From owner-svn-src-head@freebsd.org Thu Mar 19 09:23:27 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D7109259B66; Thu, 19 Mar 2020 09:23:27 +0000 (UTC) (envelope-from 0mp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jhKW3X7jz3MBT; Thu, 19 Mar 2020 09:23:27 +0000 (UTC) (envelope-from 0mp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5959B8C34; Thu, 19 Mar 2020 09:23:27 +0000 (UTC) (envelope-from 0mp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02J9NRYr059161; Thu, 19 Mar 2020 09:23:27 GMT (envelope-from 0mp@FreeBSD.org) Received: (from 0mp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02J9NRtU059160; Thu, 19 Mar 2020 09:23:27 GMT (envelope-from 0mp@FreeBSD.org) Message-Id: <202003190923.02J9NRtU059160@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: 0mp set sender to 0mp@FreeBSD.org using -f From: Mateusz Piotrowski <0mp@FreeBSD.org> Date: Thu, 19 Mar 2020 09:23:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359125 - head/lib/geom/eli X-SVN-Group: head X-SVN-Commit-Author: 0mp X-SVN-Commit-Paths: head/lib/geom/eli X-SVN-Commit-Revision: 359125 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 09:23:27 -0000 Author: 0mp (doc,ports committer) Date: Thu Mar 19 09:23:26 2020 New Revision: 359125 URL: https://svnweb.freebsd.org/changeset/base/359125 Log: Document geli(8) loader variables conventions The geli(8) manual page has an example for preloading keyfiles during boot. There is no detail though on how the lookup of these variables actually works. Let's document that the name of a device does not have to be a part of the variable. PR: 243261 Submitted by: johannes@jo-t.de Approved by: bcr (mentor) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D24114 Modified: head/lib/geom/eli/geli.8 Modified: head/lib/geom/eli/geli.8 ============================================================================== --- head/lib/geom/eli/geli.8 Thu Mar 19 09:21:27 2020 (r359124) +++ head/lib/geom/eli/geli.8 Thu Mar 19 09:23:26 2020 (r359125) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 23, 2019 +.Dd March 19, 2020 .Dt GELI 8 .Os .Sh NAME @@ -1012,6 +1012,35 @@ geli_da1s3a_keyfile_load="YES" geli_da1s3a_keyfile_type="da1s3a:geli_keyfile" geli_da1s3a_keyfile_name="/boot/keys/da1s3a.key" .Ed +.Pp +By convention, these loader variables are called +.Sm off +.Va geli_ No < Ar device No > Va _load . +.Sm on +However, the actual name prefix before +.Va _load , _type , +or +.Va _name +does not matter. +At boot time, the +.Nm +module searches through all +.Sm off +.No < Va prefix No > Va _type No -like +.Sm on +variables that have a value of +.Sm off +.Dq < Ar device No > :geli_keyfile . +.Sm on +The paths to keyfiles are then extracted from +.Sm off +.No < Ar prefix No > Va _name +.Sm on +variables. +In the example above, +.Ar prefix +is +.Dq Li geli_da1s3a_keyfile . .Pp Not only configure encryption, but also data integrity verification using .Nm HMAC/SHA256 .