From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 17 11:54:17 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E426016A4CE; Sat, 17 Jan 2004 11:54:16 -0800 (PST) Received: from afields.ca (afields.ca [216.194.67.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21C3843D46; Sat, 17 Jan 2004 11:54:15 -0800 (PST) (envelope-from afields@afields.ca) Received: from afields.ca (localhost.afields.ca [127.0.0.1]) by afields.ca (8.12.6/8.12.6) with ESMTP id i0HJs3Go015378; Sat, 17 Jan 2004 14:54:03 -0500 (EST) (envelope-from afields@afields.ca) Received: (from afields@localhost) by afields.ca (8.12.6/8.12.6/Submit) id i0HJrw17015377; Sat, 17 Jan 2004 14:53:58 -0500 (EST) (envelope-from afields) Date: Sat, 17 Jan 2004 14:53:58 -0500 From: Allan Fields To: phk@freebsd.org Message-ID: <20040117195358.GH34696@afields.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Mailman-Approved-At: Sun, 18 Jan 2004 05:27:28 -0800 cc: shamrock@cypherpunks.to Subject: Status GBDE attach at boot X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Allan Fields List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2004 19:54:17 -0000 Hi, I'm interested to know what may be in the pipeline as far as GBDE boot time attach/automation support. Has anyone committed to implementing these features? (I don't see it anymore (on the 5.3 todo list) in releng pages.) As a fstab is concerned with mount hack, this is the right approach I feel. Snapshots use a mount hack too. To do this a small hack to mount(8) with stub for fstype of geom which calls specific command gbde(8) directly or a mount_geom(8) with similar operations to gbde, plus also full geom classes support. # XXX Example fstab of geom entries: # # GBDE swap #/dev/ad0s1b none swap sw 0 0 /dev/ad0s1b bde geom rw,attach,temp 0 0 /dev/ad0s1b.bde none swap sw 0 0 # Normal filesystem /dev/ad0s1a / ufs rw 1 1 /dev/ad0s1f /var ufs rw 2 2 /dev/ad0s1g /usr ufs rw 2 2 # GBDE tmp dir /dev/ad0s1e bde geom rw,temp 0 0 /dev/ad0s1e.bde /tmp ufs rw 0 1 # GBDE home dir (prompt on console; block on ttyin, before getty spawned) #/dev/ad0s1h /dev/ad0s1h.bde geom rw,attach 0 0 #<-long form /dev/ad0s1h bde geom rw,attach 0 0 #<-shorter /dev/ad0s1h.bde /home ufs rw 2 2 # # fs_spec is device # fs_file is GEOM class to instantiate with fs_spec as provider # if using long form split on dot to determine class or specify # class in mntopts (class= or ) # fs_vfstype has new type: ``geom'' # fs_mntops has standard form, plus: # attach: default action for class bde: to attach, so can be omitted # temp: mntopt says init as temporary gbde # init: initialize only # noauto: don't automatically instantiate / attach # level=: level at which to attempt to instantiate geom (def: 1) # 0: in single-user/after root -1: same as noauto # 1: before going multi-user (before getty runs on tty) # 2: after going multi-user (bde needs own tty?) # prompt=: prompt for pass phrases/user input on tty # # insert: insert geom instance (default) #XX remove: remove geom instance - use umount(8) # ...: other class options here # Example prompts on console: # (user can ^C here to skip attaching it) !! GEOM/gbde: Passphrase required for attach of /dev/adNsM.. Enter passphrase: -- GEOM/gbde: Attach sucessful. !! GEOM/gbde: Passphrase required for attach of /dev/da0s1a.. Enter passphrase: gbde: Attach to da0s1a failed: Invalid argument -- GEOM/gbde: Attach failed. -- GEOM/gbde: Done. Jan 17 14:22:03 testhost mount[178]: GEOM/gbde Attach to da0s1a failed: Invalid argument FreeBSD/i386 (testhost) (ttyv0) login: _ Another question, about key entry: should there be an option to allow keys to be read directly from a file/file descriptor instead of on the command line. In this way keys could be piped into the gbde command for attach, etc. from a secure source. Would this prove a significant vulnerability compared to tty input? This might be used in conjunction with other authentication mechanisms and if it proves more secure than -p, could be something to look at. Currently: gbde in readpassphrase(3) prevents reading passphrases on stdin by setting RPP_REQUIRE_TTY and also readpassphrase() isn't designed to accommodate key entry from fd if associated tty. So this would need a command line option to run as a pipeline from an interactive shell. Thanks.. -- Allan Fields BSDCan 2004: May 2004, Ottawa See http://www.bsdcan.org for details.