Summary: | [PATCH] Read kern.geom.eli.passphrase from UEFI variable for unattended boot without passphrase on disk | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Kyle George <kgeorge> | ||||
Component: | kern | Assignee: | freebsd-geom (Nobody) <geom> | ||||
Status: | New --- | ||||||
Severity: | Affects Many People | CC: | colin, jlduran, jo, ruben | ||||
Priority: | --- | Keywords: | patch | ||||
Version: | 12.2-RELEASE | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Kyle George
2021-03-29 06:50:34 UTC
Tried the patch on VMWare and a Clevo NL5xRU notebook with the geli password as a efi var. Besides VMWare UEFI being fickly works as intended. Though this is not UEFI secure boot it is a convenient way for server systems to have both full disk encryption and unattended reboots. I feel it is at the administrators discretion to determine wether to have a key/passphrase in unprotected nvram is different than on a unprotected boot partition It would address the need of people who installed their zfs systems using a separate boot pool using preconfigured keys and want to consolidate that into a single pool so bectl/beadm starts to work for them. Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi> |