d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,597 Commits 4 Branches 49 Tags 2 GiB
e4adab401b
Commit Graph

26 Commits

Author SHA1 Message Date
pjd
204d3235ab Teach geli how to load keyfiles before root file system is mounted. 
An example entries for loader.conf to make it possible:

geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"

geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"

Thanks for jhb and kan who showed me the right direction.

MFC after:	3 days
 2006-02-11 13:08:24 +00:00
pjd
f9926daa99 Check rootvnode variable to see if we still want to ask for passphrase on 
boot. Other methods just don't work properly.

MFC after:	3 days
 2006-02-11 12:45:01 +00:00
brueffer
1620f68fa6 Clean up some sysctl descriptions, debug messages etc. 
Approved by:	pjd
MFC after:	3 days
 2006-02-07 17:23:22 +00:00
pjd
6f074b6d64 Remove trailing spaces. 2006-02-01 12:06:01 +00:00
pjd
bc614c3af5 - Use better types. 
- Log problems at level 0 when killing providers.

MFC after:	3 days
 2006-01-17 07:32:43 +00:00
pjd
df676bfd16 Check return value. 
Found by:	Coverity Prevent(tm)
MFC after:	3 days
 2006-01-17 07:30:34 +00:00
pjd
ad2b246949 Remove dead code. 
Found by:	Coverity Prevent(tm)
MFC after:	3 days
 2006-01-17 07:27:46 +00:00
pjd
1911dbbb9c Remove unused value. 
Found by:	Coverity Prevent(tm)
MFC after:	3 days
 2006-01-17 07:26:48 +00:00
sobomax
29543921ea Check for g_read_data(9) errors properly: 
o The only indication of error condition is NULL value returned by
  the function;

o value pointed to by error argument is undefined in the case when
  operation completes successfully.

Discussed with: phk
 2005-11-30 19:24:51 +00:00
pjd
4ca45af625 Fix copy&paste typo. 
MFC after:	3 days
 2005-09-10 07:46:47 +00:00
pjd
e1cf625a5f Don't forget to initialize crp_etype field. 
Reported by:	Nick Evans <nevans@syphen.net>
MFC after:	3 days
 2005-09-10 07:45:10 +00:00
pjd
aee0040df6 By default, when doing crypto work in software, start as many threads 
as we have active CPUs and bind each thread to its own CPU.

MFC after:	3 days
 2005-08-21 18:12:51 +00:00
pjd
af30c99a23 Remove stale comment (we now always start worker thread). 
MFC after:	3 days
 2005-08-21 18:06:35 +00:00
pjd
a2f0d0b06b Add a __packed keyword to g_eli_metadata struct definition, so 
sizeof(struct g_eli_metadata) will return the exact number of bytes needed
for storing it on the disk.
Without this change GELI was unusable on amd64 (and probably other 64-bit
archs), because sizeof(struct g_eli_metadata) was greater than 512 bytes
and geli(8) was failing on assertion.

Reported by:	Michael Reifenberger <mike@Reifenberger.com>
MFC after:	3 days
 2005-08-20 10:43:03 +00:00
pjd
0c33c951a5 Allow to change number of iterations for PKCS#5v2. It can only be used 
when there is only one key set.

MFC after:	3 days
 2005-08-19 22:19:25 +00:00
pjd
e6d1db2424 - Add a missing period. 
- Fix number of spaces.

MFC after:	3 days
 2005-08-19 22:16:26 +00:00
pjd
653998193b Always run dedicated kernel thread (even when we have hardware support). 
There is no performance impact, but allows to allocate memory with
M_WAITOK flag.
As a side effect this simplify code a bit.

MFC after:	3 days
 2005-08-17 15:25:57 +00:00
pjd
768e62bfca We should now return 0. 2005-08-17 15:12:34 +00:00
pjd
b5aaabac19 Even if crypto_dispatch() return an error, request is not canceled and 
our callback will still be called, just to tell us that requested
failed...

Reported by:	Mike Tancsa <mike@sentex.net>
MFC after:	3 days
 2005-08-17 14:34:52 +00:00
pjd
8e698f8cb4 We don't need to clear allocated memory. This will speed-up things a bit. 
MFC after:	3 days
 2005-08-17 14:08:50 +00:00
pjd
fdcfb5ee7a Because code paths for I/O requests are quite complex, add comments above 
the functions which participate in I/O paths.

MFC after:	1 day
 2005-08-13 17:45:37 +00:00
pjd
112012604e GELI doesn't need cryptodev. 
MFC after:	3 days
 2005-08-11 14:52:27 +00:00
pjd
540e708ef5 Be case-insensitive when dealing with algorithm names. 
PR:		kern/84659
Submitted by:	Benjamin Lutz <benlutz@datacomm.ch>
 2005-08-08 19:40:38 +00:00
pjd
8ecb9be842 MFp4: Export more informations about encrypted providers. 
MFC after:	1 week
 2005-07-27 22:31:57 +00:00
pjd
354bcaec75 Reduce default debug level to 0. 
MFC after:	1 week
 2005-07-27 21:48:47 +00:00
pjd
57922fa5cc Add GEOM_ELI class which provides GEOM providers encryption. 
For features list and usage see manual page: geli(8).

Sponsored by:	Wheel Sp. z o.o.
		http://www.wheel.pl
MFC after:	1 week
 2005-07-27 21:43:37 +00:00