From owner-svn-src-head@FreeBSD.ORG Thu Apr 16 20:53:16 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ED5AE2D3; Thu, 16 Apr 2015 20:53:16 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D72A91639; Thu, 16 Apr 2015 20:53:16 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3GKrGBM078437; Thu, 16 Apr 2015 20:53:16 GMT (envelope-from dteske@FreeBSD.org) Received: (from dteske@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3GKrFhS078428; Thu, 16 Apr 2015 20:53:15 GMT (envelope-from dteske@FreeBSD.org) Message-Id: <201504162053.t3GKrFhS078428@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: dteske set sender to dteske@FreeBSD.org using -f From: Devin Teske Date: Thu, 16 Apr 2015 20:53:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r281616 - in head: sys/boot/forth sys/kern usr.sbin/bsdinstall/scripts X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2015 20:53:17 -0000 Author: dteske Date: Thu Apr 16 20:53:15 2015 New Revision: 281616 URL: https://svnweb.freebsd.org/changeset/base/281616 Log: Add "GELI Passphrase:" prompt to boot loader. A new loader.conf(5) option of geom_eli_passphrase_prompt="YES" will now allow you to enter your geli(8) root-mount credentials prior to invoking the kernel. See check-password.4th(8) for details. Differential Revision: https://reviews.freebsd.org/D2105 Reviewed by: imp, kmoore Discussed on: -current MFC after: 3 days X-MFC-to: stable/10 Relnotes: yes Modified: head/sys/boot/forth/check-password.4th head/sys/boot/forth/check-password.4th.8 head/sys/boot/forth/loader.conf head/sys/kern/init_main.c head/usr.sbin/bsdinstall/scripts/zfsboot Modified: head/sys/boot/forth/check-password.4th ============================================================================== --- head/sys/boot/forth/check-password.4th Thu Apr 16 20:50:37 2015 (r281615) +++ head/sys/boot/forth/check-password.4th Thu Apr 16 20:53:15 2015 (r281616) @@ -146,6 +146,15 @@ only forth definitions also password-pro 2drop read-reset else drop then + \ Prompt for GEOM ELI (geli(8)) passphrase if enabled + s" geom_eli_passphrase_prompt" getenv dup -1 <> if + s" YES" compare-insensitive 0= if + s" GELI Passphrase: " read ( prompt -- ) + readval readlen @ s" kern.geom.eli.passphrase" setenv + read-reset + then + else drop then + \ Exit if a password was not set s" password" getenv -1 = if exit else drop then Modified: head/sys/boot/forth/check-password.4th.8 ============================================================================== --- head/sys/boot/forth/check-password.4th.8 Thu Apr 16 20:50:37 2015 (r281615) +++ head/sys/boot/forth/check-password.4th.8 Thu Apr 16 20:53:15 2015 (r281616) @@ -1,4 +1,4 @@ -.\" Copyright (c) 2011-2012 Devin Teske +.\" Copyright (c) 2011-2015 Devin Teske .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 10, 2012 +.Dd March 20, 2015 .Dt CHECK-PASSWORD.4TH 8 .Os .Sh NAME @@ -33,8 +33,12 @@ .Sh DESCRIPTION The file that goes by the name of .Nm -is a set of commands designed to either prevent booting or prevent modification -of boot options without an appropriately configured password. +is a set of commands designed to do one or more of the following: +.Pp +.Dl o Prevent booting without password +.Dl o Prevent modification of boot options without password +.Dl o Provide a password to mount geli(8) encrypted root disk(s) +.Pp The commands of .Nm by themselves are not enough for most uses. @@ -58,14 +62,23 @@ The commands provided by it are: .Pp .Bl -tag -width disable-module_module -compact -offset indent .It Ic check-password -Dual-purpose function that can either protect the interactive boot menu or -prevent boot without password (separately). +Multi-purpose function that can protect the interactive boot menu, +prevent boot without password, or prompt for geli(8) passphrase +.Pq depending on Xr loader.conf 5 settings . .Pp First checks .Va bootlock_password and if-set, the user cannot continue until the correct password is entered. .Pp -Next checks +Next, checks +.Va geom_eli_passphrase_prompt +and if set to +.Li YES +.Pq case-insensitive +prompts the user to enter their GELI password for later mounting of the root +device(s) during boot. +.Pp +Last, checks .Va password and if-set, tries to .Ic autoboot @@ -81,6 +94,11 @@ The environment variables that effect it Sets the bootlock password (up to 16 characters long) that is required by .Ic check-password to be entered before the system is allowed to boot. +.It Va geom_eli_passphrase_prompt +Selects whether loader(8) will prompt for GELI credentials, handing-off to the +kernel for later mounting of +.Xr geli 8 +encrypted root device(s). .It Va password Sets the password (up to 16 characters long) that is required by .Ic check-password @@ -122,6 +140,16 @@ to prevent booting without password: .Bd -literal -offset indent -compact bootlock_password="boot" .Ed +.Pp +Add the following to +.Xr loader.conf 5 +to generate a prompt at boot to collect GELI credentials for mounting +.Xr geli 8 +encrypted root device(s): +.Pp +.Bd -literal -offset indent -compact +geom_eli_passphrase_prompt="YES" +.Ed .Sh SEE ALSO .Xr loader.conf 5 , .Xr loader 8 , Modified: head/sys/boot/forth/loader.conf ============================================================================== --- head/sys/boot/forth/loader.conf Thu Apr 16 20:50:37 2015 (r281615) +++ head/sys/boot/forth/loader.conf Thu Apr 16 20:53:15 2015 (r281616) @@ -62,6 +62,7 @@ entropy_cache_type="/boot/entropy" # "NO" to disable autobooting #password="" # Prevent changes to boot options #bootlock_password="" # Prevent booting (see check-password.4th(8)) +#geom_eli_passphrase_prompt="NO" # Prompt for geli(8) passphrase to mount root #beastie_disable="NO" # Turn the beastie boot menu on and off #kernels="kernel kernel.old" # Kernels to display in the boot menu #loader_logo="orbbw" # Desired logo: orbbw, orb, fbsdbw, beastiebw, beastie, none Modified: head/sys/kern/init_main.c ============================================================================== --- head/sys/kern/init_main.c Thu Apr 16 20:50:37 2015 (r281615) +++ head/sys/kern/init_main.c Thu Apr 16 20:53:15 2015 (r281616) @@ -710,6 +710,9 @@ start_init(void *dummy) vfs_mountroot(); + /* Wipe GELI passphrase from the environment. */ + kern_unsetenv("kern.geom.eli.passphrase"); + /* * Need just enough stack to hold the faked-up "execve()" arguments. */ Modified: head/usr.sbin/bsdinstall/scripts/zfsboot ============================================================================== --- head/usr.sbin/bsdinstall/scripts/zfsboot Thu Apr 16 20:50:37 2015 (r281615) +++ head/usr.sbin/bsdinstall/scripts/zfsboot Thu Apr 16 20:53:15 2015 (r281616) @@ -1346,6 +1346,9 @@ zfs_create_boot() $BSDINSTALL_TMPBOOT/loader.conf.aesni || return $FAILURE f_eval_catch $funcname echo "$ECHO_APPEND" 'geom_eli_load=\"YES\"' \ $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE + f_eval_catch $funcname echo "$ECHO_APPEND" \ + 'geom_eli_passphrase_prompt=\"YES\"' \ + $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE for disk in $disks; do f_eval_catch $funcname printf "$PRINTF_CONF" \ geli_%s_keyfile0_load "$disk$targetpart YES" \