d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,961 Commits 72 Branches 135 Tags 3.2 GiB
a1de0396bd
Commit Graph

26 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
9af2131b78 Teach geli how to load keyfiles before root file system is mounted. 
An example entries for loader.conf to make it possible:

geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"

geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"

Thanks for jhb and kan who showed me the right direction.

MFC after:	3 days
 2006-02-11 13:08:24 +00:00
Pawel Jakub Dawidek
a80f82a4a3 Check rootvnode variable to see if we still want to ask for passphrase on 
boot. Other methods just don't work properly.

MFC after:	3 days
 2006-02-11 12:45:01 +00:00
Christian Brueffer
9864500624 Clean up some sysctl descriptions, debug messages etc. 
Approved by:	pjd
MFC after:	3 days
 2006-02-07 17:23:22 +00:00
Pawel Jakub Dawidek
38ea96ac99 Remove trailing spaces. 2006-02-01 12:06:01 +00:00
Pawel Jakub Dawidek
7d54b385a6 - Use better types. 
- Log problems at level 0 when killing providers.

MFC after:	3 days
 2006-01-17 07:32:43 +00:00
Pawel Jakub Dawidek
b5f30223fc Check return value. 
Found by:	Coverity Prevent(tm)
MFC after:	3 days
 2006-01-17 07:30:34 +00:00
Pawel Jakub Dawidek
7192f621d0 Remove dead code. 
Found by:	Coverity Prevent(tm)
MFC after:	3 days
 2006-01-17 07:27:46 +00:00
Pawel Jakub Dawidek
4ec0490779 Remove unused value. 
Found by:	Coverity Prevent(tm)
MFC after:	3 days
 2006-01-17 07:26:48 +00:00
Maxim Sobolev
8a4a44b5aa Check for g_read_data(9) errors properly: 
o The only indication of error condition is NULL value returned by
  the function;

o value pointed to by error argument is undefined in the case when
  operation completes successfully.

Discussed with: phk
 2005-11-30 19:24:51 +00:00
Pawel Jakub Dawidek
71270ca60b Fix copy&paste typo. 
MFC after:	3 days
 2005-09-10 07:46:47 +00:00
Pawel Jakub Dawidek
cf47954083 Don't forget to initialize crp_etype field. 
Reported by:	Nick Evans <nevans@syphen.net>
MFC after:	3 days
 2005-09-10 07:45:10 +00:00
Pawel Jakub Dawidek
dd549194ae By default, when doing crypto work in software, start as many threads 
as we have active CPUs and bind each thread to its own CPU.

MFC after:	3 days
 2005-08-21 18:12:51 +00:00
Pawel Jakub Dawidek
b8db9f58da Remove stale comment (we now always start worker thread). 
MFC after:	3 days
 2005-08-21 18:06:35 +00:00
Pawel Jakub Dawidek
efd9ac0dfc Add a __packed keyword to g_eli_metadata struct definition, so 
sizeof(struct g_eli_metadata) will return the exact number of bytes needed
for storing it on the disk.
Without this change GELI was unusable on amd64 (and probably other 64-bit
archs), because sizeof(struct g_eli_metadata) was greater than 512 bytes
and geli(8) was failing on assertion.

Reported by:	Michael Reifenberger <mike@Reifenberger.com>
MFC after:	3 days
 2005-08-20 10:43:03 +00:00
Pawel Jakub Dawidek
7a5c26fcbd Allow to change number of iterations for PKCS#5v2. It can only be used 
when there is only one key set.

MFC after:	3 days
 2005-08-19 22:19:25 +00:00
Pawel Jakub Dawidek
fcd46203c5 - Add a missing period. 
- Fix number of spaces.

MFC after:	3 days
 2005-08-19 22:16:26 +00:00
Pawel Jakub Dawidek
dddd1d537a Always run dedicated kernel thread (even when we have hardware support). 
There is no performance impact, but allows to allocate memory with
M_WAITOK flag.
As a side effect this simplify code a bit.

MFC after:	3 days
 2005-08-17 15:25:57 +00:00
Pawel Jakub Dawidek
bf71eaacf1 We should now return 0. 2005-08-17 15:12:34 +00:00
Pawel Jakub Dawidek
d1dca8a818 Even if crypto_dispatch() return an error, request is not canceled and 
our callback will still be called, just to tell us that requested
failed...

Reported by:	Mike Tancsa <mike@sentex.net>
MFC after:	3 days
 2005-08-17 14:34:52 +00:00
Pawel Jakub Dawidek
2be2b2eab5 We don't need to clear allocated memory. This will speed-up things a bit. 
MFC after:	3 days
 2005-08-17 14:08:50 +00:00
Pawel Jakub Dawidek
bb30fea667 Because code paths for I/O requests are quite complex, add comments above 
the functions which participate in I/O paths.

MFC after:	1 day
 2005-08-13 17:45:37 +00:00
Pawel Jakub Dawidek
6985decf3c GELI doesn't need cryptodev. 
MFC after:	3 days
 2005-08-11 14:52:27 +00:00
Pawel Jakub Dawidek
6eb1d21f14 Be case-insensitive when dealing with algorithm names. 
PR:		kern/84659
Submitted by:	Benjamin Lutz <benlutz@datacomm.ch>
 2005-08-08 19:40:38 +00:00
Pawel Jakub Dawidek
ea35a2ec3a MFp4: Export more informations about encrypted providers. 
MFC after:	1 week
 2005-07-27 22:31:57 +00:00
Pawel Jakub Dawidek
7625429883 Reduce default debug level to 0. 
MFC after:	1 week
 2005-07-27 21:48:47 +00:00
Pawel Jakub Dawidek
c58794debd Add GEOM_ELI class which provides GEOM providers encryption. 
For features list and usage see manual page: geli(8).

Sponsored by:	Wheel Sp. z o.o.
		http://www.wheel.pl
MFC after:	1 week
 2005-07-27 21:43:37 +00:00