Re: Patch to support GELI passphrase passthrough

[Kris Moore]

On 10/22/2014 13:47, Andrei Borzenkov wrote:
> В Wed, 22 Oct 2014 13:12:32 -0400
> Kris Moore <address@hidden> пишет:
>
>>
>> Hey, just a small patch to submit today. If you rather I send this to
>> the bug tracker then I can do that also.
>>
>> This patch allows exporting the FreeBSD GELI passphrase to the kernel
>> environment, which we will be doing in PC-BSD to avoid prompting for the
>> passphrase a second time at bootup.
>>
>>    if (!grub_password_get (passphrase, MAX_PASSPHRASE))
>>      return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
>>  
>> +  /* Set the GELI passphrase to GRUB env, for passing to FreeBSD kernel */
>> +  grub_env_set ("gelipassphrase", passphrase);
>> +
> If I read BSD loader correctly, this should be kFreeBSD.gelipassphrase.
> Is geli freebsd-specific?
>
>>    /* Calculate the PBKDF2 of the user supplied passphrase.  */
>>    if (grub_le_to_cpu32 (header.niter) != 0)
>>      {
> It sounds more logical to export it after it has been verified?
>
> I tried to find out about this "gelipassphrase" kernel variable but did
> not find anything. Is it already used anywhere?
>
>> Let me know if you have any suggestions or need any changes. I'm
>> currently hacking on support for EFI framebuffer settings to be passed
>> to FreeBSD kernel as well, will send patches once I get things working
>> there.
>>
>
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/grub-devel

Well, this patch just makes the variable available to grub.cfg file,
then we do some stuff there like this:

set kFreeBSD.kern.geom.eli.passphrase=<passphrase>

The patch for support in FreeBSD should be in HEAD soon, but here it is
if you want to take a look:

https://github.com/pcbsd/freebsd/commit/79f4efcf6a7d4268781adc227d76ed9f7f0b685d

-- 
Kris Moore
PC-BSD Software
iXsystems