From owner-cvs-src-old@FreeBSD.ORG Tue Oct 26 23:08:40 2010 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25965106564A for ; Tue, 26 Oct 2010 23:08:40 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 101298FC08 for ; Tue, 26 Oct 2010 23:08:40 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id o9QN8dDY035337 for ; Tue, 26 Oct 2010 23:08:39 GMT (envelope-from pjd@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.4/8.14.4/Submit) id o9QN8dAh035336 for cvs-src-old@freebsd.org; Tue, 26 Oct 2010 23:08:39 GMT (envelope-from pjd@repoman.freebsd.org) Message-Id: <201010262308.o9QN8dAh035336@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to pjd@repoman.freebsd.org using -f From: Pawel Jakub Dawidek Date: Tue, 26 Oct 2010 23:06:53 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: RELENG_8 Subject: cvs commit: src/sbin/geom/class/eli geli.8 geom_eli.c src/sbin/geom/core geom.c src/sys/geom/eli g_eli.c g_eli.h g_eli_crypto.c g_eli_ctl.c g_eli_integrity.c g_eli_key.c g_eli_privacy.c X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Oct 2010 23:08:40 -0000 pjd 2010-10-26 23:06:53 UTC FreeBSD src repository Modified files: (Branch: RELENG_8) sbin/geom/class/eli geli.8 geom_eli.c sbin/geom/core geom.c sys/geom/eli g_eli.c g_eli.h g_eli_crypto.c g_eli_ctl.c g_eli_integrity.c g_eli_key.c g_eli_privacy.c Log: SVN rev 214405 on 2010-10-26 23:06:53Z by pjd MFC r202976,r211927,r212845,r212846,r212934,r213055,r213056,r213057,r213058, r213059,r213060,r213062,r213063,r213067,r213070,r213071,r213072,r213073, r213164,r213165,r213172,r214116,r214118,r214133,r214163,r214225,r214226, r214227,r214228,r214229,r214404: r202976 (by trasz): Remove pointless assignment. Found with: clang r211927: Correct offset conversion to little endian. It was implemented in version 2, but because of a bug it was a no-op, so we were still using offsets in native byte order for the host. Do it properly this time, bump version to 4 and set the G_ELI_FLAG_NATIVE_BYTE_ORDER flag when version is under 4. Reported by: ivoras r212845 (by brian): Support attaching version 4 metadata Reviewed by: pjd r212846: Fix indent. r212934 (by brian): Add a geli resize subcommand to resize encrypted filesystems prior to growing the filesystem. Refuse to attach providers where the metadata provider size is wrong. This makes post-boot attaches behave consistently with pre-boot attaches. Also refuse to restore metadata to a provider of the wrong size without the new -f switch. The new -f switch forces the metadata restoration despite the provider size, and updates the provider size in the restored metadata to the correct value. Helped by: pjd Reviewed by: pjd r213055: When trashing metadata, flush after each write. r213056: Simplify code a bit by using g_*() API from libgeom. r213057: - Make use of g_*() API. - Flush cache after writing metadata. r213058: Because we first write metadata into new place and then trash old place we don't want situation where old size is equal to new size, as we will trash newly written metadata. r213059: - Use g_*() API when doing backups. - fsync() created files. r213060: - When trashing metadata, repeat overwrite kern.geom.eli.overwrites times. - Flush write cache after each write. r213062: Define default overwrite count, so that userland can use it. r213063: Make the code similar to the code in g_eli_integrity.c. r213067: Implement switching of data encryption key every 2^20 blocks. This ensures the same encryption key won't be used for more than 2^20 blocks (sectors). This will be the default now. r213070: Add support for AES-XTS. This will be the default now. r213071: Document AES-XTS. r213072: Update copyright years. r213073: Update copyright years. r213164: Ignore errors from BIO_FLUSH. It might confuse users that provider wasn't really killed. What we really care about are write errors only. r213165: Change g_eli_debug to int, so one can turn off any GELI output by setting kern.geom.eli.debug sysctl to -1. r213172: - Add support for loading passphrase from a file (-J and -j options). This is especially useful for things like installers, where regular geli prompt can't be used. - Add support for specifing multiple -K or -k options, so there is no need to cat all keyfiles and read them from standard input. Requested by: Kris Moore , thompsa r214116: - Add missing comments. - Make a comment consistent with others. r214118: Bring in geli suspend/resume functionality (finally). Before this change if you wanted to suspend your laptop and be sure that your encryption keys are safe, you had to stop all processes that use file system stored on encrypted device, unmount the file system and detach geli provider. This isn't very handy. If you are a lucky user of a laptop where suspend/resume actually works with FreeBSD (I'm not!) you most likely want to suspend your laptop, because you don't want to start everything over again when you turn your laptop back on. And this is where geli suspend/resume steps in. When you execute: # geli suspend -a geli will wait for all in-flight I/O requests, suspend new I/O requests, remove all geli sensitive data from the kernel memory (like encryption keys) and will wait for either 'geli resume' or 'geli detach'. Now with no keys in memory you can suspend your laptop without stopping any processes or unmounting any file systems. When you resume your laptop you have to resume geli devices using 'geli resume' command. You need to provide your passphrase, etc. again so the keys can be restored and suspended I/O requests released. Of course you need to remember that 'geli suspend' won't clear file system cache and other places where data from your geli-encrypted file system might be present. But to get rid of those stopping processes and unmounting file system won't help either - you have to turn your laptop off. Be warned. Also note, that suspending geli device which contains file system with geli utility (or anything used by 'geli resume') is not very good idea, as you won't be able to resume it - when you execute geli(8), the kernel will try to read it and this read I/O request will be suspended. r214133: Fix a bug introduced in r213067 where we use authentication key before initializing it. r214163: Free opencrypto sessions on suspend, as they also might keep encryption keys. r214225: Move sc_akeyctx and sc_ivctx initialization to the g_eli_mkey_propagate() function which eliminates code duplication and will ensure proper order of operation. r214226: Encryption keys array might be NULL if device is suspended. Check for this, so we don't panic when we detach suspended device. r214227: Add State tag, so 'geli status' will report active/suspended status, eg: # geli status Name Status Components da0.eli SUSPENDED da0 da1.eli ACTIVE da1 r214228: Close a race between checking if device is already suspended and suspending it. r214229: - Improve error messages, so instead of 'Not fully done', the user will get information that device is already suspended or that device is using one-time key and suspend is not supported. - 'geli suspend -a' silently skips devices that use one-time key, this is fine, but because we log which device were suspended on the console, log also which devices were skipped. r214404: Use fprintf(stderr) instead of gctl_error() to print a warning about too big sector size. When gctl error is set gctl_has_param() always returns 'false', which prevents geli(8) from finding some arguments and also masks an error, which is generates in such case. Revision Changes Path 1.25.2.2 +218 -30 src/sbin/geom/class/eli/geli.8 1.26.2.3 +516 -169 src/sbin/geom/class/eli/geom_eli.c 1.38.2.7 +4 -4 src/sbin/geom/core/geom.c 1.44.2.3 +271 -101 src/sys/geom/eli/g_eli.c 1.13.10.2 +72 -26 src/sys/geom/eli/g_eli.h 1.6.2.2 +14 -1 src/sys/geom/eli/g_eli_crypto.c 1.13.10.2 +208 -4 src/sys/geom/eli/g_eli_ctl.c 1.4.12.2 +14 -5 src/sys/geom/eli/g_eli_integrity.c 1.3.10.2 +93 -9 src/sys/geom/eli/g_eli_key.c 1.1.12.2 +68 -8 src/sys/geom/eli/g_eli_privacy.c