296373 |
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
291195 |
23-Nov-2015 |
smh |
MFC r290406:
Fix g_eli error loss conditions
Sponsored by: Multiplay
|
285263 |
08-Jul-2015 |
gjb |
MFC r273489 (cperciva): Populate the GELI passphrase cache with the kern.geom.eli.passphrase variable (if any) provided in the boot environment. Unset it from the kernel environment after doing this, so that the passphrase is no longer present in kernel memory once we enter userland.
This will make it possible to provide a GELI passphrase via the boot loader.
Note: head and stable/10 differ as a result of r273174, which renames the getenv(), setenv(), and unsetenv() functions with kern_getenv(), kern_setenv(), and kern_unsetenv(), which was reverted in the relevant parts of this change in 10-STABLE.
PR: 200448 Approved by: re (kib) Sponsored by: The FreeBSD Foundation
|
285255 |
07-Jul-2015 |
gjb |
Revert r285249, pending further investigation on how the build broke.
Approved by: re (implicit) Pointyhat: gjb (self) Sponsored by: The FreeBSD Foundation
|
285249 |
07-Jul-2015 |
gjb |
MFC r273489 (cperciva): Populate the GELI passphrase cache with the kern.geom.eli.passphrase variable (if any) provided in the boot environment. Unset it from the kernel environment after doing this, so that the passphrase is no longer present in kernel memory once we enter userland.
This will make it possible to provide a GELI passphrase via the boot loader.
PR: 200448 Approved by: re (kib) Sponsored by: The FreeBSD Foundation
|
272006 |
23-Sep-2014 |
cperciva |
MFC r271664: Cache GELI passphrases entered at the console during the boot process, in order to improve user-friendliness when a system has multiple disks encrypted using the same passphrase.
Relnotes: yes Approved by: re (gjb)
|
267860 |
25-Jun-2014 |
marius |
MFC: r267145
Fix the keyfile being cleared prematurely after r259428 (MFCed to stable/10 in r266749).
PR: 185084 Submitted by: fk@fabiankeil.de Reviewed by: pjd
|
266749 |
27-May-2014 |
marius |
MFC: r259428
Clear content of keyfiles loaded by the loader after processing them.
MFC: r259429
Clear some more places with potentially sensitive data.
|
262318 |
22-Feb-2014 |
delphij |
MFC r261618:
In g_eli_crypto_hmac_init(), zero out after using the ipad buffer, k_ipad.
Note that the two consumers in geli(4) are not affected by this issue because the way the code is constructed and as such, we believe there is no security impact with or without this change with geli(4)'s usage.
Reported by: Serge van den Boom <serge vdboom.org> Reviewed by: pjd
|
259383 |
14-Dec-2013 |
ae |
MFC r257965: Add missing line breaks.
PR: 181900
|
257718 |
05-Nov-2013 |
delphij |
MFC r257539:
When zero'ing out a buffer, make sure we are using right size.
Without this change, in the worst but unlikely case scenario, certain administrative operations, including change of configuration, set or delete key from a GEOM ELI provider, may leave potentially sensitive information in buffer allocated from kernel memory.
We believe that it is not possible to actively exploit these issues, nor does it impact the security of normal usage of GEOM ELI providers when these operations are not performed after system boot.
Security: possible sensitive information disclosure Submitted by: Clement Lecigne <clecigne google com> Approved by: re (glebius)
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
255144 |
02-Sep-2013 |
mav |
Make ELI destruction (including orphanization) less aggressive, making it always wait for provider close. Old algorithm was reported to cause NULL dereference panic on attempt to close provider after softc destruction. If not global workaroung in GEOM, that could even cause destruction with requests still in flight.
|
239184 |
10-Aug-2012 |
pjd |
Always initialize sc_ekey, because as of r238116 it is always used.
If GELI provider was created on FreeBSD HEAD r238116 or later (but before this change), it is using very weak keys and the data is not protected. The bug was introduced on 4th July 2012.
