From owner-freebsd-security@FreeBSD.ORG  Sun Jul 31 14:07:30 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 95B8016A41F;
	Sun, 31 Jul 2005 14:07:30 +0000 (GMT)
	(envelope-from phk@phk.freebsd.dk)
Received: from haven.freebsd.dk (haven.freebsd.dk [130.225.244.222])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2F81243D48;
	Sun, 31 Jul 2005 14:07:30 +0000 (GMT)
	(envelope-from phk@phk.freebsd.dk)
Received: from phk.freebsd.dk (unknown [192.168.48.2])
	by haven.freebsd.dk (Postfix) with ESMTP id AB291BC69;
	Sun, 31 Jul 2005 14:07:27 +0000 (UTC)
To: Allan Fields <bsd@afields.ca>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Sun, 31 Jul 2005 09:59:19 EDT."
	<20050731135919.GA43753@afields.ca> 
Date: Sun, 31 Jul 2005 16:07:27 +0200
Message-ID: <10601.1122818847@phk.freebsd.dk>
Sender: phk@phk.freebsd.dk
Cc: Pawel Jakub Dawidek <pjd@freebsd.org>,
	freebsd-geom <freebsd-geom@freebsd.org>,
	freebsd-hackers <freebsd-hackers@freebsd.org>,
	freebsd-security <freebsd-security@freebsd.org>,
	Alexander Leidinger <Alexander@Leidinger.net>,
	"Ronnel P. Maglasang" <rmaglasang@infoweapons.com>
Subject: Re: Kernel Source Divergence,
	Security (was: booting gbde-encrypted filesystem) 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jul 2005 14:07:30 -0000

In message <20050731135919.GA43753@afields.ca>, Allan Fields writes:

>Yes, this is all very nice, but when is someone actually going to
>commit it? ;)

I'm (as always) short of time, and GBDE is not the top priority
for me for the time being.

So I am more than happy to see people band together and improve
gbde.

The main work necessary is to polish the userland program and that
is relatively trivial programming, so anyone should be able to pick
that up: just go for it.

Giving gbde a taste function so that the root filesystem can be
protected by GBDE, this is also OK by me in principle, but I'd like
to review the patch before it gets committed because there are a
large number of dragons.

In P4:phk_gbde there is the beginning of hw-crypto support through
opencrypto(9), if somebody wants to work on that, get in touch with
me.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.