Commit Graph

85 Commits

Author SHA1 Message Date
ed
4ee939c936 Add support for asterisk characters when filling in the GELI password
during boot.

Change the last argument of gets() to indicate a visibility flag and add
definitions for the numerical constants. Except for the value 2, gets()
will behave exactly the same, so existing consumers shouldn't break. We
only use it in two places, though.

Submitted by:	lme (older version)
2010-11-14 14:12:43 +00:00
pjd
0e4c810277 - Improve error messages, so instead of 'Not fully done', the user will get
information that device is already suspended or that device is using
  one-time key and suspend is not supported.
- 'geli suspend -a' silently skips devices that use one-time key, this is fine,
  but because we log which device were suspended on the console, log also which
  devices were skipped.
2010-10-22 22:58:00 +00:00
pjd
a4a3ac19b4 Close a race between checking if device is already suspended and suspending it. 2010-10-22 22:54:26 +00:00
pjd
c24b1dbd26 Add State tag, so 'geli status' will report active/suspended status, eg:
# geli status
	   Name     Status  Components
	da0.eli  SUSPENDED  da0
	da1.eli     ACTIVE  da1
2010-10-22 22:45:26 +00:00
pjd
8ba9fc913b Encryption keys array might be NULL if device is suspended. Check for this, so
we don't panic when we detach suspended device.
2010-10-22 22:44:09 +00:00
pjd
b022d95473 Move sc_akeyctx and sc_ivctx initialization to the g_eli_mkey_propagate()
function which eliminates code duplication and will ensure proper order
of operation.
2010-10-22 22:13:11 +00:00
pjd
94a920a001 Free opencrypto sessions on suspend, as they also might keep encryption keys. 2010-10-21 19:44:28 +00:00
pjd
5a22d5e587 Fix a bug introduced in r213067 where we use authentication key before
initializing it.
2010-10-21 12:58:26 +00:00
pjd
d5e7511690 Bring in geli suspend/resume functionality (finally).
Before this change if you wanted to suspend your laptop and be sure that your
encryption keys are safe, you had to stop all processes that use file system
stored on encrypted device, unmount the file system and detach geli provider.

This isn't very handy. If you are a lucky user of a laptop where suspend/resume
actually works with FreeBSD (I'm not!) you most likely want to suspend your
laptop, because you don't want to start everything over again when you turn
your laptop back on.

And this is where geli suspend/resume steps in. When you execute:

	# geli suspend -a

geli will wait for all in-flight I/O requests, suspend new I/O requests, remove
all geli sensitive data from the kernel memory (like encryption keys) and will
wait for either 'geli resume' or 'geli detach'.

Now with no keys in memory you can suspend your laptop without stopping any
processes or unmounting any file systems.

When you resume your laptop you have to resume geli devices using 'geli resume'
command. You need to provide your passphrase, etc. again so the keys can be
restored and suspended I/O requests released.

Of course you need to remember that 'geli suspend' won't clear file system
cache and other places where data from your geli-encrypted file system might be
present. But to get rid of those stopping processes and unmounting file system
won't help either - you have to turn your laptop off. Be warned.

Also note, that suspending geli device which contains file system with geli
utility (or anything used by 'geli resume') is not very good idea, as you won't
be able to resume it - when you execute geli(8), the kernel will try to read it
and this read I/O request will be suspended.
2010-10-20 20:50:55 +00:00
pjd
75395aabbc - Add missing comments.
- Make a comment consistent with others.
2010-10-20 20:01:45 +00:00
pjd
6b9ec43f8f Change g_eli_debug to int, so one can turn off any GELI output by setting
kern.geom.eli.debug sysctl to -1.

MFC after:	2 weeks
2010-09-25 10:32:04 +00:00
pjd
60321cfa67 Ignore errors from BIO_FLUSH. It might confuse users that provider wasn't
really killed. What we really care about are write errors only.

