Date: Mon, 2 Jul 2018 22:58:04 +0000 (UTC) From: Ian Lepore <ian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r335877 - head/tools/boot Message-ID: <201807022258.w62Mw42s016280@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ian Date: Mon Jul 2 22:58:04 2018 New Revision: 335877 URL: https://svnweb.freebsd.org/changeset/base/335877 Log: Move the passphrase and iteration count into variables. This is purely to make it easier to tweak them locally; the machine I have for testing takes forever to do 50,000 pw strengthening iterations, and we're not testing the strength of geli's anti-pw-guessing logic here (especially given that our test passphrase is "passphrase", except that I tend to tweak that also, to 'x', because typing is hard). Some day these should be settable as cmdline args. But then, some day this whole script should probably get a rewrite. :) Modified: head/tools/boot/rootgen.sh Modified: head/tools/boot/rootgen.sh ============================================================================== --- head/tools/boot/rootgen.sh Mon Jul 2 22:51:48 2018 (r335876) +++ head/tools/boot/rootgen.sh Mon Jul 2 22:58:04 2018 (r335877) @@ -2,6 +2,9 @@ # $FreeBSD$ +passphrase=x +iterations=5000 + do_boot1_efi=0 # @@ -394,8 +397,8 @@ mk_geli_gpt_ufs_legacy() { gpart add -t freebsd-boot -s 400k -a 4k ${md} # <= ~540k gpart add -t freebsd-ufs -l root $md # install-boot will make this bootable - echo passphrase | geli init -bg -e AES-XTS -i 50000 -J - -l 256 -s 4096 ${md}p2 - echo passphrase | geli attach -j - ${md}p2 + echo ${passphrase} | geli init -bg -e AES-XTS -i ${iterations} -J - -l 256 -s 4096 ${md}p2 + echo ${passphrase} | geli attach -j - ${md}p2 newfs /dev/${md}p2.eli mount /dev/${md}p2.eli ${mntpt} cpsys ${src} ${mntpt} @@ -430,8 +433,8 @@ mk_geli_gpt_ufs_uefi() { gpart add -t efi -s 800k -a 4k ${md} gpart add -t freebsd-ufs -l root $md # install-boot will make this bootable - echo passphrase | geli init -bg -e AES-XTS -i 50000 -J - -l 256 -s 4096 ${md}p2 - echo passphrase | geli attach -j - ${md}p2 + echo ${passphrase} | geli init -bg -e AES-XTS -i ${iterations} -J - -l 256 -s 4096 ${md}p2 + echo ${passphrase} | geli attach -j - ${md}p2 newfs /dev/${md}p2.eli mount /dev/${md}p2.eli ${mntpt} cpsys ${src} ${mntpt} @@ -467,8 +470,8 @@ mk_geli_gpt_ufs_both() { gpart add -t freebsd-boot -s 400k -a 4k ${md} # <= ~540k gpart add -t freebsd-ufs -l root $md # install-boot will make this bootable - echo passphrase | geli init -bg -e AES-XTS -i 50000 -J - -l 256 -s 4096 ${md}p3 - echo passphrase | geli attach -j - ${md}p3 + echo ${passphrase} | geli init -bg -e AES-XTS -i ${iterations} -J - -l 256 -s 4096 ${md}p3 + echo ${passphrase} | geli attach -j - ${md}p3 newfs /dev/${md}p3.eli mount /dev/${md}p3.eli ${mntpt} cpsys ${src} ${mntpt} @@ -504,8 +507,8 @@ mk_geli_gpt_zfs_legacy() { gpart add -t freebsd-boot -s 400k -a 4k ${md} # <= ~540k gpart add -t freebsd-zfs -l root $md # install-boot will make this bootable - echo passphrase | geli init -bg -e AES-XTS -i 50000 -J - -l 256 -s 4096 ${md}p2 - echo passphrase | geli attach -j - ${md}p2 + echo ${passphrase} | geli init -bg -e AES-XTS -i ${iterations} -J - -l 256 -s 4096 ${md}p2 + echo ${passphrase} | geli attach -j - ${md}p2 zpool create -O mountpoint=none -R ${mntpt} ${pool} ${md}p2.eli zpool set bootfs=${pool} ${pool} zfs create -po mountpoint=/ ${pool}/ROOT/default @@ -547,8 +550,8 @@ mk_geli_gpt_zfs_uefi() { gpart add -t efi -s 800k -a 4k ${md} gpart add -t freebsd-zfs -l root $md # install-boot will make this bootable - echo passphrase | geli init -bg -e AES-XTS -i 50000 -J - -l 256 -s 4096 ${md}p2 - echo passphrase | geli attach -j - ${md}p2 + echo ${passphrase} | geli init -bg -e AES-XTS -i ${iterations} -J - -l 256 -s 4096 ${md}p2 + echo ${passphrase} | geli attach -j - ${md}p2 zpool create -O mountpoint=none -R ${mntpt} ${pool} ${md}p2.eli zpool set bootfs=${pool} ${pool} zfs create -po mountpoint=/ ${pool}/ROOT/default @@ -591,8 +594,8 @@ mk_geli_gpt_zfs_both() { gpart add -t freebsd-boot -s 400k -a 4k ${md} # <= ~540k gpart add -t freebsd-zfs -l root $md # install-boot will make this bootable - echo passphrase | geli init -bg -e AES-XTS -i 50000 -J - -l 256 -s 4096 ${md}p3 - echo passphrase | geli attach -j - ${md}p3 + echo ${passphrase} | geli init -bg -e AES-XTS -i ${iterations} -J - -l 256 -s 4096 ${md}p3 + echo ${passphrase} | geli attach -j - ${md}p3 zpool create -O mountpoint=none -R ${mntpt} ${pool} ${md}p3.eli zpool set bootfs=${pool} ${pool} zfs create -po mountpoint=/ ${pool}/ROOT/default
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807022258.w62Mw42s016280>