One can verify if its provider was created with weak keys by running:
# geli dump <provider> | grep version
If the version is 7 and the system didn't include this fix when provider was initialized, then the data has to be backed up, underlying provider overwritten with random data, system upgraded and provider recreated.
Reported by: Fabian Keil <fk@fabiankeil.de> Tested by: Fabian Keil <fk@fabiankeil.de> Discussed with: so MFC after: 3 days
|
238116 |
04-Jul-2012 |
pjd |
Use correct part of the Master-Key for generating encryption keys. Before this change the IV-Key was used to generate encryption keys, which was incorrect, but safe - for the XTS mode this key was unused anyway and for CBC mode it was used differently to generate IV vectors, so there is no risk that IV vector collides with encryption key somehow.
Bump version number and keep compatibility for older versions.
MFC after: 2 weeks
|
238115 |
04-Jul-2012 |
pjd |
Correct comment.
MFC after: 3 days
|
238114 |
04-Jul-2012 |
pjd |
Correct a comment and correct style of a flag check.
MFC after: 3 days
|
235419 |
13-May-2012 |
eadler |
Add missing period at the end of the error message
Submitted by: pjd Approved by: cperciva (implicit) MFC after: 3 days X-MFC-With: r235201
|
235201 |
09-May-2012 |
eadler |
Clarify error that geli generates when it finds corrupt data.
PR: kern/165695 Submitted by: Robert Simmons <rsimmons0@gmail.com> Reviewed by: pjd Approved by: cperciva MFC after: 1 week
|
228634 |
17-Dec-2011 |
avg |
replace uses of libkern gets with cngets
MFC after: 2 months
|
226840 |
27-Oct-2011 |
pjd |
Before this change when GELI detected hardware crypto acceleration it will start only one worker thread. For software crypto it will start by default N worker threads where N is the number of available CPUs.
This is not optimal if hardware crypto is AES-NI, which uses CPU for AES calculations.
Change that to always start one worker thread for every available CPU. Number of worker threads per GELI provider can be easly reduced with kern.geom.eli.threads sysctl/tunable and even for software crypto it should be reduced when using more providers.
While here, when number of threads exceeds number of CPUs avilable don't reduce this number, assume the user knows what he is doing.
Reported by: Yuri Karaban <dev@dev97.com> MFC after: 3 days
|
226733 |
25-Oct-2011 |
pjd |
Add support for creating GELI devices with older metadata version for use with older FreeBSD versions: - Add -V option to 'geli init' to specify version number. If no -V is given the most recent version is used. - If -V is given don't allow to use features not supported by this version. - Print version in 'geli list' output. - Update manual page and add table describing which GELI version is supported by which FreeBSD version, so one can use it when preparing GELI device for older FreeBSD version.
Inspired by: Garrett Cooper <yanegomi@gmail.com> MFC after: 3 days
|
226730 |
25-Oct-2011 |
pjd |
When decoding metadata, check magic string, so we know this is not GELI device before we check its version. We don't want to report that some garbage is unsupported version if this is not even GELI provider.
MFC after: 3 days
|
226728 |
25-Oct-2011 |
pjd |
Prefer G_ELI_VERSION_* defines for version numbers over plain digits.
MFC after: 3 days
|
226727 |
25-Oct-2011 |
pjd |
Fit lines into 80 chars.
MFC after: 3 days
|
226721 |
25-Oct-2011 |
pjd |
When metadata is at newer version than the highest supported, return EOPNOTSUPP when decoding.
MFC after: 3 days
|
223921 |
11-Jul-2011 |
ae |
Include sys/sbuf.h directly.
Reviewed by: pjd
|
222813 |
07-Jun-2011 |
attilio |
etire the cpumask_t type and replace it with cpuset_t usage.
This is intended to fix the bug where cpu mask objects are capped to 32. MAXCPU, then, can now arbitrarely bumped to whatever value. Anyway, as long as several structures in the kernel are statically allocated and sized as MAXCPU, it is suggested to keep it as low as possible for the time being.
