From owner-svn-src-all@freebsd.org Thu Jul 2 10:55:33 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ADEB8992A18; Thu, 2 Jul 2015 10:55:33 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9F20C168D; Thu, 2 Jul 2015 10:55:33 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t62AtXVb071625; Thu, 2 Jul 2015 10:55:33 GMT (envelope-from pjd@FreeBSD.org) Received: (from pjd@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t62AtX8I071623; Thu, 2 Jul 2015 10:55:33 GMT (envelope-from pjd@FreeBSD.org) Message-Id: <201507021055.t62AtX8I071623@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pjd set sender to pjd@FreeBSD.org using -f From: Pawel Jakub Dawidek Date: Thu, 2 Jul 2015 10:55:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285023 - in head: sbin/geom/class/eli sys/geom/eli X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jul 2015 10:55:33 -0000 Author: pjd Date: Thu Jul 2 10:55:32 2015 New Revision: 285023 URL: https://svnweb.freebsd.org/changeset/base/285023 Log: Allow to omit keyfile number for the first keyfile. Modified: head/sbin/geom/class/eli/geli.8 head/sys/geom/eli/g_eli.c Modified: head/sbin/geom/class/eli/geli.8 ============================================================================== --- head/sbin/geom/class/eli/geli.8 Thu Jul 2 10:31:08 2015 (r285022) +++ head/sbin/geom/class/eli/geli.8 Thu Jul 2 10:55:32 2015 (r285023) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 18, 2014 +.Dd June 2, 2015 .Dt GELI 8 .Os .Sh NAME @@ -893,6 +893,13 @@ geli_da1s3a_keyfile0_type="da1s3a:geli_k geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" .Ed .Pp +If there is only one keyfile, the index might be omitted: +.Bd -literal -offset indent +geli_da1s3a_keyfile_load="YES" +geli_da1s3a_keyfile_type="da1s3a:geli_keyfile" +geli_da1s3a_keyfile_name="/boot/keys/da1s3a.key" +.Ed +.Pp Not only configure encryption, but also data integrity verification using .Nm HMAC/SHA256 . .Bd -literal -offset indent Modified: head/sys/geom/eli/g_eli.c ============================================================================== --- head/sys/geom/eli/g_eli.c Thu Jul 2 10:31:08 2015 (r285022) +++ head/sys/geom/eli/g_eli.c Thu Jul 2 10:55:32 2015 (r285023) @@ -998,6 +998,13 @@ g_eli_keyfiles_load(struct hmac_ctx *ctx for (i = 0; ; i++) { snprintf(name, sizeof(name), "%s:geli_keyfile%d", provider, i); keyfile = preload_search_by_type(name); + if (keyfile == NULL && i == 0) { + /* + * If there is only one keyfile, allow simpler name. + */ + snprintf(name, sizeof(name), "%s:geli_keyfile", provider); + keyfile = preload_search_by_type(name); + } if (keyfile == NULL) return (i); /* Return number of loaded keyfiles. */ data = preload_fetch_addr(keyfile);