200448 – GELI Passphrase prompt in boot loader does not work as expected in 10.1-STABLE

Bug 200448 - GELI Passphrase prompt in boot loader does not work as expected in 10.1-STABLE

Summary: GELI Passphrase prompt in boot loader does not work as expected in 10.1-STABLE

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	10.1-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-05-25 23:36 UTC by Chris Mangin
Modified:	2015-07-08 09:55 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Mangin 2015-05-25 23:36:48 UTC

As of r281843 it is possible to activate a bootloader prompt for the GELI passphrase in 10.1-STABLE by setting geom_eli_passphrase_prompt="YES" in /boot/loader.conf

However this does not work as expected since the passphrase does not seem to be received by the kernel. (i.e. the kernel prompts again for the GELI passphrase)

AFAIK, a function to receive the passphrase in the kernel was committed in -HEAD in r273489. However a look at a recent -STABLE (r283270) sys/geom/eli/g_eli.c suggests that this particular piece of code was never MFC'd.

Comment 1 commit-hook freebsd_committer

2015-07-07 18:53:02 UTC

A commit references this bug:

Author: gjb
Date: Tue Jul  7 18:52:23 UTC 2015
New revision: 285249
URL: https://svnweb.freebsd.org/changeset/base/285249

Log:
  MFC r273489 (cperciva):
   Populate the GELI passphrase cache with the kern.geom.eli.passphrase
   variable (if any) provided in the boot environment.  Unset it from
   the kernel environment after doing this, so that the passphrase is
   no longer present in kernel memory once we enter userland.

   This will make it possible to provide a GELI passphrase via the boot
   loader.

  PR:		200448
  Approved by:	re (kib)
  Sponsored by:	The FreeBSD Foundation

Changes:
_U  stable/10/
  stable/10/sys/geom/eli/g_eli.c

Comment 2 Glen Barber freebsd_committer

2015-07-07 18:53:36 UTC

Fixed, thank you for the report.

Comment 3 commit-hook freebsd_committer

2015-07-08 09:55:14 UTC

A commit references this bug:

Author: gjb
Date: Wed Jul  8 09:54:18 UTC 2015
New revision: 285263
URL: https://svnweb.freebsd.org/changeset/base/285263

Log:
  MFC r273489 (cperciva):
   Populate the GELI passphrase cache with the kern.geom.eli.passphrase
   variable (if any) provided in the boot environment.  Unset it from
   the kernel environment after doing this, so that the passphrase is
   no longer present in kernel memory once we enter userland.

   This will make it possible to provide a GELI passphrase via the boot
   loader.

   Note: head and stable/10 differ as a result of r273174, which renames
   the getenv(), setenv(), and unsetenv() functions with kern_getenv(),
   kern_setenv(), and kern_unsetenv(), which was reverted in the relevant
   parts of this change in 10-STABLE.

  PR:		200448
  Approved by:	re (kib)
  Sponsored by:	The FreeBSD Foundation

Changes:
_U  stable/10/
  stable/10/sys/geom/eli/g_eli.c