d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9554f17afb
freebsd-skq/sys
History
allanjude 9554f17afb Create the GELIBOOT GEOM_ELI flag 
This flag indicates that the user wishes to use the GELIBOOT feature to boot from a fully encrypted root file system.
Currently, GELIBOOT does not support key files, and in the future when it does, they will be loaded differently.
Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if any) to the HMAC before the optional passphrase, so there is no way to tell if a GELI partition requires key files or not.

Since the GELIBOOT code in boot2 and the loader does not support keys, they will now only attempt to attach if this flag is set. This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process

PR:		208251
Reviewed by:	ed, oshogbo, wblock
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D5867
2016-04-08 01:25:25 +00:00
..
amd64 Make CloudABI's way of doing TLS more friendly to userspace emulators. 2016-04-06 11:11:31 +00:00
arm Match on compatible string "allwinner,sun4i-a10-sram-controller" instead of 2016-04-08 00:01:19 +00:00
arm64 Fix interrupts delivery on ThunderX for VF IDs beyond 8 2016-04-07 10:36:50 +00:00
boot Document vfs.root.mountfrom. 2016-04-08 00:24:21 +00:00
bsm Merge from contrib/openbsm to bring the kernel audit bits up to date with OpenBSM 1.2 alpha 4: 2015-12-20 23:22:04 +00:00
cam chdone(): Prevent returning uninitialized scalar value. 2016-04-07 21:33:14 +00:00
cddl Alike to r293708 relax pool check in vdev_geom_open_by_path(). 2016-04-07 12:54:44 +00:00
compat Make CloudABI's way of doing TLS more friendly to userspace emulators. 2016-04-06 11:11:31 +00:00
conf newvers.sh: rationalize licence condition numbering 2016-04-07 20:30:46 +00:00
contrib Add DTrace probes for packets flagged as bad by ipfilter. All probes 2016-04-07 01:42:09 +00:00
crypto Break up opencrypto/xform.c so it can be reused piecemeal 2015-12-30 22:43:07 +00:00
ddb Add td_swinvoltick to track last involuntary context switch 2016-03-25 19:35:29 +00:00
dev Add option to specify built-in keymap for kbdmux 2016-04-07 20:12:45 +00:00
fs Add four new RCTL resources - readbps, readiops, writebps and writeiops, 2016-04-07 04:23:25 +00:00
gdb
geom Create the GELIBOOT GEOM_ELI flag 2016-04-08 01:25:25 +00:00
gnu Update our copy of the Linux dts files to be in sync with Linux 4.5-rc1. We 2016-02-09 16:42:32 +00:00
i386 Add kern.features flags for linux and linux64 modules 2016-04-05 22:36:48 +00:00
isa Fix the resource_list_print_type() calls to use uintmax_t. 2016-03-22 22:25:08 +00:00
kern Fix intr_irq_shuffle(). After r297539, ISRCs doing IPI may be also 2016-04-07 15:16:33 +00:00
kgssapi kcrypto_aes: Use separate sessions for AES and SHA1 2016-02-02 00:14:51 +00:00
libkern
mips Fix a copyright glitch before it gets copy-pasted again. I think this must 2016-04-07 18:19:09 +00:00
modules Add option to specify built-in keymap for kbdmux 2016-04-07 20:12:45 +00:00
net Revert accidental submit of WIP as part of r297609 2016-04-06 04:58:20 +00:00
net80211 [net80211] missed commit from last one - always cleanup superg state. 2016-04-06 01:22:20 +00:00
netgraph Migrate many bus_alloc_resource() calls to bus_alloc_resource_anywhere(). 2016-02-27 03:38:01 +00:00
netinet A couple of minor changes that I missed that Michael had done, most noted 2016-04-07 09:34:41 +00:00
netinet6 Unbreak the RSS/PCBGROUp build. 2016-03-31 00:53:23 +00:00
netipsec Fix handling of net.inet.ipsec.dfbit=2 variable. 2016-03-18 09:03:00 +00:00
netnatm
netpfil pf: Improve forwarding detection 2016-03-16 06:42:15 +00:00
netsmb The problem report was for a crash that happened when smbfs was 2015-11-18 23:04:01 +00:00
nfs Do not try to install a default route for each interface found, because 2016-03-27 23:16:37 +00:00
nfsclient
nfsserver
nlm
ofed tcp/lro: Use tcp_lro_flush_all in device drivers to avoid code duplication 2016-04-01 06:28:33 +00:00
opencrypto Break up opencrypto/xform.c so it can be reused piecemeal 2015-12-30 22:43:07 +00:00
pc98 Fix the resource_list_print_type() calls to use uintmax_t. 2016-03-22 22:25:08 +00:00
powerpc Convert pci_delete_child() to a bus_child_deleted() method. 2016-04-06 04:10:22 +00:00
riscv Add support for ddb(4). 2016-03-10 15:51:43 +00:00
rpc Remove some NULL checks for M_WAITOK allocations. 2016-03-29 13:56:59 +00:00
security Busy the mount point which is the owner of the audit vnode, around 2016-01-16 10:06:33 +00:00
sparc64 Convert pci_delete_child() to a bus_child_deleted() method. 2016-04-06 04:10:22 +00:00
sys Rename SHT_AMD64_UNWIND to SHT_X86_64_UNWIND per ABI doc 2016-04-07 20:26:27 +00:00
teken
tests Style 9 changes. 2015-11-12 10:31:14 +00:00
tools Fix MFS builds when both MD_ROOT_SIZE and MFS_IMAGE are specified 2016-02-02 07:02:51 +00:00
ufs Add four new RCTL resources - readbps, readiops, writebps and writeiops, 2016-04-07 04:23:25 +00:00
vm Add four new RCTL resources - readbps, readiops, writebps and writeiops, 2016-04-07 04:23:25 +00:00
x86 xen: Set ipi_{alloc,free} even for UP 2016-04-07 07:00:00 +00:00
xdr
xen xenbus: add a comment with the names of the generated accessors 2016-01-15 14:34:31 +00:00
Makefile Add riscv to the list of architectures for cscope. 2016-02-29 16:39:27 +00:00