Date: Fri, 4 Feb 2005 10:04:53 -0500 From: Allan Fields <bsd@afields.ca> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: freebsd-geom@freebsd.org Subject: Re: -k/-K options for gbde(8). Message-ID: <20050204150453.GB59632@afields.ca> In-Reply-To: <20050203230430.GD27596@darkness.comp.waw.pl> References: <20050203230430.GD27596@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 04, 2005 at 12:04:30AM +0100, Pawel Jakub Dawidek wrote: > Hi. > > Patch below implement -k/-K/-N options from the gbde(8)-TODO list: > > http://people.freebsd.org/~pjd/patches/gbde.3.patch It seems in a previous life now.. I had also done a similar patch, it's on the list a while back and have updated since. Since then, I looked at various ways gbde(8) could be improved, expanded the TODO list, and started work on encrypted root support (Going from memory: phk and I discussed various options and concluded it best to implement an optional signature in metadata for gbde volumes to be detected and auto-mounted at boot before init I believe.) Regarding auto-mounting I responded: > > Some of the target objectives I had in mind were: > - Facilitate mounting of encrypted root (implies auto-attach or > prev. mentioned sol's working from device name [XX: not wise]). > [Attached before attempting to mount root] > - Allow non-boot-time-critical devices to be either manually > mounted or mounted such that they don't hold up the boot process. > i.e. allow some gbde devices to be mounted at different stages > in the boot process -- which is current way.. > No reason to attach /topsecret at the same time as encrypted /tmp > (Perhaps the two have different security needs) > [Could use a multi-stage approach in rc scripts] > - But allow the kernel to automatically attach gbde devices as found [, where desired] > - Encrypted swap implies still having control over the attach so > it doesn't try to attach old gbde with random passphrase > > How about just an "auto" flag in the metadata which is either 0 or 1. > Then you could keep the current manual behaviour and have some > devices (not) prompt for passphrase before startup. > > Incidentally, this could be as easy as saying on devices with sector > 0 are auto attached the rest are manual. > > [..] > Those options allow to give a part of the pass-phrase from the file: > > gbde attach da0 -k /mnt/usb/da0.key > > If '-N' option is not given user will still be prompted for the > pass-phrase and the two parts will be used as a one key. That's an interesting feature, the alternative which I originally proposed of encrypting key material is a less wise strategy which I'll suggest against. This might lend useful for multi-party keying schemes, though N of M would still require some work. > -k/-K option can be used multiple times: > > gbde attach da0 -k /mnt/usb/da0.key -k /somewhereelse/da0.key > which is equivalent to: > cat /mnt/usb/da0.key /somewhereelse/da0.key | gbde attach da0 -k /dev/stdin > -- > Pawel Jakub Dawidek http://www.wheel.pl > pjd@FreeBSD.org http://www.FreeBSD.org > FreeBSD committer Am I Evil? Yes, I Am! -- Allan Fields
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050204150453.GB59632>