Technical notes on this commit itself: - More functions to handle with cpuset_t objects are introduced. The most notable are cpusetobj_ffs() (which calculates a ffs(3) for a cpuset_t object), cpusetobj_strprint() (which prepares a string representing a cpuset_t object) and cpusetobj_strscan() (which creates a valid cpuset_t starting from a string representation). - pc_cpumask and pc_other_cpus are target to be removed soon. With the moving from cpumask_t to cpuset_t they are now inefficient and not really useful. Anyway, for the time being, please note that access to pcpu datas is protected by sched_pin() in order to avoid migrating the CPU while reading more than one (possible) word - Please note that size of cpuset_t objects may differ between kernel and userland. While this is not directly related to the patch itself, it is good to understand that concept and possibly use the patch as a reference on how to deal with cpuset_t objects in userland, when accessing kernland members. - KTR_CPUMASK is changed and now is represented through a string, to be set as the example reported in NOTES.
Please additively note that no MAXCPU is bumped in this patch, but private testing has been done until to MAXCPU=128 on a real 8x8x2(htt) machine (amd64).
Please note that the FreeBSD version is not yet bumped because of the upcoming pcpu changes. However, note that this patch is not targeted for MFC.
People to thank for the time spent on this patch: - sbruno, pluknet and Nicholas Esborn (nick AT desert DOT net) tested several revision of the patches and really helped in improving stability of this work. - marius fixed several bugs in the sparc64 implementation and reviewed patches related to ktr. - jeff and jhb discussed the basic approach followed. - kib and marcel made targeted review on some specific part of the patch. - marius, art, nwhitehorn and andreast reviewed MD specific part of the patch. - marius, andreast, gonzo, nwhitehorn and jceel tested MD specific implementations of the patch. - Other people have made contributions on other patches that have been already committed and have been listed separately.
Companies that should be mentioned for having participated at several degrees: - Yahoo! for having offered the machines used for testing on big count of CPUs. - The FreeBSD Foundation for having sponsored my devsummit attendance, which has been instrumental. - Sandvine for having offered offices and infrastructure during development.
(I really hope I didn't forget anyone, if it happened I apologize in advance).
|
221953 |
15-May-2011 |
trociny |
Fix a memory leak possible in g_eli_key_allocate() if the key with the same keyno is added while we aren't holding the lock.
Approved by: pjd (mentor) MFC after: 1 week
|
221631 |
08-May-2011 |
pjd |
Export GELI class version via sysctl kern.geom.eli.version.
MFC after: 1 week
|
221630 |
08-May-2011 |
pjd |
Version 6 is compatible with version 5 when it comes to control commands.
MFC after: 1 week
|
221629 |
08-May-2011 |
pjd |
Detect and handle metadata of version 6.
MFC after: 1 week
|
221628 |
08-May-2011 |
pjd |
When support for multiple encryption keys was committed, GELI integrity mode was not updated to pass CRD_F_KEY_EXPLICIT flag to opencrypto. This resulted in always using first key.
We need to support providers created with this bug, so set special G_ELI_FLAG_FIRST_KEY flag for GELI provider in integrity mode with version smaller than 6 and pass the CRD_F_KEY_EXPLICIT flag to opencrypto only if G_ELI_FLAG_FIRST_KEY doesn't exist.
Reported by: Anton Yuzhaninov <citrin@citrin.ru> MFC after: 1 week
|
221626 |
08-May-2011 |
pjd |
Remove prototype for a function that no longer exist.
MFC after: 1 week
|
221625 |
08-May-2011 |
pjd |
Drop proper key.
MFC after: 1 week
|
221624 |
08-May-2011 |
pjd |
Add magic field to the g_eli_key structure to detect if we are really operating on proper structures.
MFC after: 1 week
|
221447 |
04-May-2011 |
ae |
Remove "for a moment" assignment. struct g_geom zeroed when allocated.
MFC after: 1 week
|
220984 |
24-Apr-2011 |
pjd |
One key is expected from providers smaller than or equal to (2^20)*sectorsize bytes. Remove bogus assertion and while here remove another too obvious assertion.
