From owner-freebsd-current@FreeBSD.ORG Mon Apr 6 17:07:44 2015 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 73476FAE; Mon, 6 Apr 2015 17:07:44 +0000 (UTC) Received: from shxd.cx (mail.shxd.cx [64.201.244.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5C5703BC; Mon, 6 Apr 2015 17:07:44 +0000 (UTC) Received: from 50-196-156-133-static.hfc.comcastbusiness.net ([50.196.156.133]:51907 helo=tinkerbell.pixel8networks.com) by shxd.cx with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Yf373-000Ogz-42; Mon, 06 Apr 2015 02:14:33 -0700 From: Devin Teske Subject: [RFC] Add "GELI Passphrase:" prompt to boot loader Date: Mon, 6 Apr 2015 09:58:38 -0700 Message-Id: <0D7CA1BF-3052-41FD-A3E7-5BBAA51B214A@FreeBSD.org> To: freebsd-current@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) X-Mailer: Apple Mail (2.1990.1) Sender: devin@shxd.cx Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: Devin Teske , cperciva@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2015 17:07:44 -0000 Hi -current, I have a pending enhancement to the boot loader that Colin P. and I have been working on together. URL: https://reviews.freebsd.org/D2105 = The nature of the patch is to cause the boot loader to prompt for the GELI passphrase and then pass that on (through a kenv(1) variable) to Colin=E2=80=99s code in geom_eli.ko where it will be: (a) picked up for-use as the initial passphrase attempt(s) (b) zeroed after being picked-up so =E2=80=9Ckenv = kern.geom.eli.passphrase=E2=80=9D returns nothing NB: Actually, =E2=80=9Ckenv kern.geom.eli.passphrase=E2=80=9D generates = the error =E2=80=9Ckenv: unable to get kern.geom.eli.passphrase=E2=80=9D The problem that I (we) need help in solving is: If the geom_eli.ko module doesn=E2=80=99t get loaded, then the variable (kern.geom.eli.passphrase) is not zeroed. While I do think that this is of minimal concern (not loading the GELI module means you won=E2=80=99t be able to get past the mountroot prompt = in the case where GELI is required to boot), I discussed with Colin and I think we are in consensus that the resetting of the variable should perhaps be moved to another section of the kernel to prevent leakage of this sensitive information being passed through kenv(1) variable(s). Issue for me is, I=E2=80=99m not sure where the best place to move this = to. Here=E2=80=99s the code that needs to be moved (Lines 108-109 of = g_eli.c): https://svnweb.freebsd.org/base?view=3Drevision&revision=3D273489 = 108 = /* Wipe the = passphrase from the environment. */ 109 = = kern_unsetenv("kern.geom.eli.passphrase"); Need to move that preferably to some place in the kernel that is NOT optional in the compilation process. Suggestions? =E2=80=94=20 Cheers, Devin=