1. 14 Jan, 2022 1 commit
  2. 11 Jan, 2022 1 commit
  3. 07 Oct, 2021 1 commit
  4. 11 Jul, 2020 2 commits
  5. 20 May, 2020 2 commits
    • jhb's avatar
      Fix libstand build breakage after r361298. · 52934e62
      jhb authored
      - Use enc_xform_aes_xts.setkey() directly instead of duplicating the code
        now that it no longer calls malloc().
      - Rather than bringing back all of xform_userland.h, add a conditional
        #include of <stand.h> to xform_enc.h.
      - Update calls to encrypt/decrypt callbacks in enc_xform_aes_xts for
        separate input/output pointers.
      
      Pointy hat to:	jhb
      52934e62
    • John Baldwin's avatar
      Fix libstand build breakage after r361298. · 4f98ffdd
      John Baldwin authored
      - Use enc_xform_aes_xts.setkey() directly instead of duplicating the code
        now that it no longer calls malloc().
      - Rather than bringing back all of xform_userland.h, add a conditional
        #include of <stand.h> to xform_enc.h.
      - Update calls to encrypt/decrypt callbacks in enc_xform_aes_xts for
        separate input/output pointers.
      
      Pointy hat to:	jhb
      4f98ffdd
  6. 13 Jul, 2018 2 commits
  7. 18 Jun, 2018 2 commits
    • imp's avatar
      stand: move libgeliboot into libsa. · 9a782459
      imp authored
      Reduce by 1 the number of crazy libraries we need in stand by moving
      geli into libsa (where architecturally it belonged all along). This
      just moves things around without any code changes.
      9a782459
    • Warner Losh's avatar
      stand: move libgeliboot into libsa. · 62bd02ce
      Warner Losh authored
      Reduce by 1 the number of crazy libraries we need in stand by moving
      geli into libsa (where architecturally it belonged all along). This
      just moves things around without any code changes.
      62bd02ce
  8. 14 Nov, 2017 2 commits
  9. 26 Aug, 2017 2 commits
    • imp's avatar
      Fix warnings due to type mismatch. · 679f0564
      imp authored
      Cast ctxp to caddr_t to pass data as expected. While void * is a
      universal type, char * isn't (and that's what caddr_t is defined as).
      One could argue these prototypes should take void * rather than
      caddr_t, but changing that is much more invasive.
      
      Sponsored by: Netflix
      679f0564
    • Warner Losh's avatar
      Fix warnings due to type mismatch. · f4380fc4
      Warner Losh authored
      Cast ctxp to caddr_t to pass data as expected. While void * is a
      universal type, char * isn't (and that's what caddr_t is defined as).
      One could argue these prototypes should take void * rather than
      caddr_t, but changing that is much more invasive.
      
      Sponsored by: Netflix
      f4380fc4
  10. 01 Apr, 2017 2 commits
    • allanjude's avatar
      Implement boot-time encryption key passing (keybuf) · 6a205a32
      allanjude authored
      This patch adds a general mechanism for providing encryption keys to the
      kernel from the boot loader. This is intended to enable GELI support at
      boot time, providing a better mechanism for passing keys to the kernel
      than environment variables. It is designed to be extensible to other
      applications, and can easily handle multiple encrypted volumes with
      different keys.
      
      This mechanism is currently used by the pending GELI EFI work.
      Additionally, this mechanism can potentially be used to interface with
      GRUB, opening up options for coreboot+GRUB configurations with completely
      encrypted disks.
      
      Another benefit over the existing system is that it does not require
      re-deriving the user key from the password at each boot stage.
      
      Most of this patch was written by Eric McCorkle. It was extended by
      Allan Jude with a number of minor enhancements and extending the keybuf
      feature into boot2.
      
      GELI user keys are now derived once, in boot2, then passed to the loader,
      which reuses the key, then passes it to the kernel, where the GELI module
      destroys the keybuf after decrypting the volumes.
      
      Submitted by:	Eric McCorkle <eric@metricspace.net> (Original Version)
      Reviewed by:	oshogbo (earlier version), cem (earlier version)
      MFC after:	3 weeks
      Relnotes:	yes
      Sponsored by:	ScaleEngine Inc.
      Differential Revision:	https://reviews.freebsd.org/D9575
      6a205a32
    • Allan Jude's avatar
      Implement boot-time encryption key passing (keybuf) · ec5c0e5b
      Allan Jude authored
      This patch adds a general mechanism for providing encryption keys to the
      kernel from the boot loader. This is intended to enable GELI support at
      boot time, providing a better mechanism for passing keys to the kernel
      than environment variables. It is designed to be extensible to other
      applications, and can easily handle multiple encrypted volumes with
      different keys.
      
      This mechanism is currently used by the pending GELI EFI work.
      Additionally, this mechanism can potentially be used to interface with
      GRUB, opening up options for coreboot+GRUB configurations with completely
      encrypted disks.
      
      Another benefit over the existing system is that it does not require
      re-deriving the user key from the password at each boot stage.
      
      Most of this patch was written by Eric McCorkle. It was extended by
      Allan Jude with a number of minor enhancements and extending the keybuf
      feature into boot2.
      
      GELI user keys are now derived once, in boot2, then passed to the loader,
      which reuses the key, then passes it to the kernel, where the GELI module
      destroys the keybuf after decrypting the volumes.
      
      Submitted by:	Eric McCorkle <eric@metricspace.net> (Original Version)
      Reviewed by:	oshogbo (earlier version), cem (earlier version)
      MFC after:	3 weeks
      Relnotes:	yes
      Sponsored by:	ScaleEngine Inc.
      Differential Revision:	https://reviews.freebsd.org/D9575
      ec5c0e5b
  11. 31 Mar, 2017 2 commits
  12. 31 May, 2016 2 commits
  13. 27 May, 2016 1 commit
  14. 16 Mar, 2016 2 commits