Date: Sun, 27 Mar 2016 19:34:30 -0400 From: Eric McCorkle <eric@metricspace.net> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: EFI GELI boot update Message-ID: <F546394E-1292-46F9-84C8-B63322C472F8@metricspace.net>
next in thread | raw e-mail | index | archive | help
Just to give an update, as I know there were some others looking into GELI s= upport for EFI, I've made modifications to boot1 to support "provider" modul= es, which basically handle subpartitions. You can track my work on this her= e:=20 https://github.com/emc2/freebsd/tree/geli_efi I had considered using the EFI API more for this (creating device nodes, add= ing protocols, and binding device paths), but decided not to in order to kee= p loader working with a GRUB setup. As for actual GELI support, here's the roadmap I'm considering: * Abstract the use of struct dsk out of the core data structures * Abstract the crytpto, password-asking, and key material storage out of the= GELI code into some kind of boot crypto framework. Ideally, this would be s= modules-type framework with BIOS and EFI software crypto modules provided. = Hardware crypto could be supported in the future by adding more modules. * (Possibly) come up with a better way to transfer key material to loader an= d the kernel * Mirror the functionality of the provider modules in loader I welcome any suggestions on any of this.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F546394E-1292-46F9-84C8-B63322C472F8>