Reported by: Fabian Keil <freebsd-listen@fabiankeil.de> MFC after: 2 weeks
|
220923 |
21-Apr-2011 |
pjd |
If number of keys for the given provider doesn't exceed the limit, allocate all of them at attach time. This allows to avoid moving keys around in the most-recently-used queue and needs no mutex synchronization nor refcounting.
MFC after: 2 weeks
|
220922 |
21-Apr-2011 |
pjd |
Instead of allocating memory for all the keys at device attach, create reasonably large cache for the keys that is filled when needed. The previous version was problematic for very large providers (hundreds of terabytes or serval petabytes). Every terabyte of data needs around 256kB for keys. Make the default cache limit big enough to fit all the keys needed for 4TB providers, which will eat at most 1MB of memory.
MFC after: 2 weeks
|
220299 |
03-Apr-2011 |
trociny |
In g_eli_read_done() and g_eli_write_done(), for a bio with bio_children > 1, g_destroy_bio() is never called and the bio leaks. Fix this by calling g_destroy_bio() earlier, before the check.
Submitted by: Victor Balada Diaz <victor@bsdes.net> (initial version) Approved by: pjd (mentor) MFC after: 1 week
|
219029 |
25-Feb-2011 |
netchild |
Add some FEATURE macros for various GEOM classes.
No FreeBSD version bump, the userland application to query the features will be committed last and can serve as an indication of the availablility if needed.
Sponsored by: Google Summer of Code 2010 Submitted by: kibab Reviewed by: silence on geom@ during 2 weeks X-MFC after: to be determined in last commit with code from this project
|
218663 |
13-Feb-2011 |
marcel |
Use the preload_fetch_addr() and preload_fetch_size() convenience functions to obtain the address and size of the preloaded key files.
Sponsored by: Juniper Networks.
|
215299 |
14-Nov-2010 |
ed |
Add support for asterisk characters when filling in the GELI password during boot.
Change the last argument of gets() to indicate a visibility flag and add definitions for the numerical constants. Except for the value 2, gets() will behave exactly the same, so existing consumers shouldn't break. We only use it in two places, though.
Submitted by: lme (older version)
|
214229 |
22-Oct-2010 |
pjd |
- Improve error messages, so instead of 'Not fully done', the user will get information that device is already suspended or that device is using one-time key and suspend is not supported. - 'geli suspend -a' silently skips devices that use one-time key, this is fine, but because we log which device were suspended on the console, log also which devices were skipped.
|
214228 |
22-Oct-2010 |
pjd |
Close a race between checking if device is already suspended and suspending it.
|
214227 |
22-Oct-2010 |
pjd |
Add State tag, so 'geli status' will report active/suspended status, eg:
# geli status Name Status Components da0.eli SUSPENDED da0 da1.eli ACTIVE da1
|
214226 |
22-Oct-2010 |
pjd |
Encryption keys array might be NULL if device is suspended. Check for this, so we don't panic when we detach suspended device.
|
214225 |
22-Oct-2010 |
pjd |
Move sc_akeyctx and sc_ivctx initialization to the g_eli_mkey_propagate() function which eliminates code duplication and will ensure proper order of operation.
|
214163 |
21-Oct-2010 |
pjd |
Free opencrypto sessions on suspend, as they also might keep encryption keys.
|
214133 |
21-Oct-2010 |
pjd |
Fix a bug introduced in r213067 where we use authentication key before initializing it.
|
214118 |
20-Oct-2010 |
pjd |
Bring in geli suspend/resume functionality (finally).
Before this change if you wanted to suspend your laptop and be sure that your encryption keys are safe, you had to stop all processes that use file system stored on encrypted device, unmount the file system and detach geli provider.
This isn't very handy. If you are a lucky user of a laptop where suspend/resume actually works with FreeBSD (I'm not!) you most likely want to suspend your laptop, because you don't want to start everything over again when you turn your laptop back on.
And this is where geli suspend/resume steps in. When you execute:
# geli suspend -a
geli will wait for all in-flight I/O requests, suspend new I/O requests, remove all geli sensitive data from the kernel memory (like encryption keys) and will wait for either 'geli resume' or 'geli detach'.
