svn commit: r285249 - stable/10/sys/geom/eli
Glen Barber
gjb at FreeBSD.org
Tue Jul 7 18:52:24 UTC 2015
Author: gjb
Date: Tue Jul 7 18:52:22 2015
New Revision: 285249
URL: https://svnweb.freebsd.org/changeset/base/285249
Log:
MFC r273489 (cperciva):
Populate the GELI passphrase cache with the kern.geom.eli.passphrase
variable (if any) provided in the boot environment. Unset it from
the kernel environment after doing this, so that the passphrase is
no longer present in kernel memory once we enter userland.
This will make it possible to provide a GELI passphrase via the boot
loader.
PR: 200448
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Modified:
stable/10/sys/geom/eli/g_eli.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/geom/eli/g_eli.c
==============================================================================
--- stable/10/sys/geom/eli/g_eli.c Tue Jul 7 18:46:41 2015 (r285248)
+++ stable/10/sys/geom/eli/g_eli.c Tue Jul 7 18:52:22 2015 (r285249)
@@ -99,6 +99,25 @@ SYSCTL_UINT(_kern_geom_eli, OID_AUTO, bo
&g_eli_boot_passcache, 0,
"Passphrases are cached during boot process for possible reuse");
static void
+fetch_loader_passphrase(void * dummy)
+{
+ char * env_passphrase;
+
+ KASSERT(dynamic_kenv, ("need dynamic kenv"));
+
+ if ((env_passphrase = kern_getenv("kern.geom.eli.passphrase")) != NULL) {
+ /* Extract passphrase from the environment. */
+ strlcpy(cached_passphrase, env_passphrase,
+ sizeof(cached_passphrase));
+ freeenv(env_passphrase);
+
+ /* Wipe the passphrase from the environment. */
+ kern_unsetenv("kern.geom.eli.passphrase");
+ }
+}
+SYSINIT(geli_fetch_loader_passphrase, SI_SUB_KMEM + 1, SI_ORDER_ANY,
+ fetch_loader_passphrase, NULL);
+static void
zero_boot_passcache(void * dummy)
{
More information about the svn-src-stable
mailing list