Commit Graph

467 Commits

Author SHA1 Message Date
Mariusz Zaborski
451cad50cd Fix misleading description of the -b option in the geli init command.
Reviewed by:		bjk, wblock
Differential Revision:	https://reviews.freebsd.org/D7226
Discussed with:		AllanJude
2016-08-03 18:02:10 +00:00
Dag-Erling Smørgrav
ae1b731b5d Rewrite the GPT and MBR examples. For GPT, ensure that the boot partition
is large enough for gptzfsboot, which has doubled in size since 10.

PR:		211361
MFC after:	3 days
2016-07-25 11:25:33 +00:00
Pedro F. Giffuni
f32d2926b0 sbin: ake use of our rounddown() macro when sys/param.h is available.
No functional change.
2016-05-01 02:24:05 +00:00
Glen Barber
876d357fa7 MFH
Sponsored by:	The FreeBSD Foundation
2016-04-11 15:24:59 +00:00
Andrey V. Elsukov
b2d7040c1c Fix the problem, when gpart(8) can't write both bootcode and partcode
in one command due to wrong file size limit. Do not use bootcode size
to calculate partsize limit.
Also add report message about successful partcode writing.

Reported by:	Trond Endrestøl
MFC after:	2 weeks
2016-04-11 13:44:31 +00:00
Allan Jude
d873662594 Create the GELIBOOT GEOM_ELI flag
This flag indicates that the user wishes to use the GELIBOOT feature to boot from a fully encrypted root file system.
Currently, GELIBOOT does not support key files, and in the future when it does, they will be loaded differently.
Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if any) to the HMAC before the optional passphrase, so there is no way to tell if a GELI partition requires key files or not.

Since the GELIBOOT code in boot2 and the loader does not support keys, they will now only attempt to attach if this flag is set. This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process

PR:		208251
Reviewed by:	ed, oshogbo, wblock
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D5867
2016-04-08 01:25:25 +00:00
Glen Barber
406d87b1c3 Explicitly add more files to the 'runtime' package.
Sponsored by:	The FreeBSD Foundation
2016-02-09 20:19:31 +00:00
Allan Jude
4332feca4b Make additional parts of sys/geom/eli more usable in userspace
The upcoming GELI support in the loader reuses parts of this code
Some ifdefs are added, and some code is moved outside of existing ifdefs

The HMAC parts of GELI are broken out into their own file, to separate
them from the kernel crypto/openssl dependant parts that are replaced
in the boot code.

Passed the GELI regression suite (tools/regression/geom/eli)
 Files=20 Tests=14996
 Result: PASS

Reviewed by:	pjd, delphij
MFC after:	1 week
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D4699
2016-01-07 05:47:34 +00:00
Allan Jude
7a3f5d11fb Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c
cperciva's libmd implementation is 5-30% faster

The same was done for SHA256 previously in r263218

cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation

Extend sbin/md5 to create sha384(1)

Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}

Reviewed by:	cperciva, des, delphij
Approved by:	secteam, bapt (mentor)
MFC after:	2 weeks
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3929
2015-12-27 17:33:59 +00:00
Andrey V. Elsukov
ad32bf978a Remove a note about damaged PMBR. Now GPT will be detected automatically
with such corruption.

MFC after:	1 month
2015-12-10 10:37:12 +00:00
Enji Cooper
94c1ff89ad Don't leak rsector/sector in mp_label(..)
Use calloc instead of malloc + memset(.., 0, ..) when allocating sector

Differential Revision: https://reviews.freebsd.org/D4450
MFC after: 1 week
Reported by: cppcheck
Reviewed by: mav
Sponsored by: EMC / Isilon Storage Division
2015-12-10 07:04:36 +00:00
Alexander Motin
4a3760bae6 Remove compatibility shims for legacy ATA device names.
We got new ATA stack in FreeBSD 8.x, switched to it at 9.x, completely
removed old stack at 10.x, so at 11.x it is time to remove compat shims.
2015-10-11 13:01:51 +00:00
Edward Tomasz Napierala
45d7de1d37 Make geom_nop(4) collect statistics on all types of BIOs, not just
reads and writes.

