Skip to content
GitLab
Switch branch/tag
  1. 14 Jan, 2022 1 commit
  3. 11 Jan, 2022 1 commit
  5. 07 Oct, 2021 1 commit
  7. 11 Jul, 2020 2 commits
  9. 20 May, 2020 2 commits
    • jhb's avatar
      Fix libstand build breakage after r361298. · 52934e62
      jhb authored 
      - Use enc_xform_aes_xts.setkey() directly instead of duplicating the code
  now that it no longer calls malloc().
- Rather than bringing back all of xform_userland.h, add a conditional
  #include of <stand.h> to xform_enc.h.
- Update calls to encrypt/decrypt callbacks in enc_xform_aes_xts for
  separate input/output pointers.

Pointy hat to:	jhb
      52934e62
    • John Baldwin's avatar
      Fix libstand build breakage after r361298. · 4f98ffdd
      John Baldwin authored 
      - Use enc_xform_aes_xts.setkey() directly instead of duplicating the code
  now that it no longer calls malloc().
- Rather than bringing back all of xform_userland.h, add a conditional
  #include of <stand.h> to xform_enc.h.
- Update calls to encrypt/decrypt callbacks in enc_xform_aes_xts for
  separate input/output pointers.

Pointy hat to:	jhb
      4f98ffdd
  11. 13 Jul, 2018 2 commits
  13. 18 Jun, 2018 2 commits
    • imp's avatar
      stand: move libgeliboot into libsa. · 9a782459
      imp authored 
      Reduce by 1 the number of crazy libraries we need in stand by moving
geli into libsa (where architecturally it belonged all along). This
just moves things around without any code changes.
      9a782459
    • Warner Losh's avatar
      stand: move libgeliboot into libsa. · 62bd02ce
      Warner Losh authored 
      Reduce by 1 the number of crazy libraries we need in stand by moving
geli into libsa (where architecturally it belonged all along). This
just moves things around without any code changes.
      62bd02ce
  15. 14 Nov, 2017 2 commits
  17. 26 Aug, 2017 2 commits
    • imp's avatar
      Fix warnings due to type mismatch. · 679f0564
      imp authored 
      Cast ctxp to caddr_t to pass data as expected. While void * is a
universal type, char * isn't (and that's what caddr_t is defined as).
One could argue these prototypes should take void * rather than
caddr_t, but changing that is much more invasive.

Sponsored by: Netflix
      679f0564
    • Warner Losh's avatar
      Fix warnings due to type mismatch. · f4380fc4
      Warner Losh authored 
      Cast ctxp to caddr_t to pass data as expected. While void * is a
universal type, char * isn't (and that's what caddr_t is defined as).
One could argue these prototypes should take void * rather than
caddr_t, but changing that is much more invasive.

Sponsored by: Netflix
      f4380fc4
  19. 01 Apr, 2017 2 commits
    • allanjude's avatar
      Implement boot-time encryption key passing (keybuf) · 6a205a32
      allanjude authored 
      This patch adds a general mechanism for providing encryption keys to the
kernel from the boot loader. This is intended to enable GELI support at
boot time, providing a better mechanism for passing keys to the kernel
than environment variables. It is designed to be extensible to other
applications, and can easily handle multiple encrypted volumes with
different keys.

This mechanism is currently used by the pending GELI EFI work.
Additionally, this mechanism can potentially be used to interface with
GRUB, opening up options for coreboot+GRUB configurations with completely
encrypted disks.

Another benefit over the existing system is that it does not require
re-deriving the user key from the password at each boot stage.

Most of this patch was written by Eric McCorkle. It was extended by
Allan Jude with a number of minor enhancements and extending the keybuf
feature into boot2.

GELI user keys are now derived once, in boot2, then passed to the loader,
which reuses the key, then passes it to the kernel, where the GELI module
destroys the keybuf after decrypting the volumes.

Submitted by:	Eric McCorkle <eric@metricspace.net> (Original Version)
Reviewed by:	oshogbo (earlier version), cem (earlier version)
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9575
      6a205a32
    • Allan Jude's avatar
      Implement boot-time encryption key passing (keybuf) · ec5c0e5b
      Allan Jude authored 
      This patch adds a general mechanism for providing encryption keys to the
kernel from the boot loader. This is intended to enable GELI support at
boot time, providing a better mechanism for passing keys to the kernel
than environment variables. It is designed to be extensible to other
applications, and can easily handle multiple encrypted volumes with
different keys.

This mechanism is currently used by the pending GELI EFI work.
Additionally, this mechanism can potentially be used to interface with
GRUB, opening up options for coreboot+GRUB configurations with completely
encrypted disks.

Another benefit over the existing system is that it does not require
re-deriving the user key from the password at each boot stage.

Most of this patch was written by Eric McCorkle. It was extended by
Allan Jude with a number of minor enhancements and extending the keybuf
feature into boot2.

GELI user keys are now derived once, in boot2, then passed to the loader,
which reuses the key, then passes it to the kernel, where the GELI module
destroys the keybuf after decrypting the volumes.

Submitted by:	Eric McCorkle <eric@metricspace.net> (Original Version)
Reviewed by:	oshogbo (earlier version), cem (earlier version)
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9575
      ec5c0e5b
  21. 31 Mar, 2017 2 commits
  23. 31 May, 2016 2 commits
  25. 27 May, 2016 1 commit
  27. 16 Mar, 2016 2 commits