From owner-freebsd-hackers@freebsd.org Thu Oct 12 15:21:22 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E5EAE2CAA9 for ; Thu, 12 Oct 2017 15:21:22 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com [IPv6:2607:f8b0:400c:c08::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E6E83808B0 for ; Thu, 12 Oct 2017 15:21:21 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-ua0-x233.google.com with SMTP id w45so3282990uac.3 for ; Thu, 12 Oct 2017 08:21:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=GJztWcDTv+H9glxXMfebfrL0FanfcezQYdKZI4T8NVM=; b=CseRZxl3pwAZQ55GHJq2HBhJqRKNwXqyiHlQVdeydRldZbyWIz+aWhvq+hOxyf45Gx hVoJdZzvpBXHdwJr0lXsLAUALDyYwrl++kxVucnBO/lFfjVzySwhkoBSz2z2Wseh7CNu ErPonuU4CDUaRcNo8JT6G/k9nYbWHBWdOtdEAkfdWfYZ+gQ7ZA2GpnN2An4Mmo9Pzea/ sVnvnHKhSy4vIFfcpCZM/cLeZWL27TrVP6QhhL4rzDmVu0uVh4cH4XVogx6mUxPzWTxP 9QmuvEfQAc5HoXJ1LWJsgAwRia56WkrtnAVjD4ogQjTIo72IUKm/3hIKQE61NfbCTURK wAZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=GJztWcDTv+H9glxXMfebfrL0FanfcezQYdKZI4T8NVM=; b=je/WuQkwHyG9jyAgMoBH12ob/GpCM/PwfEH06qMuxjoIE/9U+G/nWJ7G6PwsC5STaY ur3SJHN5puLWPShSfZ5/qfSKIwBl04kLNDrKEUfYF53Hhj7dPuofugyDj7ubNQtkuT/f QBWtE9swa+7GobuPvCYiZXdVMq+1jO77FhCMuF/F46QVTOOGMkBSPUlL23zsaHr/19by O6gFtdGwnE7qgbZda8n6DYq9mlJQnevORHHxjjgNrqrr6M9QK5Wb7Ev+0C/p+BBIRog6 Ll7JpzpJV+dwmaUP/hK/O6ZNpNEigO8vikovPJ+oFwM97ps5Cup+GAgd+BpjBNCla1zU qNRA== X-Gm-Message-State: AMCzsaUVy+DtFPhbBvm8OZYZDyZwaOJD+bnxQPR7FWi2H4l3MDWnMqEy tWXtf+L6W+YHXQol1uIh7JnMenb6wCCuzgwSuEAXwfEX X-Google-Smtp-Source: AOwi7QC9WrQGEXe5/uTSYtPoCQF0cJ1BRo/oKGGXZGADgxtwOM15xiJL27GR0PG8S44jthH6EZv+KxxESRbwsOWFJz0= X-Received: by 10.159.36.168 with SMTP id 37mr543291uar.187.1507821680684; Thu, 12 Oct 2017 08:21:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.131.80 with HTTP; Thu, 12 Oct 2017 08:21:20 -0700 (PDT) In-Reply-To: References: From: Ben Woods Date: Thu, 12 Oct 2017 23:21:20 +0800 Message-ID: Subject: Re: [RFC] geli - Allow attaching multiple providers To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2017 15:21:22 -0000 On 28 May 2017 at 13:38, Ben Woods wrote: > Hi everyone, > > I would like to propose a patch to geli to allow multiple providers to be > attached in a single command if they use the same passphrase/keyfiles. > > This is helpful when the providers being attached are not used for boot, > and therefore the existing code to first try the cached password when > tasting the providers during boot does not apply. > > Multiple providers with the same passphrase and keyfiles can be attached > at the same time during system start-up by adding the following to > /etc/rc.conf: > > geli_groups="storage backup" > geli_storage_flags="-k /etc/geli/storage.keys" > geli_storage_devices="ada0 ada1" > geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys" > geli_backup_devices="ada2 ada3" > > The patch is up for review on phabricator here: > https://reviews.freebsd.org/D9396 > > Regards, > Ben > > -- > From: Benjamin Woods > woodsb02@gmail.com > Hi everyone, I have created a new phabricator review for this work to allow multiple providers to be attached in a single geli command if they use the same passphrase/keyfiles. Unlike D9396, this implementation does not modify the kernel. This is achieved by creating a new child geom request for each provider being attached, and passing each request to the kernel one by one. The new patch can be found here: https://reviews.freebsd.org/D12644 I am hoping people can review and comment on this patch, and that I can get assistance committing this once it is approved (as I am only a ports committer). Regards, Ben -- From: Benjamin Woods woodsb02@gmail.com