MFC after:	2 weeks
2010-09-25 10:31:05 +00:00
pjd
3ff79b30f5 Update copyright years.
MFC after:	1 week
2010-09-23 12:02:08 +00:00
pjd
32404b1197 Add support for AES-XTS. This will be the default now.
MFC after:	1 week
2010-09-23 11:58:36 +00:00
pjd
ed0ad07f3d Implement switching of data encryption key every 2^20 blocks.
This ensures the same encryption key won't be used for more than
2^20 blocks (sectors). This will be the default now.

MFC after:	1 week
2010-09-23 11:49:47 +00:00
pjd
8c781f88d0 Make the code similar to the code in g_eli_integrity.c.
MFC after:	1 week
2010-09-23 11:23:10 +00:00
pjd
72f4299778 Define default overwrite count, so that userland can use it.
MFC after:	1 week
2010-09-23 11:19:48 +00:00
pjd
9a528e9595 When trashing metadata, flush after each write.
MFC after:	1 week
2010-09-23 10:43:37 +00:00
brian
52f645c18b Support attaching version 4 metadata
Reviewed by:	pjd
2010-09-19 10:45:53 +00:00
pjd
6f96b7c228 - Allow to specify value as const pointers.
- Make optional string values always an empty string.
2010-09-13 08:56:07 +00:00
pjd
f3ed6934be Correct offset conversion to little endian. It was implemented in version 2,
but because of a bug it was a no-op, so we were still using offsets in native
byte order for the host. Do it properly this time, bump version to 4 and set
the G_ELI_FLAG_NATIVE_BYTE_ORDER flag when version is under 4.

MFC after:	2 weeks
2010-08-28 08:30:20 +00:00
pjd
1e56ad0204 Use lower priority for GELI worker threads. This improves system
responsiveness under heavy GELI load.

MFC after:	3 days
2010-04-15 16:34:06 +00:00
trasz
f2a5da9c05 Remove pointless assignment.
Found with:	clang
2010-01-25 16:58:58 +00:00
pjd
d68f0a635b Detach GELI providers on shutdown/reboot, which will allow providers underneath
to close properly.

Reported, reviewed and tested by:	guido
MFC after:	1 week
2009-03-16 19:31:08 +00:00
guido
cf13ba2e81 Backout this commit whil a better solution is developed 2009-03-13 08:13:51 +00:00
guido
887100e88a When attaching a geli on boot make sure that it is detached
upon last close. (needed for a gmirror to properly shutdown
upon reboot when a geli is on top the gmirror)
2009-03-10 15:23:43 +00:00
pjd
664b89e716 Style(9). 2008-08-12 20:19:08 +00:00
pjd
b1fb19aba8 Clear passphrase buffer after use.
Submitted by:	Fabian Keil <fk@fabiankeil.de> (a bit different version)
2008-07-20 19:56:13 +00:00
jb
1785efbd75 On some arches, openssl is built with OPENSSL_NO_CAMELLIA, so the
code here needs to depend on that too.
2007-11-19 08:59:32 +00:00
julian
51d643caa6 Rename the kthread_xxx (e.g. kthread_create()) calls
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.

I'd LOVE to do this rename in 7.0  so that we can eventually MFC the
new kthread_xxx() calls.
2007-10-20 23:23:23 +00:00
pjd
9afb74d049 Add support for Camellia encryption algorithm.
PR:		kern/113790
Submitted by:	Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp>
Approved by:	re (bmah)
2007-09-01 06:33:02 +00:00
jeff
91d1501790 Commit 14/14 of sched_lock decomposition.
- Use thread_lock() rather than sched_lock for per-thread scheduling
   sychronization.
 - Use the per-process spinlock rather than the sched_lock for per-process
   scheduling synchronization.

