d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5f9b24fa43
freebsd-dev/sys/boot/i386/common/bootargs.h
Allan Jude ec5c0e5be9 Implement boot-time encryption key passing (keybuf) 
This patch adds a general mechanism for providing encryption keys to the
kernel from the boot loader. This is intended to enable GELI support at
boot time, providing a better mechanism for passing keys to the kernel
than environment variables. It is designed to be extensible to other
applications, and can easily handle multiple encrypted volumes with
different keys.

This mechanism is currently used by the pending GELI EFI work.
Additionally, this mechanism can potentially be used to interface with
GRUB, opening up options for coreboot+GRUB configurations with completely
encrypted disks.

Another benefit over the existing system is that it does not require
re-deriving the user key from the password at each boot stage.

Most of this patch was written by Eric McCorkle. It was extended by
Allan Jude with a number of minor enhancements and extending the keybuf
feature into boot2.

GELI user keys are now derived once, in boot2, then passed to the loader,
which reuses the key, then passes it to the kernel, where the GELI module
destroys the keybuf after decrypting the volumes.

Submitted by:	Eric McCorkle <eric@metricspace.net> (Original Version)
Reviewed by:	oshogbo (earlier version), cem (earlier version)
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9575
2017-04-01 05:05:22 +00:00

94 lines
2.6 KiB
C
Raw Blame History

/*-
* Copyright (c) 2012 Andriy Gapon <avg@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms are freely
* permitted provided that the above copyright notice and this
* paragraph and the following disclaimer are duplicated in all
* such forms.
*
* This software is provided "AS IS" and without any express or
* implied warranties, including, without limitation, the implied
* warranties of merchantability and fitness for a particular
* purpose.
*
* $FreeBSD$
*/
#ifndef _BOOT_I386_ARGS_H_
#define _BOOT_I386_ARGS_H_
#define KARGS_FLAGS_CD 0x1
#define KARGS_FLAGS_PXE 0x2
#define KARGS_FLAGS_ZFS 0x4
#define KARGS_FLAGS_EXTARG 0x8 /* variably sized extended argument */
#define BOOTARGS_SIZE 24 /* sizeof(struct bootargs) */
#define BA_BOOTFLAGS 8 /* offsetof(struct bootargs, bootflags) */
#define BA_BOOTINFO 20 /* offsetof(struct bootargs, bootinfo) */
#define BI_SIZE 48 /* offsetof(struct bootinfo, bi_size) */
/*
* We reserve some space above BTX allocated stack for the arguments
* and certain data that could hang off them. Currently only struct bootinfo
* is supported in that category. The bootinfo is placed at the top
* of the arguments area and the actual arguments are placed at ARGOFF offset
* from the top and grow towards the top. Hopefully we have enough space
* for bootinfo and the arguments to not run into each other.
* Arguments area below ARGOFF is reserved for future use.
*/
#define ARGSPACE 0x1000 /* total size of the BTX args area */
#define ARGOFF 0x800 /* actual args offset within the args area */
#define ARGADJ (ARGSPACE - ARGOFF)
#ifndef __ASSEMBLER__
struct bootargs
{
uint32_t howto;
uint32_t bootdev;
uint32_t bootflags;
union {
struct {
uint32_t pxeinfo;
uint32_t reserved;
};
uint64_t zfspool;
};
uint32_t bootinfo;
/*
* If KARGS_FLAGS_EXTARG is set in bootflags, then the above fields
* are followed by a uint32_t field that specifies a size of the
* extended arguments (including the size field).
*/
};
#ifdef LOADER_GELI_SUPPORT
#include <crypto/intake.h>
#endif
struct geli_boot_args
{
uint32_t size;
union {
char gelipw[256];
struct {
char notapw; /*
* single null byte to stop keybuf
* being interpreted as a password
*/
uint32_t keybuf_sentinel;
#ifdef LOADER_GELI_SUPPORT
struct keybuf *keybuf;
#else
void *keybuf;
#endif
};
};
};
#endif /*__ASSEMBLER__*/
#endif /* !_BOOT_I386_ARGS_H_ */
Reference in New Issue View Git Blame Copy Permalink