PR:		kern/198405
Submitted by:	Matthew D. Fuller <fullermd at over-yonder dot net>
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3679
2015-10-10 09:03:31 +00:00
Edward Tomasz Napierala
bb27d7ed90 Add a way to specify stripesize and stripeoffset to gnop(8). This makes
it possible to "simulate" 4K media, to eg test alignment handling.

Reviewed by:	mav@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3664
2015-09-15 18:01:59 +00:00
Pawel Jakub Dawidek
46e3447026 Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected when
GELI is used on a SSD or inside virtual machine, so that guest can tell
host that it is no longer using some of the storage.

Enabling BIO_DELETE passthru comes with a small security consequence - an
attacker can tell how much space is being really used on encrypted device and
has less data no analyse then. This is why the -T option can be given to the
init subcommand to turn off this behaviour and -t/T options for the configure
subcommand can be used to adjust this setting later.

PR:		198863
Submitted by:	Matthew D. Fuller fullermd at over-yonder dot net

This commit also includes a fix from Fabian Keil freebsd-listen at
fabiankeil.de for 'configure' on onetime providers which is not strictly
related, but is entangled in the same code, so would cause conflicts if
separated out.
2015-08-08 09:51:38 +00:00
Andrey V. Elsukov
109f7a27c4 lseek() allows an offset to be set beyond the end of file. Using
it to check that partition has enough space to write bootcode doesn't
work. Use the known size of provider instead.

PR:		201504
MFC after:	1 week
2015-07-21 06:18:42 +00:00
Marcelo Araujo
c283159997 Fix contraction spotted by igor(1) and remove 2 .Ed spotted by mandoc(1).
Also, don't capitalize "module" and remove a redundant phrase introduced
in my previous commit.

Differential Revision:	D3112
Reviewed by:		wblock
Sponsored by:		gandi.net
2015-07-18 03:14:49 +00:00
Marcelo Araujo
a8d65cade5 Describe how to load gmultipath at boot time.
Differential Revision:	D3112
Reviewed by:		allanjude, bapt
Sponsored by:		gandi.net
2015-07-17 06:34:46 +00:00
Allan Jude
ce808c7ad8 Add a new option to gpart(8) to fix Lenovo BIOS boot issue
PR:		184910
Reviewed by:	ae, wblock
Approved by:	marcel
MFC after:	3 days
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3065
2015-07-15 02:23:55 +00:00
Pawel Jakub Dawidek
edaa9008ff Allow to omit keyfile number for the first keyfile. 2015-07-02 10:55:32 +00:00
Baptiste Daroussin
18b2ee82db Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
Baptiste Daroussin
4232f82668 Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by:	many
2015-06-15 15:34:20 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Christian Brueffer
0031bf7501 Add a missing word, should have been in r284290.
Submitted by:	Fabian Keil
2015-06-12 15:03:59 +00:00
Christian Brueffer
7ff1ea8bdd Improve grammar.
PR:		200673
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
2015-06-11 23:05:49 +00:00
Christian Brueffer
c06d629a24 Consistently use trailing whitespace in passphrase prompts.
PR:		193496
Submitted by:	Fabian Keil
MFC after:	1 week
2015-06-11 00:24:33 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Allan Jude
38eb219c75 Fix error in gmountver(8) man page
Also fixes the usage statement for the binary to use the correct terms (provider and geom name, rather than dev and prov, which is incorrect in the latter case)
Sync the man page summary with the new usage statement

PR:		199540
Differential Revision:	https://reviews.freebsd.org/D2329
Submitted by:	Fabian Keil
Reviewed by:	trasz
Approved by:	eadler (mentor)
Obtained from:	ElectroBSD (original)
MFC after:	1 week
Sponsored by:	ScaleEngine Inc.
2015-05-18 19:37:55 +00:00
Andrey V. Elsukov
4b8d4f97b0 Add apple-boot, apple-hfs and apple-ufs aliases to MBR scheme.
Sort DOSPTYP_* entries in diskmbr.h by value.
Document these scheme-specific types in gpart(8).

