the devices that the script should try to attach,
 or
 .Dq Li AUTO .
+.It Va gbde_swap_enable
+.Pq Vt bool
+If set to
+.Dq Li YES ,
+any .bde swap devices listed in
+.Pa /etc/fstab
+will be initialized with a random, one-shot key.
+Note that this makes recovery of kernel dumps impossible.
 .It Va fsck_y_enable
 .Pq Vt bool
 If set to