ec5c0e5be9
This patch adds a general mechanism for providing encryption keys to the kernel from the boot loader. This is intended to enable GELI support at boot time, providing a better mechanism for passing keys to the kernel than environment variables. It is designed to be extensible to other applications, and can easily handle multiple encrypted volumes with different keys. This mechanism is currently used by the pending GELI EFI work. Additionally, this mechanism can potentially be used to interface with GRUB, opening up options for coreboot+GRUB configurations with completely encrypted disks. Another benefit over the existing system is that it does not require re-deriving the user key from the password at each boot stage. Most of this patch was written by Eric McCorkle. It was extended by Allan Jude with a number of minor enhancements and extending the keybuf feature into boot2. GELI user keys are now derived once, in boot2, then passed to the loader, which reuses the key, then passes it to the kernel, where the GELI module destroys the keybuf after decrypting the volumes. Submitted by: Eric McCorkle <eric@metricspace.net> (Original Version) Reviewed by: oshogbo (earlier version), cem (earlier version) MFC after: 3 weeks Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D9575
94 lines
2.6 KiB
C
94 lines
2.6 KiB
C
/*-
|
|
* Copyright (c) 2012 Andriy Gapon <avg@FreeBSD.org>
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms are freely
|
|
* permitted provided that the above copyright notice and this
|
|
* paragraph and the following disclaimer are duplicated in all
|
|
* such forms.
|
|
*
|
|
* This software is provided "AS IS" and without any express or
|
|
* implied warranties, including, without limitation, the implied
|
|
* warranties of merchantability and fitness for a particular
|
|
* purpose.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _BOOT_I386_ARGS_H_
|
|
#define _BOOT_I386_ARGS_H_
|
|
|
|
#define KARGS_FLAGS_CD 0x1
|
|
#define KARGS_FLAGS_PXE 0x2
|
|
#define KARGS_FLAGS_ZFS 0x4
|
|
#define KARGS_FLAGS_EXTARG 0x8 /* variably sized extended argument */
|
|
|
|
#define BOOTARGS_SIZE 24 /* sizeof(struct bootargs) */
|
|
#define BA_BOOTFLAGS 8 /* offsetof(struct bootargs, bootflags) */
|
|
#define BA_BOOTINFO 20 /* offsetof(struct bootargs, bootinfo) */
|
|
#define BI_SIZE 48 /* offsetof(struct bootinfo, bi_size) */
|
|
|
|
/*
|
|
* We reserve some space above BTX allocated stack for the arguments
|
|
* and certain data that could hang off them. Currently only struct bootinfo
|
|
* is supported in that category. The bootinfo is placed at the top
|
|
* of the arguments area and the actual arguments are placed at ARGOFF offset
|
|
* from the top and grow towards the top. Hopefully we have enough space
|
|
* for bootinfo and the arguments to not run into each other.
|
|
* Arguments area below ARGOFF is reserved for future use.
|
|
*/
|
|
#define ARGSPACE 0x1000 /* total size of the BTX args area */
|
|
#define ARGOFF 0x800 /* actual args offset within the args area */
|
|
#define ARGADJ (ARGSPACE - ARGOFF)
|
|
|
|
#ifndef __ASSEMBLER__
|
|
|
|
struct bootargs
|
|
{
|
|
uint32_t howto;
|
|
uint32_t bootdev;
|
|
uint32_t bootflags;
|
|
union {
|
|
struct {
|
|
uint32_t pxeinfo;
|
|
uint32_t reserved;
|
|
};
|
|
uint64_t zfspool;
|
|
};
|
|
uint32_t bootinfo;
|
|
|
|
/*
|
|
* If KARGS_FLAGS_EXTARG is set in bootflags, then the above fields
|
|
* are followed by a uint32_t field that specifies a size of the
|
|
* extended arguments (including the size field).
|
|
*/
|
|
};
|
|
|
|
#ifdef LOADER_GELI_SUPPORT
|
|
#include <crypto/intake.h>
|
|
#endif
|
|
|
|
struct geli_boot_args
|
|
{
|
|
uint32_t size;
|
|
union {
|
|
char gelipw[256];
|
|
struct {
|
|
char notapw; /*
|
|
* single null byte to stop keybuf
|
|
* being interpreted as a password
|
|
*/
|
|
uint32_t keybuf_sentinel;
|
|
#ifdef LOADER_GELI_SUPPORT
|
|
struct keybuf *keybuf;
|
|
#else
|
|
void *keybuf;
|
|
#endif
|
|
};
|
|
};
|
|
};
|
|
|
|
#endif /*__ASSEMBLER__*/
|
|
|
|
#endif /* !_BOOT_I386_ARGS_H_ */
|