Page MenuHomeFreeBSD

geli: Allow disabling passphrase prompt
Needs ReviewPublic

Authored by oshogbo on May 19 2024, 1:51 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 22 2024, 7:14 AM
Unknown Object (File)
Sep 21 2024, 8:11 AM
Unknown Object (File)
Sep 8 2024, 6:29 AM
Unknown Object (File)
Aug 22 2024, 3:55 AM
Unknown Object (File)
Jun 30 2024, 4:49 AM
Unknown Object (File)
May 27 2024, 9:17 AM
Unknown Object (File)
May 25 2024, 7:05 PM
Unknown Object (File)
May 25 2024, 2:13 PM

Details

Summary

When using mixed decryption methods, it might be useful to disable
the passphrase prompt to allow the boot process to fail gracefully.
For example, if a device is not essential for booting, it can be
ignored during the boot process. Later, we can remotely access
the machine and decrypt the device, instead of requiring a user
to connect a keyboard to the server.

I have decided to implement this as a bootloader setting rather
than a geli flag. This approach allows us to simply unset this
flag during boot in the bootloader CLI, without the need for an
additional FreeBSD box to unset the geli flag on the disk.

This change is based on: https://reviews.freebsd.org/D45250

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 57765
Build 54653: arc lint + arc unit

Event Timeline

stand/libsa/geli/geliboot.c
39

Unrelated style changes.

sys/geom/eli/g_eli.c
1259

I suspect that some valid provider names contain characters that cannot be in a kenv variable name. Do we need to handle that somehow?

1262

Just a suggestion, plain "Skip" is too unclear IMO.