Now with no keys in memory you can suspend your laptop without stopping any processes or unmounting any file systems.
When you resume your laptop you have to resume geli devices using 'geli resume' command. You need to provide your passphrase, etc. again so the keys can be restored and suspended I/O requests released.
Of course you need to remember that 'geli suspend' won't clear file system cache and other places where data from your geli-encrypted file system might be present. But to get rid of those stopping processes and unmounting file system won't help either - you have to turn your laptop off. Be warned.
Also note, that suspending geli device which contains file system with geli utility (or anything used by 'geli resume') is not very good idea, as you won't be able to resume it - when you execute geli(8), the kernel will try to read it and this read I/O request will be suspended.
|
214116 |
20-Oct-2010 |
pjd |
- Add missing comments. - Make a comment consistent with others.
|
213165 |
25-Sep-2010 |
pjd |
Change g_eli_debug to int, so one can turn off any GELI output by setting kern.geom.eli.debug sysctl to -1.
MFC after: 2 weeks
|
213164 |
25-Sep-2010 |
pjd |
Ignore errors from BIO_FLUSH. It might confuse users that provider wasn't really killed. What we really care about are write errors only.
MFC after: 2 weeks
|
213072 |
23-Sep-2010 |
pjd |
Update copyright years.
MFC after: 1 week
|
213070 |
23-Sep-2010 |
pjd |
Add support for AES-XTS. This will be the default now.
MFC after: 1 week
|
213067 |
23-Sep-2010 |
pjd |
Implement switching of data encryption key every 2^20 blocks. This ensures the same encryption key won't be used for more than 2^20 blocks (sectors). This will be the default now.
MFC after: 1 week
|
213063 |
23-Sep-2010 |
pjd |
Make the code similar to the code in g_eli_integrity.c.
MFC after: 1 week
|
213062 |
23-Sep-2010 |
pjd |
Define default overwrite count, so that userland can use it.
MFC after: 1 week
|
213055 |
23-Sep-2010 |
pjd |
When trashing metadata, flush after each write.
MFC after: 1 week
|
212845 |
19-Sep-2010 |
brian |
Support attaching version 4 metadata
Reviewed by: pjd
|
212547 |
13-Sep-2010 |
pjd |
- Allow to specify value as const pointers. - Make optional string values always an empty string.
|
211927 |
28-Aug-2010 |
pjd |
Correct offset conversion to little endian. It was implemented in version 2, but because of a bug it was a no-op, so we were still using offsets in native byte order for the host. Do it properly this time, bump version to 4 and set the G_ELI_FLAG_NATIVE_BYTE_ORDER flag when version is under 4.
MFC after: 2 weeks
|
206665 |
15-Apr-2010 |
pjd |
Use lower priority for GELI worker threads. This improves system responsiveness under heavy GELI load.
MFC after: 3 days
|
202976 |
25-Jan-2010 |
trasz |
Remove pointless assignment.
Found with: clang
|
189900 |
16-Mar-2009 |
pjd |
Detach GELI providers on shutdown/reboot, which will allow providers underneath to close properly.
Reported, reviewed and tested by: guido MFC after: 1 week
|
189762 |
13-Mar-2009 |
guido |
Backout this commit whil a better solution is developed
|
189625 |
10-Mar-2009 |
guido |
When attaching a geli on boot make sure that it is detached upon last close. (needed for a gmirror to properly shutdown upon reboot when a geli is on top the gmirror)
|
181646 |
12-Aug-2008 |
pjd |
Style(9).
|
180638 |
20-Jul-2008 |
pjd |
Clear passphrase buffer after use.
Submitted by: Fabian Keil <fk@fabiankeil.de> (a bit different version)
|
173746 |
19-Nov-2007 |
jb |
On some arches, openssl is built with OPENSSL_NO_CAMELLIA, so the code here needs to depend on that too.
|
172836 |
20-Oct-2007 |
julian |
Rename the kthread_xxx (e.g. kthread_create()) calls to kproc_xxx as they actually make whole processes. Thos makes way for us to add REAL kthread_create() and friends that actually make theads. it turns out that most of these calls actually end up being moved back to the thread version when it's added. but we need to make this cosmetic change first.
