freebsd kernel with SKQ
Go to file
Allan Jude ec5c0e5be9 Implement boot-time encryption key passing (keybuf)
This patch adds a general mechanism for providing encryption keys to the
kernel from the boot loader. This is intended to enable GELI support at
boot time, providing a better mechanism for passing keys to the kernel
than environment variables. It is designed to be extensible to other
applications, and can easily handle multiple encrypted volumes with
different keys.

This mechanism is currently used by the pending GELI EFI work.
Additionally, this mechanism can potentially be used to interface with
GRUB, opening up options for coreboot+GRUB configurations with completely
encrypted disks.

Another benefit over the existing system is that it does not require
re-deriving the user key from the password at each boot stage.

Most of this patch was written by Eric McCorkle. It was extended by
Allan Jude with a number of minor enhancements and extending the keybuf
feature into boot2.

GELI user keys are now derived once, in boot2, then passed to the loader,
which reuses the key, then passes it to the kernel, where the GELI module
destroys the keybuf after decrypting the volumes.

Submitted by:	Eric McCorkle <eric@metricspace.net> (Original Version)
Reviewed by:	oshogbo (earlier version), cem (earlier version)
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9575
2017-04-01 05:05:22 +00:00
bin Update to tcsh 6.20.00 2017-03-25 13:32:28 +00:00
cddl MFV r315290, r315291: 7303 dynamic metaslab selection 2017-03-24 09:37:00 +00:00
contrib Currently, less(1) uses K&R prototypes, which both fails to provide useful 2017-03-31 21:29:43 +00:00
crypto Upgrade to OpenSSH 7.4p1. 2017-03-06 01:37:05 +00:00
etc Consolidate random sleeps in periodic scripts 2017-04-01 04:42:35 +00:00
gnu Temporary readd GNU diff 2017-03-19 17:19:59 +00:00
include Implement the memset_s(3) function as specified by the C11 ISO/IEC 2017-03-30 04:57:26 +00:00
kerberos5 kerberos5: normalize paths using SRCTOP-relative paths or :H when possible 2017-03-04 11:34:36 +00:00
lib Add explicit_bzero() to libstand, and switch GELIBoot to using it 2017-03-31 00:04:32 +00:00
libexec Emply contemporary function prototypes in bootpd, rather than relying on 2017-03-26 14:37:12 +00:00
release Add cxgbe(4), ixl(4), and mlx4en(4) to the hardware release notes 2017-03-23 00:56:52 +00:00
rescue Fix linking /rescue/rescue to multiple programs in usr.bin after r315113 2017-03-20 22:33:22 +00:00
sbin [ifconfig] add some comments around missing net80211 VHT configuration. 2017-03-31 22:05:10 +00:00
secure Upgrade to OpenSSH 7.4p1. 2017-03-06 01:37:05 +00:00
share Consolidate random sleeps in periodic scripts 2017-04-01 04:42:35 +00:00
sys Implement boot-time encryption key passing (keybuf) 2017-04-01 05:05:22 +00:00
targets pwait: Add a -t flag to specify a timeout before exiting, and tests. 2017-03-07 22:16:55 +00:00
tests Fix back-to-back runs of sys/netinet/fibs_test;slaac_on_nondefault_fib6 2017-03-20 23:07:34 +00:00
tools Remove the .Pa portion I added to the .An macro in AUTHORS section 2017-03-23 02:26:15 +00:00
usr.bin Revert debugging that was accidently committed in r316314 2017-03-31 03:11:25 +00:00
usr.sbin Consolidate random sleeps in periodic scripts 2017-04-01 04:42:35 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint phabricator related changes: 2015-04-20 20:33:22 +00:00
COPYRIGHT Bump copyright year. 2016-12-31 12:41:42 +00:00
LOCKS
MAINTAINERS As suggested by several people, note that I prefer to communicate by email. 2017-03-03 20:23:21 +00:00
Makefile Remove pc98 support completely. 2017-01-28 02:22:15 +00:00
Makefile.inc1 Rename _cc to _gcc to be more clear. 2017-03-21 22:09:00 +00:00
Makefile.libcompat Use cross-NM (XNM) in compat32 build 2017-01-27 03:43:18 +00:00
ObsoleteFiles.inc Rename tests from <foo> to <foo>_test to match the FreeBSD test suite 2017-03-23 03:28:24 +00:00
README README: remove nonexistent 'games' directory. 2016-05-18 10:43:13 +00:00
README.md Remove hard line breaks from README.md 2017-03-01 15:39:58 +00:00
UPDATING Allow explicitly assigned IPv6 loopback address to be used in jails 2017-03-31 09:10:05 +00:00

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

For copyright information, please see the file COPYRIGHT in this directory (additional copyright information also exists for some sources in this tree - please see the specific source directories for more information).

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7) and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html for more information, including setting make(1) variables.

The buildkernel and installkernel targets build and install the kernel and the modules (see below). Please see the top of the Makefile in this directory for more information on the standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process. See build(7), config(8), and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information.

Note: If you want to build and install the kernel with the buildkernel and installkernel targets, you might need to build world before. More information is available in the handbook.

The kernel configuration files reside in the sys/<arch>/conf sub-directory. GENERIC is the default configuration used in release builds. NOTES contains entries and documentation for all possible devices, not just those commonly used.

Source Roadmap:

bin				System/user commands.

cddl			Various commands and libraries under the Common Development  
				and Distribution License.

contrib			Packages contributed by 3rd parties.

crypto			Cryptography stuff (see crypto/README).

etc				Template files for /etc.

gnu				Various commands and libraries under the GNU Public License.  
				Please see gnu/COPYING* for more information.

include			System include files.

kerberos5		Kerberos5 (Heimdal) package.

lib				System libraries.

libexec			System daemons.

release			Release building Makefile & associated tools.

rescue			Build system for statically linked /rescue utilities.

sbin			System commands.

secure			Cryptographic libraries and commands.

share			Shared resources.

sys				Kernel sources.

tests			Regression tests which can be run by Kyua.  See tests/README
				for additional information.

tools			Utilities for regression testing and miscellaneous tasks.

usr.bin			User commands.

usr.sbin		System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html