Status GBDE attach at boot
Allan Fields
bsd at afields.ca
Sat Jan 17 11:54:17 PST 2004
Hi,
I'm interested to know what may be in the pipeline as far as GBDE
boot time attach/automation support. Has anyone committed to
implementing these features? (I don't see it anymore (on the 5.3
todo list) in releng pages.)
As a fstab is concerned with mount hack, this is the right approach
I feel. Snapshots use a mount hack too. To do this a small hack
to mount(8) with stub for fstype of geom which calls specific command
gbde(8) directly or a mount_geom(8) with similar operations to gbde,
plus also full geom classes support.
# XXX Example fstab of geom entries:
#
# GBDE swap
#/dev/ad0s1b none swap sw 0 0
/dev/ad0s1b bde geom rw,attach,temp 0 0
/dev/ad0s1b.bde none swap sw 0 0
# Normal filesystem
/dev/ad0s1a / ufs rw 1 1
/dev/ad0s1f /var ufs rw 2 2
/dev/ad0s1g /usr ufs rw 2 2
# GBDE tmp dir
/dev/ad0s1e bde geom rw,temp 0 0
/dev/ad0s1e.bde /tmp ufs rw 0 1
# GBDE home dir (prompt on console; block on ttyin, before getty spawned)
#/dev/ad0s1h /dev/ad0s1h.bde geom rw,attach 0 0 #<-long form
/dev/ad0s1h bde geom rw,attach 0 0 #<-shorter
/dev/ad0s1h.bde /home ufs rw 2 2
#
# fs_spec is device
# fs_file is GEOM class to instantiate with fs_spec as provider
# if using long form split on dot to determine class or specify
# class in mntopts (class=<class> or <class>)
# fs_vfstype has new type: ``geom''
# fs_mntops has standard form, plus:
# attach: default action for class bde: to attach, so can be omitted
# temp: mntopt says init as temporary gbde
# init: initialize only
# noauto: don't automatically instantiate / attach
# level=<lvl>: level at which to attempt to instantiate geom (def: 1)
# 0: in single-user/after root -1: same as noauto
# 1: before going multi-user (before getty runs on tty)
# 2: after going multi-user (bde needs own tty?)
# prompt=<ttydev>: prompt for pass phrases/user input on tty
#
# insert: insert geom instance (default)
#XX remove: remove geom instance - use umount(8)
# ...: other class options here
# Example prompts on console:
# (user can ^C here to skip attaching it)
!! GEOM/gbde: Passphrase required for attach of /dev/adNsM..
Enter passphrase:
-- GEOM/gbde: Attach sucessful.
!! GEOM/gbde: Passphrase required for attach of /dev/da0s1a..
Enter passphrase:
gbde: Attach to da0s1a failed: Invalid argument
-- GEOM/gbde: Attach failed.
-- GEOM/gbde: Done.
Jan 17 14:22:03 testhost mount[178]: GEOM/gbde Attach to da0s1a failed: Invalid argument
FreeBSD/i386 (testhost) (ttyv0)
login: _
Another question, about key entry: should there be an option to
allow keys to be read directly from a file/file descriptor instead
of on the command line. In this way keys could be piped into the
gbde command for attach, etc. from a secure source. Would this
prove a significant vulnerability compared to tty input? This might
be used in conjunction with other authentication mechanisms and
if it proves more secure than -p, could be something to look at.
Currently: gbde in readpassphrase(3) prevents reading passphrases
on stdin by setting RPP_REQUIRE_TTY and also readpassphrase() isn't
designed to accommodate key entry from fd if associated tty. So
this would need a command line option to run as a pipeline from
an interactive shell.
Thanks..
--
Allan Fields
BSDCan 2004: May 2004, Ottawa
See http://www.bsdcan.org for details.
More information about the freebsd-hackers
mailing list