From owner-freebsd-hackers@freebsd.org Sun Mar 20 17:13:47 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 274F3AD73BA for ; Sun, 20 Mar 2016 17:13:47 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (207-172-209-83.c3-0.arl-ubr1.sbo-arl.ma.static.cable.rcn.com [207.172.209.83]) by mx1.freebsd.org (Postfix) with ESMTP id 0791ABD4 for ; Sun, 20 Mar 2016 17:13:46 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:8fe:6a13:797b:e9c9] (unknown [IPv6:2001:470:1f11:617:8fe:6a13:797b:e9c9]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 8F38013AB for ; Sun, 20 Mar 2016 17:13:40 +0000 (UTC) Subject: boot1-compatible GELI and GPT code? From: Eric McCorkle Content-Type: text/plain; charset=us-ascii X-Mailer: iPad Mail (13D15) Message-Id: <8F22A0E2-45A3-463B-8CAC-16BEC8DA8883@metricspace.net> Date: Sun, 20 Mar 2016 13:13:39 -0400 To: "freebsd-hackers@freebsd.org" Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2016 17:13:47 -0000 Hello everyone, I'm working (among other things) on expanding the capabilities of the EFI bo= ot block to be able to load GELI-encrypted partitions, which may contain a G= PT partition table, in order to support full-disk encryption. I'm wondering, is there any code for reading either of these formats that co= uld be used in boot1 hiding out anywhere? It'd be best to avoid rewriting t= his stuff if possible. Also, I haven't investigated the capabilities of loader with regard to GELI y= et beyond cursory inspection. Most importantly, I need to know if loader ca= n handle GPTs and other partition formats inside a GELI, or just single file= systems. As an additional note, it'd be best if there was a method for having boot1 p= ass the key(s) along to loader and ultimately the kernel, so the users don't= have to input their keys 3 times. I'm open to suggestions as to how to do t= his. My initial thought is to create some kind of variable in both loader a= nd kernel, then use the elf data to locate it and directly inject the data p= rior to booting. The rationale is to avoid mechanisms like arguments that c= ould potentially reveal the keys.=