MFC after:	1 week
2015-05-05 09:33:02 +00:00
Alexander Motin
5523c82c1a Make GEOM_PART work in presence of previous withered self.
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2015-03-26 12:17:47 +00:00
Andrey V. Elsukov
4fb4ebe0a4 Add GUID and alias for Apple Core Storage partition.
PR:		196241
MFC after:	1 week
2015-03-12 18:51:31 +00:00
Andrey V. Elsukov
771d671beb When gpart(8) is trying automatically determine the first available
block of free space after existing partition, take into account
provider's stripeoffset, since the result will be adjusted to this
value.

PR:		197989
MFC after:	1 week
2015-02-26 15:59:45 +00:00
Edward Tomasz Napierala
da8e209f33 Fix sysctl name.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-01-27 18:27:07 +00:00
Joel Dahl
f7e00d4bbd mdoc: remove EOL whitespace. 2014-12-29 13:50:59 +00:00
Baptiste Daroussin
13eb765f2d Convert sbin/ to LIBADD
Reduce overlinking
2014-11-25 11:23:12 +00:00
Simon J. Gerraty
9268022b74 Merge from head@274682 2014-11-19 01:07:58 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Andrey V. Elsukov
36b16d1f7d Turn off kern.geom.part.mbr.enforce_chs by default. 2014-08-12 10:31:31 +00:00
Andrey V. Elsukov
a327e0b08a Remove duplicate entry. 2014-08-12 09:34:53 +00:00
Andrey V. Elsukov
fb86534cb1 Add sysctl and loader tunable kern.geom.part.mbr.enforce_chs that is set
by default. It can be used to disable automatic alignment to CHS geometry,
that GEOM_PART_MBR does.

Reviewed by:	wblock
MFC after:	1 week
2014-08-12 09:10:13 +00:00
Isabell Long
35bb1797a0 Add generic list, status, load and unload docs to gpart(8)
- In the style of gmirror(8).

PR:		docs/191534
Reviewed by:	gavin
2014-08-03 21:54:22 +00:00
Joel Dahl
177d0ebb52 mdoc: sort sections. 2014-07-29 19:38:17 +00:00
Glen Barber
41315fb212 Fix non-version text after .Fx macro usage.
Sponsored by:	The FreeBSD Foundation
2014-07-08 14:53:51 +00:00
Nathan Whitehorn
1ee0f08975 After EFI support was added to the installer, it needed to allow boot
partitions of types other than "freebsd-boot" (in particular, "efi").
This allows the removal of some nasty hacks for supporting PowerPC systems,
in particular aliasing freebsd-boot to apple-boot on APM and an IBM-specific
code on MBR.

This changes the installer to use the correct names, which also breaks a
degeneracy in the meaning of "freebsd-boot" that allows the addition
of support for some newer IBM systems that can boot from GPT in addition to
MBR. Since I have no idea how to detect which those systems are, leave
the default on IBM PPC systems as MBR for now.
2014-07-04 15:55:32 +00:00
Andrey V. Elsukov
77bd1b6b9d Document all aliases supported by GEOM_PART class.
MFC after:	1 week
2014-07-01 12:44:47 +00:00
Baptiste Daroussin
bd0891ceb3 use .Mt to mark up email addresses consistently (part1)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:40:43 +00:00
Warren Block
1c773090b1 Fix spelling, typos, missing articles, contractions. Expanded version
of patch supplied with PR.

PR:		191001
Submitted by:	olgeni
MFC after:	1 week
2014-06-18 18:27:16 +00:00
Andrey V. Elsukov
91ca76a590 Add disklabel64 support to GEOM_PART class.
This partitioning scheme is used in DragonFlyBSD. It is similar to
BSD disklabel, but has the following improvements:
* metadata has own dedicated place and isn't accessible through partitions;
* all offsets are 64-bit;
* supports 16 partitions by default (has reserved place for more);
* has reserved place for backup label (but not yet implemented);
* has UUIDs for partitions and partition types;

No objections from:	geom
MFC after:	2 weeks
Relnotes:	yes
2014-06-11 10:42:34 +00:00
Joel Dahl
b6829dc82a Minor mdoc improvements. 2014-06-06 19:00:43 +00:00