Tested by:      kris, current@
Tested on:      i386, amd64, ULE, 4BSD, libthr, libkse, PREEMPTION, etc.
Discussed with: kris, attilio, kmacy, jhb, julian, bde (small parts each)
2007-06-05 00:00:57 +00:00
pjd
52b222af91 When deleting key, flush write cache after each overwrite, so we don't
overwrite data N times in cache and only once on disk.
2007-05-06 14:56:03 +00:00
pjd
f0a2e6d38c Use root_mounted(). 2007-04-08 23:54:23 +00:00
sam
f96ba7ffda Overhaul driver/subsystem api's:
o make all crypto drivers have a device_t; pseudo drivers like the s/w
  crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
  cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
  for specifying which of several potential devices to use when doing
  crypto operations
o add new ioctls that allow user apps to select a specific crypto device
  to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
  implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
  795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
  to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
  to specify a device to use for tests

These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.

These changes were instigated by the work of Michael Richardson.

Reviewed by:	pjd
Approved by:	re
2007-03-21 03:42:51 +00:00
pjd
b23a2a2ffb Warn when user use sectorsize bigger than the page size, which will lead
to problems when the geli device is used with file system or as a swap.

Hopefully will prevent problems like kern/98742 in the future.

MFC after:	1 week
2007-03-05 12:41:44 +00:00
pjd
38868f2cec Fix geli after last commit for UP systems that are running SMP kernel.
Submitted by:	Hyo geol, Lee <hyogeollee@gmail.com>
MFC after:	1 week
2007-03-02 09:38:16 +00:00
pjd
4e4fa80cab It is possible that GEOM taste provider before SMP is started.
We can't bind to a CPU which is not yet on-line, so add code that wait for
CPUs to go on-line before binding to them.

Reported by:	Alin-Adrian Anton <aanton@spintech.ro>
MFC after:	2 weeks
2007-01-28 20:29:12 +00:00
pjd
9fbd00e878 I want CPU number here.
Noticed by:	ru
2006-11-02 09:01:34 +00:00
pjd
d55b9d74e2 Skip disabled CPU, because after we sched_bind() to a disabled CPU,
we won't be able to exit from the thread.

Function g_eli_cpu_is_disabled() stoled from kern_pmc.c.

PR:		104669
Reported by:	Nikolay Mirin <nik@optim.com.ru>
MFC after:	1 week
2006-11-01 16:05:06 +00:00
pjd
c33849dc41 Implement BIO_FLUSH handling by simply passing it down to the components.
Sponsored by:	home.pl
2006-10-31 21:23:51 +00:00
pjd
cb0554d5cc Remove trailing spaces. 2006-09-30 08:16:49 +00:00
pjd
2e387b9b85 Add 'configure' subcommand which for now only allows setting and removing
of the BOOT flag. It can be performed on both attached and detached
providers.

Requested by:	Matthias Lederhofer <matled@gmx.net>
MFC after:	1 week
2006-09-16 10:43:17 +00:00
pjd
5d795537ae Remove extra arguments.
MFC after:	3 days
2006-09-16 07:47:57 +00:00
pjd
3a923dc027 Before using byte offset for IV creation, covert it to little endian.
This way one will be able to use provider encrypted on eg. i386 on
eg. sparc64. This doesn't really buy us much today, because UFS isn't
endian agnostic.

We retain backward compatibility by setting G_ELI_FLAG_NATIVE_BYTE_ORDER
flag on devices with version number less than 2 and not converting the
offset.
2006-08-11 19:09:12 +00:00
pjd
d9810ee8e2 Forgot to bump version number after G_ELI_FLAG_READONLY flag addition. 2006-08-11 18:39:58 +00:00
pjd
b2ae936be5 Allow geli to operate on read-only providers.
Initial patch from:	vd
MFC after:		2 weeks
2006-08-09 18:11:14 +00:00
yar
99e7c62f6f Fix what looks like a typo: MODULE_DEPEND() takes module names,
not KLD file names; and GELI module's name is g_eli, not geom_eli.

Approved by:	pjd (silence)
MFC after:	5 days
2006-07-27 11:52:12 +00:00
pjd
603264d10f Don't forget to initialize crp_olen field, which is used to calculate
bio_completed value.
2006-07-22 10:05:55 +00:00
pjd
ec70ef58cb Allow to use the old -a option to specify an encryption algorithm to use
(for backward compatibility), but print a warning to inform about the
change.
2006-06-06 22:06:24 +00:00