boot1-compatible GELI and GPT code?
    Eric McCorkle 
    eric at metricspace.net
       
    Sun Mar 20 17:13:47 UTC 2016
    
    
  
Hello everyone,
I'm working (among other things) on expanding the capabilities of the EFI boot block to be able to load GELI-encrypted partitions, which may contain a GPT partition table, in order to support full-disk encryption.
I'm wondering, is there any code for reading either of these formats that could be used in boot1 hiding out anywhere?  It'd be best to avoid rewriting this stuff if possible.
Also, I haven't investigated the capabilities of loader with regard to GELI yet beyond cursory inspection.  Most importantly, I need to know if loader can handle GPTs and other partition formats inside a GELI, or just single filesystems.
As an additional note, it'd be best if there was a method for having boot1 pass the key(s) along to loader and ultimately the kernel, so the users don't have to input their keys 3 times.  I'm open to suggestions as to how to do this.  My initial thought is to create some kind of variable in both loader and kernel, then use the elf data to locate it and directly inject the data prior to booting.  The rationale is to avoid mechanisms like arguments that could potentially reveal the keys.
    
    
More information about the freebsd-hackers
mailing list