Date: Tue, 26 Oct 2010 23:06:53 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sbin/geom/class/eli geli.8 geom_eli.c src/sbin/geom/core geom.c src/sys/geom/eli g_eli.c g_eli.h g_eli_crypto.c g_eli_ctl.c g_eli_integrity.c g_eli_key.c g_eli_privacy.c Message-ID: <201010262308.o9QN8dAh035336@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
pjd 2010-10-26 23:06:53 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_8)
sbin/geom/class/eli geli.8 geom_eli.c
sbin/geom/core geom.c
sys/geom/eli g_eli.c g_eli.h g_eli_crypto.c
g_eli_ctl.c g_eli_integrity.c g_eli_key.c
g_eli_privacy.c
Log:
SVN rev 214405 on 2010-10-26 23:06:53Z by pjd
MFC r202976,r211927,r212845,r212846,r212934,r213055,r213056,r213057,r213058,
r213059,r213060,r213062,r213063,r213067,r213070,r213071,r213072,r213073,
r213164,r213165,r213172,r214116,r214118,r214133,r214163,r214225,r214226,
r214227,r214228,r214229,r214404:
r202976 (by trasz):
Remove pointless assignment.
Found with: clang
r211927:
Correct offset conversion to little endian. It was implemented in version 2,
but because of a bug it was a no-op, so we were still using offsets in native
byte order for the host. Do it properly this time, bump version to 4 and set
the G_ELI_FLAG_NATIVE_BYTE_ORDER flag when version is under 4.
Reported by: ivoras
r212845 (by brian):
Support attaching version 4 metadata
Reviewed by: pjd
r212846:
Fix indent.
r212934 (by brian):
Add a geli resize subcommand to resize encrypted filesystems prior
to growing the filesystem.
Refuse to attach providers where the metadata provider size is
wrong. This makes post-boot attaches behave consistently with
pre-boot attaches. Also refuse to restore metadata to a provider
of the wrong size without the new -f switch. The new -f switch
forces the metadata restoration despite the provider size, and
updates the provider size in the restored metadata to the correct
value.
Helped by: pjd
Reviewed by: pjd
r213055:
When trashing metadata, flush after each write.
r213056:
Simplify code a bit by using g_*() API from libgeom.
r213057:
- Make use of g_*() API.
- Flush cache after writing metadata.
r213058:
Because we first write metadata into new place and then trash old place we
don't want situation where old size is equal to new size, as we will trash
newly written metadata.
r213059:
- Use g_*() API when doing backups.
- fsync() created files.
r213060:
- When trashing metadata, repeat overwrite kern.geom.eli.overwrites times.
- Flush write cache after each write.
r213062:
Define default overwrite count, so that userland can use it.
r213063:
Make the code similar to the code in g_eli_integrity.c.
r213067:
Implement switching of data encryption key every 2^20 blocks.
This ensures the same encryption key won't be used for more than
2^20 blocks (sectors). This will be the default now.
r213070:
Add support for AES-XTS. This will be the default now.
r213071:
Document AES-XTS.
r213072:
Update copyright years.
r213073:
Update copyright years.
r213164:
Ignore errors from BIO_FLUSH. It might confuse users that provider wasn't
really killed. What we really care about are write errors only.
r213165:
Change g_eli_debug to int, so one can turn off any GELI output by setting
kern.geom.eli.debug sysctl to -1.
r213172:
- Add support for loading passphrase from a file (-J and -j options).
This is especially useful for things like installers, where regular
geli prompt can't be used.
- Add support for specifing multiple -K or -k options, so there is no
need to cat all keyfiles and read them from standard input.
Requested by: Kris Moore <kris@pcbsd.org>, thompsa
r214116:
- Add missing comments.
- Make a comment consistent with others.
r214118:
Bring in geli suspend/resume functionality (finally).
Before this change if you wanted to suspend your laptop and be sure that your
encryption keys are safe, you had to stop all processes that use file system
stored on encrypted device, unmount the file system and detach geli provider.
This isn't very handy. If you are a lucky user of a laptop where suspend/resume
actually works with FreeBSD (I'm not!) you most likely want to suspend your
laptop, because you don't want to start everything over again when you turn
your laptop back on.
And this is where geli suspend/resume steps in. When you execute:
# geli suspend -a
geli will wait for all in-flight I/O requests, suspend new I/O requests, remove
all geli sensitive data from the kernel memory (like encryption keys) and will
wait for either 'geli resume' or 'geli detach'.
Now with no keys in memory you can suspend your laptop without stopping any
processes or unmounting any file systems.
When you resume your laptop you have to resume geli devices using 'geli resume'
command. You need to provide your passphrase, etc. again so the keys can be
restored and suspended I/O requests released.
Of course you need to remember that 'geli suspend' won't clear file system
cache and other places where data from your geli-encrypted file system might be
present. But to get rid of those stopping processes and unmounting file system
won't help either - you have to turn your laptop off. Be warned.
Also note, that suspending geli device which contains file system with geli
utility (or anything used by 'geli resume') is not very good idea, as you won't
be able to resume it - when you execute geli(8), the kernel will try to read it
and this read I/O request will be suspended.
r214133:
Fix a bug introduced in r213067 where we use authentication key before
initializing it.
r214163:
Free opencrypto sessions on suspend, as they also might keep encryption keys.
r214225:
Move sc_akeyctx and sc_ivctx initialization to the g_eli_mkey_propagate()
function which eliminates code duplication and will ensure proper order
of operation.
r214226:
Encryption keys array might be NULL if device is suspended. Check for this, so
we don't panic when we detach suspended device.
r214227:
Add State tag, so 'geli status' will report active/suspended status, eg:
# geli status
Name Status Components
da0.eli SUSPENDED da0
da1.eli ACTIVE da1
r214228:
Close a race between checking if device is already suspended and suspending it.
r214229:
- Improve error messages, so instead of 'Not fully done', the user will get
information that device is already suspended or that device is using
one-time key and suspend is not supported.
- 'geli suspend -a' silently skips devices that use one-time key, this is fine,
but because we log which device were suspended on the console, log also which
devices were skipped.
r214404:
Use fprintf(stderr) instead of gctl_error() to print a warning about too
big sector size. When gctl error is set gctl_has_param() always returns
'false', which prevents geli(8) from finding some arguments and also masks
an error, which is generates in such case.
Revision Changes Path
1.25.2.2 +218 -30 src/sbin/geom/class/eli/geli.8
1.26.2.3 +516 -169 src/sbin/geom/class/eli/geom_eli.c
1.38.2.7 +4 -4 src/sbin/geom/core/geom.c
1.44.2.3 +271 -101 src/sys/geom/eli/g_eli.c
1.13.10.2 +72 -26 src/sys/geom/eli/g_eli.h
1.6.2.2 +14 -1 src/sys/geom/eli/g_eli_crypto.c
1.13.10.2 +208 -4 src/sys/geom/eli/g_eli_ctl.c
1.4.12.2 +14 -5 src/sys/geom/eli/g_eli_integrity.c
1.3.10.2 +93 -9 src/sys/geom/eli/g_eli_key.c
1.1.12.2 +68 -8 src/sys/geom/eli/g_eli_privacy.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010262308.o9QN8dAh035336>