-k/-K options for gbde(8).

Allan Fields bsd at afields.ca
Fri Feb 4 07:05:09 PST 2005 

On Fri, Feb 04, 2005 at 12:04:30AM +0100, Pawel Jakub Dawidek wrote:
> Hi.
> 
> Patch below implement -k/-K/-N options from the gbde(8)-TODO list:
> 
> 	http://people.freebsd.org/~pjd/patches/gbde.3.patch

It seems in a previous life now.. I had also done a similar patch,
it's on the list a while back and have updated since.

Since then, I looked at various ways gbde(8) could be improved,
expanded the TODO list, and started work on encrypted root support
(Going from memory: phk and I discussed various options and concluded it
best to implement an optional signature in metadata for gbde volumes
to be detected and auto-mounted at boot before init I believe.)

Regarding auto-mounting I responded:
>
> Some of the target objectives I had in mind were:
> - Facilitate mounting of encrypted root (implies auto-attach or                                                                    
>   prev. mentioned sol's working from device name [XX: not wise]).
>   [Attached before attempting to mount root]
> - Allow non-boot-time-critical devices to be either manually
>   mounted or mounted such that they don't hold up the boot process.
>   i.e. allow some gbde devices to be mounted at different stages
>   in the boot process -- which is current way..
>   No reason to attach /topsecret at the same time as encrypted /tmp
>   (Perhaps the two have different security needs)
>   [Could use a multi-stage approach in rc scripts]
> - But allow the kernel to automatically attach gbde devices as
    found [, where desired]
> - Encrypted swap implies still having control over the attach so
>   it doesn't try to attach old gbde with random passphrase
>
> How about just an "auto" flag in the metadata which is either 0 or 1.
> Then you could keep the current manual behaviour and have some
> devices (not) prompt for passphrase before startup.
>
> Incidentally, this could be as easy as saying on devices with sector
> 0 are auto attached the rest are manual.
>
> [..]

> Those options allow to give a part of the pass-phrase from the file:
> 
> 	gbde attach da0 -k /mnt/usb/da0.key
> 
> If '-N' option is not given user will still be prompted for the
> pass-phrase and the two parts will be used as a one key.

That's an interesting feature, the alternative which I originally
proposed of encrypting key material is a less wise strategy which
I'll suggest against.  This might lend useful for multi-party
keying schemes, though N of M would still require some work.

> -k/-K option can be used multiple times:
> 
> 	gbde attach da0 -k /mnt/usb/da0.key -k /somewhereelse/da0.key
> which is equivalent to:
> 	cat /mnt/usb/da0.key /somewhereelse/da0.key | gbde attach da0 -k /dev/stdin

> -- 
> Pawel Jakub Dawidek                       http://www.wheel.pl
> pjd at FreeBSD.org                           http://www.FreeBSD.org
> FreeBSD committer                         Am I Evil? Yes, I Am!

-- 
Allan Fields

More information about the freebsd-geom mailing list