Status GBDE attach at boot

Allan Fields bsd at afields.ca
Sat Jan 17 11:54:17 PST 2004 

Hi,

I'm interested to know what may be in the pipeline as far as GBDE
boot time attach/automation support.  Has anyone committed to
implementing these features?  (I don't see it anymore (on the 5.3
todo list) in releng pages.)

As a fstab is concerned with mount hack, this is the right approach
I feel.  Snapshots use a mount hack too.  To do this a small hack
to mount(8) with stub for fstype of geom which calls specific command
gbde(8) directly or a mount_geom(8) with similar operations to gbde,
plus also full geom classes support.

# XXX Example fstab of geom entries:
#
# GBDE swap
#/dev/ad0s1b	none		swap	sw		0	0
/dev/ad0s1b	bde		geom	rw,attach,temp	0	0
/dev/ad0s1b.bde	none		swap	sw		0	0
# Normal filesystem
/dev/ad0s1a	/		ufs	rw		1	1
/dev/ad0s1f	/var		ufs	rw		2	2
/dev/ad0s1g	/usr		ufs	rw		2	2
# GBDE tmp dir
/dev/ad0s1e	bde		geom	rw,temp		0	0
/dev/ad0s1e.bde	/tmp		ufs	rw		0	1
# GBDE home dir (prompt on console; block on ttyin, before getty spawned)
#/dev/ad0s1h	/dev/ad0s1h.bde	geom	rw,attach	0	0 #<-long form
/dev/ad0s1h	bde		geom	rw,attach	0	0 #<-shorter
/dev/ad0s1h.bde	/home		ufs	rw		2	2
#
# fs_spec  is device
# fs_file  is GEOM class to instantiate with fs_spec as provider
#    if using long form split on dot to determine class or specify
#    class in mntopts (class=<class> or <class>)
# fs_vfstype has new type: ``geom''
# fs_mntops  has standard form, plus:
#   attach: default action for class bde: to attach, so can be omitted
#   temp: mntopt says init as temporary gbde
#   init: initialize only
#   noauto: don't automatically instantiate / attach
#   level=<lvl>: level at which to attempt to instantiate geom (def: 1)
#	0: in single-user/after root	-1: same as noauto
#       1: before going multi-user (before getty runs on tty)
#	2: after going multi-user (bde needs own tty?)
#   prompt=<ttydev>: prompt for pass phrases/user input on tty
#
#   insert: insert geom instance (default)
#XX remove: remove geom instance - use umount(8)
#   ...: other class options here


# Example prompts on console:
# (user can ^C here to skip attaching it)

!! GEOM/gbde: Passphrase required for attach of /dev/adNsM..
Enter passphrase:
-- GEOM/gbde: Attach sucessful. 

!! GEOM/gbde: Passphrase required for attach of /dev/da0s1a..
Enter passphrase:
gbde: Attach to da0s1a failed: Invalid argument
-- GEOM/gbde: Attach failed.
-- GEOM/gbde: Done.
Jan 17 14:22:03 testhost mount[178]: GEOM/gbde Attach to da0s1a failed: Invalid argument

FreeBSD/i386 (testhost) (ttyv0)

login: _


Another question, about key entry: should there be an option to
allow keys to be read directly from a file/file descriptor instead
of on the command line.  In this way keys could be piped into the
gbde command for attach, etc. from a secure source.  Would this
prove a significant vulnerability compared to tty input?  This might
be used in conjunction with other authentication mechanisms and
if it proves more secure than -p, could be something to look at.

Currently: gbde in readpassphrase(3) prevents reading passphrases
on stdin by setting RPP_REQUIRE_TTY and also readpassphrase() isn't
designed to accommodate key entry from fd if associated tty.  So
this would need a command line option to run as a pipeline from
an interactive shell.


Thanks..
--
 Allan Fields

 BSDCan 2004: May 2004, Ottawa
 See http://www.bsdcan.org for details.

More information about the freebsd-hackers mailing list