FreeBSD Bugzilla – Attachment 168646 Details for
Bug 208251
[regression] Bogus geli passphrase prompts after r296963
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
sys/boot: Don't request GELI passphrases for passphrase-less boot devices
sys-boot-Don-t-request-GELI-passphrases-for-passphrase-less-devices.diff (text/plain), 1.50 KB, created by
Fabian Keil
on 2016-03-26 10:07:43 UTC
(
hide
)
Description:
sys/boot: Don't request GELI passphrases for passphrase-less boot devices
Filename:
MIME Type:
Creator:
Fabian Keil
Created:
2016-03-26 10:07:43 UTC
Size:
1.50 KB
patch
obsolete
>From eb2ef36995604f5d16d0762efbf7566e92462e56 Mon Sep 17 00:00:00 2001 >From: Fabian Keil <fk@fabiankeil.de> >Date: Fri, 25 Mar 2016 18:13:52 +0100 >Subject: [PATCH] sys/boot: Don't request GELI passphrases for passphrase-less > boot devices > >r296963 added support for GELI boot devices with passphrases >and without keyfiles but the passphrase prompt was shown for >all boot devices, including those that only required a keyfile, >or that required both a keyfile and a passphrase. > >Attaching such devices (obviously) did not work and as a result >r296963 broke unattended booting from these configurations. > >This commit suppresses the promt for passphrase-less boot >devices but does not suppress it for boot devices that require >both a passphrase and a keyfile as this currently can't be >deduced from the GELI metadata. > >Probably a new GELI on-disk flag should be added >to solve this. > >Obtained from: ElectroBSD >PR: 208251 (not completely fixed, though) >--- > sys/boot/geli/geliboot.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/sys/boot/geli/geliboot.c b/sys/boot/geli/geliboot.c >index 6959ab8..a218fd9 100644 >--- a/sys/boot/geli/geliboot.c >+++ b/sys/boot/geli/geliboot.c >@@ -94,6 +94,11 @@ geli_taste(int read_func(void *vdev, void *priv, off_t off, void *buf, > /* Disk is not GELI boot device, skip it */ > return (1); > } >+ if (md.md_iterations < 0) { >+ /* Disk is GELI boot device without passphrase, skip it */ >+ return (1); >+ } >+ > geli_e = malloc(sizeof(struct geli_entry)); > if (geli_e == NULL) > return (2); >-- >2.7.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=168646">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 208251
: 168646