Date: Sun, 20 Mar 2016 18:34:08 +0000 From: Steven Hartland <killing@multiplay.co.uk> To: freebsd-hackers@freebsd.org Subject: Re: boot1-compatible GELI and GPT code? Message-ID: <56EEED20.80607@multiplay.co.uk> In-Reply-To: <8F22A0E2-45A3-463B-8CAC-16BEC8DA8883@metricspace.net> References: <8F22A0E2-45A3-463B-8CAC-16BEC8DA8883@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Support for this is already in HEAD, give it a go :) On 20/03/2016 17:13, Eric McCorkle wrote: > Hello everyone, > > I'm working (among other things) on expanding the capabilities of the EFI boot block to be able to load GELI-encrypted partitions, which may contain a GPT partition table, in order to support full-disk encryption. > > I'm wondering, is there any code for reading either of these formats that could be used in boot1 hiding out anywhere? It'd be best to avoid rewriting this stuff if possible. > > Also, I haven't investigated the capabilities of loader with regard to GELI yet beyond cursory inspection. Most importantly, I need to know if loader can handle GPTs and other partition formats inside a GELI, or just single filesystems. > > As an additional note, it'd be best if there was a method for having boot1 pass the key(s) along to loader and ultimately the kernel, so the users don't have to input their keys 3 times. I'm open to suggestions as to how to do this. My initial thought is to create some kind of variable in both loader and kernel, then use the elf data to locate it and directly inject the data prior to booting. The rationale is to avoid mechanisms like arguments that could potentially reveal the keys. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56EEED20.80607>