Date: Sun, 27 Mar 2016 19:34:30 -0400 From: Eric McCorkle <eric@metricspace.net> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: EFI GELI boot update Message-ID: <F546394E-1292-46F9-84C8-B63322C472F8@metricspace.net>
next in thread | raw e-mail | index | archive | help
Just to give an update, as I know there were some others looking into GELI support for EFI, I've made modifications to boot1 to support "provider" modules, which basically handle subpartitions. You can track my work on this here: https://github.com/emc2/freebsd/tree/geli_efi I had considered using the EFI API more for this (creating device nodes, adding protocols, and binding device paths), but decided not to in order to keep loader working with a GRUB setup. As for actual GELI support, here's the roadmap I'm considering: * Abstract the use of struct dsk out of the core data structures * Abstract the crytpto, password-asking, and key material storage out of the GELI code into some kind of boot crypto framework. Ideally, this would be s modules-type framework with BIOS and EFI software crypto modules provided. Hardware crypto could be supported in the future by adding more modules. * (Possibly) come up with a better way to transfer key material to loader and the kernel * Mirror the functionality of the provider modules in loader I welcome any suggestions on any of this.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F546394E-1292-46F9-84C8-B63322C472F8>