Date: Mon, 6 Apr 2015 10:39:51 -0700 From: Devin Teske <dteske@FreeBSD.org> To: Eric van Gyzen <eric@vangyzen.net> Cc: Devin Teske <dteske@FreeBSD.org>, freebsd-current@freebsd.org, cperciva@freebsd.org Subject: Re: [RFC] Add "GELI Passphrase:" prompt to boot loader Message-ID: <72AB2A13-8DA5-4320-8302-598B6672DA25@FreeBSD.org> In-Reply-To: <5522C167.6090408@vangyzen.net> References: <0D7CA1BF-3052-41FD-A3E7-5BBAA51B214A@FreeBSD.org> <5522C167.6090408@vangyzen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Apr 6, 2015, at 10:24 AM, Eric van Gyzen <eric@vangyzen.net> wrote: >=20 > On 04/06/2015 12:58, Devin Teske wrote: >> Hi -current, >>=20 >> I have a pending enhancement to the boot loader that Colin P. and I >> have been working on together. >>=20 >> URL: https://reviews.freebsd.org/D2105 = <https://reviews.freebsd.org/D2105>; >>=20 >> The nature of the patch is to cause the boot loader to prompt for the >> GELI passphrase and then pass that on (through a kenv(1) variable) >> to Colin=E2=80=99s code in geom_eli.ko where it will be: >>=20 >> (a) picked up for-use as the initial passphrase attempt(s) >> (b) zeroed after being picked-up so =E2=80=9Ckenv = kern.geom.eli.passphrase=E2=80=9D >> returns nothing >>=20 >> NB: Actually, =E2=80=9Ckenv kern.geom.eli.passphrase=E2=80=9D = generates the error >> =E2=80=9Ckenv: unable to get kern.geom.eli.passphrase=E2=80=9D >>=20 >> The problem that I (we) need help in solving is: >>=20 >> If the geom_eli.ko module doesn=E2=80=99t get loaded, then the = variable >> (kern.geom.eli.passphrase) is not zeroed. >>=20 >> While I do think that this is of minimal concern (not loading the = GELI >> module means you won=E2=80=99t be able to get past the mountroot = prompt in >> the case where GELI is required to boot), I discussed with Colin and >> I think we are in consensus that the resetting of the variable should >> perhaps be moved to another section of the kernel to prevent leakage >> of this sensitive information being passed through kenv(1) = variable(s). >>=20 >> Issue for me is, I=E2=80=99m not sure where the best place to move = this to. >> Here=E2=80=99s the code that needs to be moved (Lines 108-109 of = g_eli.c): >>=20 >> https://svnweb.freebsd.org/base?view=3Drevision&revision=3D273489 = <https://svnweb.freebsd.org/base?view=3Drevision&revision=3D273489>; >>=20 >>=20 >> 108 = <https://svnweb.freebsd.org/base/head/sys/geom/eli/g_eli.c?annotate=3D2734= 89&pathrev=3D273489#l108> /* Wipe the = passphrase from the environment. */ >> 109 = <https://svnweb.freebsd.org/base/head/sys/geom/eli/g_eli.c?annotate=3D2734= 89&pathrev=3D273489#l109> = kern_unsetenv("kern.geom.eli.passphrase"); >>=20 >> Need to move that preferably to some place in the kernel that is NOT >> optional in the compilation process. Suggestions? >=20 > How about putting it right after a successful mount of the root file = system?=20 > (I've never used GELI, so this could be as "right out" as five.) >=20 I think that=E2=80=99s an excellent idea. /me rummages through source I=E2=80=99m thinking that the best place might be where we deal with the = registered event handler for mountroot. One place that I crawled upon that looks particularly sexy is in = start_init() of sys/kern/init_main.c: ### BEGIN SNIPPET ### /* * Start the initial user process; try exec=E2=80=99ing each pathname in = init_path. * The program is invoked with one argument containing the boot flags. */ static void start_init(void *dummy) { vm_offset_t addr; struct execve_args args; int options, error; char *var, *path, *next, *s; char *ucp, **uap, *arg0, *arg1; struct thread *td; struct proc *p; mtx_lock(&Giant); GIANT_REQUIRED; td =3D furthered; p =3D td->td_proc; vfs_mountroot(); ### RFC for code placement ### /* XXX Put reset of kern.geom.eli.passphrase here XXX */ ########################## /* * Need just enough stack to hold the faked-up =E2=80=9Cexecve()=E2= =80=9D arguments. */ // snip rest // ### END SNIPPET ### Or can you think of a better place? =E2=80=94=20 Devin=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72AB2A13-8DA5-4320-8302-598B6672DA25>