Date: Sun, 20 Mar 2016 13:13:39 -0400 From: Eric McCorkle <eric@metricspace.net> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: boot1-compatible GELI and GPT code? Message-ID: <8F22A0E2-45A3-463B-8CAC-16BEC8DA8883@metricspace.net>
next in thread | raw e-mail | index | archive | help
Hello everyone, I'm working (among other things) on expanding the capabilities of the EFI bo= ot block to be able to load GELI-encrypted partitions, which may contain a G= PT partition table, in order to support full-disk encryption. I'm wondering, is there any code for reading either of these formats that co= uld be used in boot1 hiding out anywhere? It'd be best to avoid rewriting t= his stuff if possible. Also, I haven't investigated the capabilities of loader with regard to GELI y= et beyond cursory inspection. Most importantly, I need to know if loader ca= n handle GPTs and other partition formats inside a GELI, or just single file= systems. As an additional note, it'd be best if there was a method for having boot1 p= ass the key(s) along to loader and ultimately the kernel, so the users don't= have to input their keys 3 times. I'm open to suggestions as to how to do t= his. My initial thought is to create some kind of variable in both loader a= nd kernel, then use the elf data to locate it and directly inject the data p= rior to booting. The rationale is to avoid mechanisms like arguments that c= ould potentially reveal the keys.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8F22A0E2-45A3-463B-8CAC-16BEC8DA8883>