303975 |
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
298107 |
16-Apr-2016 |
gjb |
Merge the projects/release-pkg branch to head.
This allows packaging the base system with pkg(8), including but not limited to providing the ability to provide upstream binary update possibilities for non-tier-1 architectures.
This merge is a requirement of the 11.0-RELEASE, and as such, thank you to everyone that has tested the project branch.
Documentation in build(7) etc. is still somewhat sparse, but updates to those parts will follow.
Sponsored by: The FreeBSD Foundation
|
297691 |
08-Apr-2016 |
allanjude |
Create the GELIBOOT GEOM_ELI flag
This flag indicates that the user wishes to use the GELIBOOT feature to boot from a fully encrypted root file system. Currently, GELIBOOT does not support key files, and in the future when it does, they will be loaded differently. Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if any) to the HMAC before the optional passphrase, so there is no way to tell if a GELI partition requires key files or not.
Since the GELIBOOT code in boot2 and the loader does not support keys, they will now only attempt to attach if this flag is set. This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process
PR: 208251 Reviewed by: ed, oshogbo, wblock Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D5867
|
293306 |
07-Jan-2016 |
allanjude |
Make additional parts of sys/geom/eli more usable in userspace
The upcoming GELI support in the loader reuses parts of this code Some ifdefs are added, and some code is moved outside of existing ifdefs
The HMAC parts of GELI are broken out into their own file, to separate them from the kernel crypto/openssl dependant parts that are replaced in the boot code.
Passed the GELI regression suite (tools/regression/geom/eli) Files=20 Tests=14996 Result: PASS
Reviewed by: pjd, delphij MFC after: 1 week Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D4699
|
292782 |
27-Dec-2015 |
allanjude |
Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c
cperciva's libmd implementation is 5-30% faster
The same was done for SHA256 previously in r263218
cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation
Extend sbin/md5 to create sha384(1)
Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}
Reviewed by: cperciva, des, delphij Approved by: secteam, bapt (mentor) MFC after: 2 weeks Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D3929
|
286444 |
08-Aug-2015 |
pjd |
Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected when GELI is used on a SSD or inside virtual machine, so that guest can tell host that it is no longer using some of the storage.
Enabling BIO_DELETE passthru comes with a small security consequence - an attacker can tell how much space is being really used on encrypted device and has less data no analyse then. This is why the -T option can be given to the init subcommand to turn off this behaviour and -t/T options for the configure subcommand can be used to adjust this setting later.
PR: 198863 Submitted by: Matthew D. Fuller fullermd at over-yonder dot net
This commit also includes a fix from Fabian Keil freebsd-listen at fabiankeil.de for 'configure' on onetime providers which is not strictly related, but is entangled in the same code, so would cause conflicts if separated out.
|
285023 |
02-Jul-2015 |
pjd |
Allow to omit keyfile number for the first keyfile.
|
284345 |
13-Jun-2015 |
sjg |
Add META_MODE support.
Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796 Reviewed by: brooks imp
|
284250 |
11-Jun-2015 |
brueffer |
Consistently use trailing whitespace in passphrase prompts.
PR: 193496 Submitted by: Fabian Keil MFC after: 1 week
|
275030 |
25-Nov-2014 |
bapt |
Convert sbin/ to LIBADD Reduce overlinking
|
267667 |
20-Jun-2014 |
bapt |
use .Mt to mark up email addresses consistently (part1)
PR: 191174 Submitted by: Franco Fichtner <franco@lastsummer.de>
|
267617 |
18-Jun-2014 |
wblock |
Fix spelling, typos, missing articles, contractions. Expanded version of patch supplied with PR.
PR: 191001 Submitted by: olgeni MFC after: 1 week
|
265950 |
13-May-2014 |
thomas |
Add mention of metadata version 7 in FreeBSD 10.0
Reviewed by: pjd MFC after: 1 day
|
260254 |
04-Jan-2014 |
pjd |
Don't allow to create GELI providers with a sector size, which is no a power of 2.
Noticed by: rwatson MFC after: 3 days
|
255977 |
01-Oct-2013 |
pluknet |
Sweep man pages replacing ad -> ada.
Approved by: re (blackend) MFC after: 1 week X-MFC note: stable/9 only
|
253957 |
05-Aug-2013 |
crees |
Note NULL encryption method for GELI
PR: docs/180551 Submitted by: r4721@tormail.org Approved by: gjb (mentor)
|
248700 |
25-Mar-2013 |
maxim |
o Typo: IEE -> IEEE.
PR: docs/173069 Submitted by: Bjorn Heidotting MFC after: 1 week
|
248475 |
18-Mar-2013 |
pjd |
Reduce stack usage.
|
246622 |
10-Feb-2013 |
pjd |
Fix minor memory leak.
|
246621 |
10-Feb-2013 |
pjd |
Assert that if we are not dealing with keyfile we are dealing with passfile.
|
246620 |
10-Feb-2013 |
pjd |
Use arc4random_buf(3) instead of reimplementing it.
|
238117 |
04-Jul-2012 |
pjd |
Improve description of various key used by GELI.
