From f767c70270b1c81eeed4721c7c30bfe936698b5c Mon Sep 17 00:00:00 2001
From: Kyle George <kgeorge@tcpsoft.com>
Date: Mon, 15 Mar 2021 03:18:08 -0400
Subject: [PATCH] Read kern.geom.eli.passphrase from UEFI env vars

Signed-off-by: Kyle George <kgeorge@tcpsoft.com>
---
 stand/efi/loader/main.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/stand/efi/loader/main.c b/stand/efi/loader/main.c
index a5213a51d88b..ecce7a2e4bba 100644
--- a/stand/efi/loader/main.c
+++ b/stand/efi/loader/main.c
@@ -869,6 +869,8 @@ main(int argc, CHAR16 *argv[])
 	char boot_info[4096];
 	char buf[32];
 	bool uefi_boot_mgr;
+	char geom_eli_passphrase[256];
+	UINTN geom_eli_bufsz;
 
 	archsw.arch_autoload = efi_autoload;
 	archsw.arch_getdev = efi_getdev;
@@ -902,6 +904,22 @@ main(int argc, CHAR16 *argv[])
 	 */
 	bcache_init(32768, 512);
 
+	/*
+	 * Read kern.geom.eli.passphrase from the EFI environment under the
+	 * FreeBSD EFI GUID namespace (efi_freebsd_getenv).  Read before scanning
+	 * block IO media so that it's available when probing.
+	 */
+	geom_eli_bufsz = sizeof(geom_eli_passphrase);
+	bzero(geom_eli_passphrase, geom_eli_bufsz);
+	rv = efi_freebsd_getenv("kern.geom.eli.passphrase", geom_eli_passphrase,
+	    &geom_eli_bufsz);
+	if (rv == EFI_SUCCESS) {
+		printf("kern.geom.eli.phassphrase read from EFI env\n");
+		env_setenv("kern.geom.eli.passphrase", EV_VOLATILE,
+		    &geom_eli_passphrase, env_noset, env_nounset);
+		bzero(geom_eli_passphrase, geom_eli_bufsz);
+	}
+
 	/*
 	 * Scan the BLOCK IO MEDIA handles then
 	 * march through the device switch probing for things.
-- 
2.30.1