Date: Thu, 19 Mar 2020 09:23:27 +0000 (UTC) From: Mateusz Piotrowski <0mp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359125 - head/lib/geom/eli Message-ID: <202003190923.02J9NRtU059160@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: 0mp (doc,ports committer) Date: Thu Mar 19 09:23:26 2020 New Revision: 359125 URL: https://svnweb.freebsd.org/changeset/base/359125 Log: Document geli(8) loader variables conventions The geli(8) manual page has an example for preloading keyfiles during boot. There is no detail though on how the lookup of these variables actually works. Let's document that the name of a device does not have to be a part of the variable. PR: 243261 Submitted by: johannes@jo-t.de Approved by: bcr (mentor) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D24114 Modified: head/lib/geom/eli/geli.8 Modified: head/lib/geom/eli/geli.8 ============================================================================== --- head/lib/geom/eli/geli.8 Thu Mar 19 09:21:27 2020 (r359124) +++ head/lib/geom/eli/geli.8 Thu Mar 19 09:23:26 2020 (r359125) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 23, 2019 +.Dd March 19, 2020 .Dt GELI 8 .Os .Sh NAME @@ -1012,6 +1012,35 @@ geli_da1s3a_keyfile_load="YES" geli_da1s3a_keyfile_type="da1s3a:geli_keyfile" geli_da1s3a_keyfile_name="/boot/keys/da1s3a.key" .Ed +.Pp +By convention, these loader variables are called +.Sm off +.Va geli_ No < Ar device No > Va _load . +.Sm on +However, the actual name prefix before +.Va _load , _type , +or +.Va _name +does not matter. +At boot time, the +.Nm +module searches through all +.Sm off +.No < Va prefix No > Va _type No -like +.Sm on +variables that have a value of +.Sm off +.Dq < Ar device No > :geli_keyfile . +.Sm on +The paths to keyfiles are then extracted from +.Sm off +.No < Ar prefix No > Va _name +.Sm on +variables. +In the example above, +.Ar prefix +is +.Dq Li geli_da1s3a_keyfile . .Pp Not only configure encryption, but also data integrity verification using .Nm HMAC/SHA256 .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003190923.02J9NRtU059160>