I'd LOVE to do this rename in 7.0 so that we can eventually MFC the new kthread_xxx() calls.
|
172031 |
01-Sep-2007 |
pjd |
Add support for Camellia encryption algorithm.
PR: kern/113790 Submitted by: Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp> Approved by: re (bmah)
|
170307 |
05-Jun-2007 |
jeff |
Commit 14/14 of sched_lock decomposition. - Use thread_lock() rather than sched_lock for per-thread scheduling sychronization. - Use the per-process spinlock rather than the sched_lock for per-process scheduling synchronization.
Tested by: kris, current@ Tested on: i386, amd64, ULE, 4BSD, libthr, libkse, PREEMPTION, etc. Discussed with: kris, attilio, kmacy, jhb, julian, bde (small parts each)
|
169313 |
06-May-2007 |
pjd |
When deleting key, flush write cache after each overwrite, so we don't overwrite data N times in cache and only once on disk.
|
168507 |
08-Apr-2007 |
pjd |
Use root_mounted().
|
167755 |
21-Mar-2007 |
sam |
Overhaul driver/subsystem api's: o make all crypto drivers have a device_t; pseudo drivers like the s/w crypto driver synthesize one o change the api between the crypto subsystem and drivers to use kobj; cryptodev_if.m defines this api o use the fact that all crypto drivers now have a device_t to add support for specifying which of several potential devices to use when doing crypto operations o add new ioctls that allow user apps to select a specific crypto device to use (previous ioctls maintained for compatibility) o overhaul crypto subsystem code to eliminate lots of cruft and hide implementation details from drivers o bring in numerous fixes from Michale Richardson/hifn; mostly for 795x parts o add an optional mechanism for mmap'ing the hifn 795x public key h/w to user space for use by openssl (not enabled by default) o update crypto test tools to use new ioctl's and add cmd line options to specify a device to use for tests
These changes will also enable much future work on improving the core crypto subsystem; including proper load balancing and interposing code between the core and drivers to dispatch small operations to the s/w driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd Approved by: re
|
167229 |
05-Mar-2007 |
pjd |
Warn when user use sectorsize bigger than the page size, which will lead to problems when the geli device is used with file system or as a swap.
Hopefully will prevent problems like kern/98742 in the future.
MFC after: 1 week
|
167164 |
02-Mar-2007 |
pjd |
Fix geli after last commit for UP systems that are running SMP kernel.
Submitted by: Hyo geol, Lee <hyogeollee@gmail.com> MFC after: 1 week
|
166321 |
28-Jan-2007 |
pjd |
It is possible that GEOM taste provider before SMP is started. We can't bind to a CPU which is not yet on-line, so add code that wait for CPUs to go on-line before binding to them.
Reported by: Alin-Adrian Anton <aanton@spintech.ro> MFC after: 2 weeks
|
163905 |
02-Nov-2006 |
pjd |
I want CPU number here.
Noticed by: ru
|
163877 |
01-Nov-2006 |
pjd |
Skip disabled CPU, because after we sched_bind() to a disabled CPU, we won't be able to exit from the thread.
Function g_eli_cpu_is_disabled() stoled from kern_pmc.c.
PR: 104669 Reported by: Nikolay Mirin <nik@optim.com.ru> MFC after: 1 week
|
163836 |
31-Oct-2006 |
pjd |
Implement BIO_FLUSH handling by simply passing it down to the components.
Sponsored by: home.pl
|
162834 |
30-Sep-2006 |
pjd |
Remove trailing spaces.
|
162353 |
16-Sep-2006 |
pjd |
Add 'configure' subcommand which for now only allows setting and removing of the BOOT flag. It can be performed on both attached and detached providers.
Requested by: Matthias Lederhofer <matled@gmx.net> MFC after: 1 week
|
162345 |
16-Sep-2006 |
pjd |
Remove extra arguments.
