From owner-freebsd-current@FreeBSD.ORG Mon Apr 6 17:24:57 2015 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5230659E; Mon, 6 Apr 2015 17:24:57 +0000 (UTC) Received: from smtp.vangyzen.net (hotblack.vangyzen.net [199.48.133.146]) by mx1.freebsd.org (Postfix) with ESMTP id CD8047E8; Mon, 6 Apr 2015 17:24:56 +0000 (UTC) Received: from marvin.lab.vangyzen.net (c-73-147-253-17.hsd1.va.comcast.net [73.147.253.17]) by smtp.vangyzen.net (Postfix) with ESMTPSA id DEE3B56467; Mon, 6 Apr 2015 12:24:55 -0500 (CDT) Message-ID: <5522C167.6090408@vangyzen.net> Date: Mon, 06 Apr 2015 13:24:55 -0400 From: Eric van Gyzen User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Devin Teske , freebsd-current@freebsd.org Subject: Re: [RFC] Add "GELI Passphrase:" prompt to boot loader References: <0D7CA1BF-3052-41FD-A3E7-5BBAA51B214A@FreeBSD.org> In-Reply-To: <0D7CA1BF-3052-41FD-A3E7-5BBAA51B214A@FreeBSD.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Cc: cperciva@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2015 17:24:57 -0000 On 04/06/2015 12:58, Devin Teske wrote: > Hi -current, > > I have a pending enhancement to the boot loader that Colin P. and I > have been working on together. > > URL: https://reviews.freebsd.org/D2105 > > The nature of the patch is to cause the boot loader to prompt for the > GELI passphrase and then pass that on (through a kenv(1) variable) > to Colin’s code in geom_eli.ko where it will be: > > (a) picked up for-use as the initial passphrase attempt(s) > (b) zeroed after being picked-up so “kenv kern.geom.eli.passphrase” > returns nothing > > NB: Actually, “kenv kern.geom.eli.passphrase” generates the error > “kenv: unable to get kern.geom.eli.passphrase” > > The problem that I (we) need help in solving is: > > If the geom_eli.ko module doesn’t get loaded, then the variable > (kern.geom.eli.passphrase) is not zeroed. > > While I do think that this is of minimal concern (not loading the GELI > module means you won’t be able to get past the mountroot prompt in > the case where GELI is required to boot), I discussed with Colin and > I think we are in consensus that the resetting of the variable should > perhaps be moved to another section of the kernel to prevent leakage > of this sensitive information being passed through kenv(1) variable(s). > > Issue for me is, I’m not sure where the best place to move this to. > Here’s the code that needs to be moved (Lines 108-109 of g_eli.c): > > https://svnweb.freebsd.org/base?view=revision&revision=273489 > > > 108 /* Wipe the passphrase from the environment. */ > 109 kern_unsetenv("kern.geom.eli.passphrase"); > > Need to move that preferably to some place in the kernel that is NOT > optional in the compilation process. Suggestions? How about putting it right after a successful mount of the root file system? (I've never used GELI, so this could be as "right out" as five.) Eric