svn commit: r273489 - head/sys/geom/eli

[Colin Percival]

Author: cperciva
Date: Wed Oct 22 23:41:15 2014
New Revision: 273489
URL: https://svnweb.freebsd.org/changeset/base/273489

Log:
  Populate the GELI passphrase cache with the kern.geom.eli.passphrase
  variable (if any) provided in the boot environment.  Unset it from
  the kernel environment after doing this, so that the passphrase is
  no longer present in kernel memory once we enter userland.
  
  This will make it possible to provide a GELI passphrase via the boot
  loader; FreeBSD's loader does not yet do this, but GRUB (and PCBSD)
  will have support for this soon.
  
  Tested by:	kmoore

Modified:
  head/sys/geom/eli/g_eli.c

Modified: head/sys/geom/eli/g_eli.c
==============================================================================
--- head/sys/geom/eli/g_eli.c	Wed Oct 22 23:35:56 2014	(r273488)
+++ head/sys/geom/eli/g_eli.c	Wed Oct 22 23:41:15 2014	(r273489)
@@ -93,6 +93,25 @@ SYSCTL_UINT(_kern_geom_eli, OID_AUTO, bo
     &g_eli_boot_passcache, 0,
     "Passphrases are cached during boot process for possible reuse");
 static void
+fetch_loader_passphrase(void * dummy)
+{
+	char * env_passphrase;
+
+	KASSERT(dynamic_kenv, ("need dynamic kenv"));
+
+	if ((env_passphrase = kern_getenv("kern.geom.eli.passphrase")) != NULL) {
+		/* Extract passphrase from the environment. */
+		strlcpy(cached_passphrase, env_passphrase,
+		    sizeof(cached_passphrase));
+		freeenv(env_passphrase);
+
+		/* Wipe the passphrase from the environment. */
+		kern_unsetenv("kern.geom.eli.passphrase");
+	}
+}
+SYSINIT(geli_fetch_loader_passphrase, SI_SUB_KMEM + 1, SI_ORDER_ANY,
+    fetch_loader_passphrase, NULL);
+static void
 zero_boot_passcache(void * dummy)
 {