MFC after: 3 days
|
161220 |
11-Aug-2006 |
pjd |
Before using byte offset for IV creation, covert it to little endian. This way one will be able to use provider encrypted on eg. i386 on eg. sparc64. This doesn't really buy us much today, because UFS isn't endian agnostic.
We retain backward compatibility by setting G_ELI_FLAG_NATIVE_BYTE_ORDER flag on devices with version number less than 2 and not converting the offset.
|
161217 |
11-Aug-2006 |
pjd |
Forgot to bump version number after G_ELI_FLAG_READONLY flag addition.
|
161127 |
09-Aug-2006 |
pjd |
Allow geli to operate on read-only providers.
Initial patch from: vd MFC after: 2 weeks
|
160741 |
27-Jul-2006 |
yar |
Fix what looks like a typo: MODULE_DEPEND() takes module names, not KLD file names; and GELI module's name is g_eli, not geom_eli.
Approved by: pjd (silence) MFC after: 5 days
|
160569 |
22-Jul-2006 |
pjd |
Don't forget to initialize crp_olen field, which is used to calculate bio_completed value.
|
159361 |
06-Jun-2006 |
pjd |
Allow to use the old -a option to specify an encryption algorithm to use (for backward compatibility), but print a warning to inform about the change.
|
159343 |
06-Jun-2006 |
pjd |
- Unbreak the build when geli is compiled into the kernel (on as module), by silencing unfounded compiler warning.
Reported by:
|
159307 |
05-Jun-2006 |
pjd |
Implement data integrity verification (data authentication) for geli(8).
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
|
159306 |
05-Jun-2006 |
pjd |
Make kern.geom.eli.overwrites sysctl a tunable as well.
|
157900 |
20-Apr-2006 |
pjd |
geli(8) provides keys on newsession time, so remove CRD_F_KEY_EXPLICIT flag as HW crypto drivers don't support it.
|
157783 |
15-Apr-2006 |
pjd |
Correct debug: we are sending child bio here, not parent bio.
MFC after: 1 week
|
157686 |
12-Apr-2006 |
pjd |
Pass BIO_GETATTR requests down.
MFC after: 1 week
|
157548 |
05-Apr-2006 |
pjd |
Typos.
|
157305 |
30-Mar-2006 |
pjd |
Revert previous change, as I fixed MD5(9).
|
157293 |
30-Mar-2006 |
pjd |
md_hash field in g_eli_metadata structure is not 4 byte aligned, which case panic on sparc64.
The problem is in MD5(9) implementation. The Encode() function takes 'unsigned char *output' as its first argument, which is then assigned to 'u_int32_t *op'. If the 'output' argument is not 4 byte aligned (and in geli(8) case it is not), sparc64 machine will panic.
I don't know how to fix MD5(9) in a clean way, so I'm implementing a work-around in geli(8).
Reported by: brueffer MFC after: 3 days
|
155537 |
11-Feb-2006 |
pjd |
Teach geli how to load keyfiles before root file system is mounted. An example entries for loader.conf to make it possible:
geli_da0_keyfile0_load="YES" geli_da0_keyfile0_type="da0:geli_keyfile0" geli_da0_keyfile0_name="/boot/keys/da0.key0" geli_da0_keyfile1_load="YES" geli_da0_keyfile1_type="da0:geli_keyfile1" geli_da0_keyfile1_name="/boot/keys/da0.key1" geli_da0_keyfile2_load="YES" geli_da0_keyfile2_type="da0:geli_keyfile2" geli_da0_keyfile2_name="/boot/keys/da0.key2"
geli_da1s3a_keyfile0_load="YES" geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
Thanks for jhb and kan who showed me the right direction.
MFC after: 3 days
|
155535 |
11-Feb-2006 |
pjd |
Check rootvnode variable to see if we still want to ask for passphrase on boot. Other methods just don't work properly.
MFC after: 3 days
|
155432 |
07-Feb-2006 |
brueffer |
Clean up some sysctl descriptions, debug messages etc.
