From owner-freebsd-hackers@freebsd.org Sun Mar 20 18:34:08 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30117AD69E3 for ; Sun, 20 Mar 2016 18:34:08 +0000 (UTC) (envelope-from killing@multiplay.co.uk) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BFC96BD1 for ; Sun, 20 Mar 2016 18:34:07 +0000 (UTC) (envelope-from killing@multiplay.co.uk) Received: by mail-wm0-x234.google.com with SMTP id p65so98010829wmp.0 for ; Sun, 20 Mar 2016 11:34:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=multiplay-co-uk.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=qHfIZeGnSnTlsgkmaCto43gE3Xj1DlAQYy924PiCerE=; b=cfS72nRVDAXja+PyRr7LMHXEw5o15CC3p+i2WziLu9ejM53euFgQg4FnjpgVX3/B1y eMVWKniL9yud/+XD0kaL1mFX9OTdR4FUoRqD397rAMnTtBKV7OlM7o506kkmkxK67Lnn TJoRmgrpNUaFDpwgJprwqwn5tW3ZtTggFkl4h+eInABZymi+heXq4C+Ot4zanG1IPmAW ZUmntpVxKG+iOpvfz6ftn1eioGIhzgGVc/phoZMEg84O74A4CPJR012K3At9WtgxE36x IUz/Cc/q86Revz4g1zdc+1N/Ea9GgLwRmfQWq/BA+lpO1ub/vfkqMMVMb5Bz0x6hGRzd /keA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=qHfIZeGnSnTlsgkmaCto43gE3Xj1DlAQYy924PiCerE=; b=GCy1K4MtVkg07SuHDHw68bHSLUlnDkGdiTKfCROT7XwYAu9NgvvMUMbXv0trfk/He1 v5plmPyIxznU9jnUDvoBw6zirm0hb6kJ1lWJke0mRhgO7IpmO4opxLs5ljMiyA3IaUyC 6HZDdMM2S7UP3Kit2v7vzwT8l6W4a1qTq/iOHmvfxNwcVjXSiXvcBKug9qNPg+KGVI3L LfQsfT8/b8KVajnmJIMDD3gEnhPm8L13JkPi3+SrW/O/Ud/5isany05R8GOWpAA37p95 +iKA/uXjm8W7KwS8VXNBP0jbRUQ9Hv4yDoP4O1HZG+lfHIGa1MftmnCBkeGl1/EyiJKp OOkQ== X-Gm-Message-State: AD7BkJKkLQqxMujbH2OIcf3bf/pTJ4qg4kadV4hjSUltcoTzh0wNmej/+QWA21RrsN8HfgWc X-Received: by 10.195.13.76 with SMTP id ew12mr29571123wjd.68.1458498845902; Sun, 20 Mar 2016 11:34:05 -0700 (PDT) Received: from [10.10.1.58] (liv3d.labs.multiplay.co.uk. [82.69.141.171]) by smtp.gmail.com with ESMTPSA id gk4sm21753639wjd.7.2016.03.20.11.34.04 for (version=TLSv1/SSLv3 cipher=OTHER); Sun, 20 Mar 2016 11:34:04 -0700 (PDT) Subject: Re: boot1-compatible GELI and GPT code? To: freebsd-hackers@freebsd.org References: <8F22A0E2-45A3-463B-8CAC-16BEC8DA8883@metricspace.net> From: Steven Hartland Message-ID: <56EEED20.80607@multiplay.co.uk> Date: Sun, 20 Mar 2016 18:34:08 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 In-Reply-To: <8F22A0E2-45A3-463B-8CAC-16BEC8DA8883@metricspace.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2016 18:34:08 -0000 Support for this is already in HEAD, give it a go :) On 20/03/2016 17:13, Eric McCorkle wrote: > Hello everyone, > > I'm working (among other things) on expanding the capabilities of the EFI boot block to be able to load GELI-encrypted partitions, which may contain a GPT partition table, in order to support full-disk encryption. > > I'm wondering, is there any code for reading either of these formats that could be used in boot1 hiding out anywhere? It'd be best to avoid rewriting this stuff if possible. > > Also, I haven't investigated the capabilities of loader with regard to GELI yet beyond cursory inspection. Most importantly, I need to know if loader can handle GPTs and other partition formats inside a GELI, or just single filesystems. > > As an additional note, it'd be best if there was a method for having boot1 pass the key(s) along to loader and ultimately the kernel, so the users don't have to input their keys 3 times. I'm open to suggestions as to how to do this. My initial thought is to create some kind of variable in both loader and kernel, then use the elf data to locate it and directly inject the data prior to booting. The rationale is to avoid mechanisms like arguments that could potentially reveal the keys. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"