Approved by: pjd MFC after: 3 days
|
155174 |
01-Feb-2006 |
pjd |
Remove trailing spaces.
|
154463 |
17-Jan-2006 |
pjd |
- Use better types. - Log problems at level 0 when killing providers.
MFC after: 3 days
|
154462 |
17-Jan-2006 |
pjd |
Check return value.
Found by: Coverity Prevent(tm) MFC after: 3 days
|
154461 |
17-Jan-2006 |
pjd |
Remove dead code.
Found by: Coverity Prevent(tm) MFC after: 3 days
|
154460 |
17-Jan-2006 |
pjd |
Remove unused value.
Found by: Coverity Prevent(tm) MFC after: 3 days
|
152967 |
30-Nov-2005 |
sobomax |
Check for g_read_data(9) errors properly:
o The only indication of error condition is NULL value returned by the function;
o value pointed to by error argument is undefined in the case when operation completes successfully.
Discussed with: phk
|
149931 |
10-Sep-2005 |
pjd |
Fix copy&paste typo.
MFC after: 3 days
|
149930 |
10-Sep-2005 |
pjd |
Don't forget to initialize crp_etype field.
Reported by: Nick Evans <nevans@syphen.net> MFC after: 3 days
|
149353 |
21-Aug-2005 |
pjd |
By default, when doing crypto work in software, start as many threads as we have active CPUs and bind each thread to its own CPU.
MFC after: 3 days
|
149352 |
21-Aug-2005 |
pjd |
Remove stale comment (we now always start worker thread).
MFC after: 3 days
|
149323 |
20-Aug-2005 |
pjd |
Add a __packed keyword to g_eli_metadata struct definition, so sizeof(struct g_eli_metadata) will return the exact number of bytes needed for storing it on the disk. Without this change GELI was unusable on amd64 (and probably other 64-bit archs), because sizeof(struct g_eli_metadata) was greater than 512 bytes and geli(8) was failing on assertion.
Reported by: Michael Reifenberger <mike@Reifenberger.com> MFC after: 3 days
|
149304 |
19-Aug-2005 |
pjd |
Allow to change number of iterations for PKCS#5v2. It can only be used when there is only one key set.
MFC after: 3 days
|
149303 |
19-Aug-2005 |
pjd |
- Add a missing period. - Fix number of spaces.
MFC after: 3 days
|
149193 |
17-Aug-2005 |
pjd |
Always run dedicated kernel thread (even when we have hardware support). There is no performance impact, but allows to allocate memory with M_WAITOK flag. As a side effect this simplify code a bit.
MFC after: 3 days
|
149192 |
17-Aug-2005 |
pjd |
We should now return 0.
|
149187 |
17-Aug-2005 |
pjd |
Even if crypto_dispatch() return an error, request is not canceled and our callback will still be called, just to tell us that requested failed...
Reported by: Mike Tancsa <mike@sentex.net> MFC after: 3 days
|
149185 |
17-Aug-2005 |
pjd |
We don't need to clear allocated memory. This will speed-up things a bit.
MFC after: 3 days
|
149030 |
13-Aug-2005 |
pjd |
Because code paths for I/O requests are quite complex, add comments above the functions which participate in I/O paths.
MFC after: 1 day
|
148961 |
11-Aug-2005 |
pjd |
GELI doesn't need cryptodev.
MFC after: 3 days
|
148867 |
08-Aug-2005 |
pjd |
Be case-insensitive when dealing with algorithm names.
PR: kern/84659 Submitted by: Benjamin Lutz <benlutz@datacomm.ch>
|
148460 |
27-Jul-2005 |
pjd |
MFp4: Export more informations about encrypted providers.
MFC after: 1 week
|
148458 |
27-Jul-2005 |
pjd |
Reduce default debug level to 0.
MFC after: 1 week
|
148456 |
27-Jul-2005 |
pjd |
Add GEOM_ELI class which provides GEOM providers encryption. For features list and usage see manual page: geli(8).
Sponsored by: Wheel Sp. z o.o. http://www.wheel.pl MFC after: 1 week
|