PR: docs/169089 Submitted by: John W. O'Brien <john@saltant.com> MFC after: 3 days
|
235201 |
09-May-2012 |
eadler |
Clarify error that geli generates when it finds corrupt data.
PR: kern/165695 Submitted by: Robert Simmons <rsimmons0@gmail.com> Reviewed by: pjd Approved by: cperciva MFC after: 1 week
|
234770 |
28-Apr-2012 |
gjb |
As of r226840, GELI starts one thread per CPU.
PR: 167382 Submitted by: John W. O'Brien (john%saltant.com) X-Needs-MFC: r226840
|
233458 |
25-Mar-2012 |
joel |
Remove superfluous paragraph macro.
|
232502 |
04-Mar-2012 |
eadler |
Fix a variety of grammar issues and style nits.
PR: docs/165668 Submitted by: Robert Simmons <rsimmons0@gmail.com> Reviewed by: kaduk@mit.edu Approved by: cperciva MFC after: 1 week
|
226733 |
25-Oct-2011 |
pjd |
Add support for creating GELI devices with older metadata version for use with older FreeBSD versions: - Add -V option to 'geli init' to specify version number. If no -V is given the most recent version is used. - If -V is given don't allow to use features not supported by this version. - Print version in 'geli list' output. - Update manual page and add table describing which GELI version is supported by which FreeBSD version, so one can use it when preparing GELI device for older FreeBSD version.
Inspired by: Garrett Cooper <yanegomi@gmail.com> MFC after: 3 days
|
226723 |
25-Oct-2011 |
pjd |
Add 'geli version' subcommand, which will print GELI metadata version of each given GEOM provider or if not providers are given it will print versions supported by userland geli(8) utility and by ELI GEOM class.
MFC after: 3 days
|
226722 |
25-Oct-2011 |
pjd |
When we detect GELI metadata version that is newer than the highest we support, inform the user about that instead of 'MD5 hash mismatch'.
Suggested by: Garrett Cooper <yanegomi@gmail.com> MFC after: 3 days
|
226720 |
25-Oct-2011 |
pjd |
Simplify eli_resize() function.
MFC after: 3 days
|
226719 |
25-Oct-2011 |
pjd |
Simplify eli_dump() function and allow to dump metadata stored in backup file.
MFC after: 3 days
|
226717 |
25-Oct-2011 |
pjd |
Simplify eli_is_attached() function and make it return boot instead of int.
MFC after: 3 days
|
226716 |
25-Oct-2011 |
pjd |
Simplify eli_backup_create() and eli_backup_restore() functions. As a side-effect it is now possible to backup unsupported (newer) GELI metadata versions.
MFC after: 3 days
|
226715 |
25-Oct-2011 |
pjd |
Sort includes.
MFC after: 3 days
|
221633 |
08-May-2011 |
pjd |
Document the following sysctls:
kern.geom.eli.version kern.geom.eli.key_cache_limit kern.geom.eli.key_cache_hits kern.geom.eli.key_cache_misses
MFC after: 1 week
|
219424 |
09-Mar-2011 |
pjd |
Change example to not be controversial. I'm sorry to anyone who felt offended by this.
PR: docs/155385 Reported by: maga_lena <mirto@riseup.net> MFC after: 1 week
|
216493 |
16-Dec-2010 |
obrien |
Revert r216473. WARNS=6 causes "warning: cast increases required alignment of target type" on arm, ia64, mips, and sparc64.
|
216473 |
16-Dec-2010 |
obrien |
Bump WARNS to 6.
|
216468 |
15-Dec-2010 |
obrien |
Rename the generic "CLASS" to the more specific "GEOM_CLASS". While I'm here remove redundancy and inconsistencies.
Obtained from: Juniper Networks
|
216147 |
03-Dec-2010 |
delphij |
* Recommend a overwrite of whole geli provider before use. * Correct a typo while I'm there.
Reviewed by: pjd MFC after: 2 weeks
|
215704 |
22-Nov-2010 |
brucec |
Fix some more warnings found by clang.
|
214404 |
26-Oct-2010 |
pjd |
Use fprintf(stderr) instead of gctl_error() to print a warning about too big sector size. When gctl error is set gctl_has_param() always returns 'false', which prevents geli(8) from finding some arguments and also masks an error, which is generates in such case.
MFC after: 3 days
|
214118 |
20-Oct-2010 |
pjd |
Bring in geli suspend/resume functionality (finally).
Before this change if you wanted to suspend your laptop and be sure that your encryption keys are safe, you had to stop all processes that use file system stored on encrypted device, unmount the file system and detach geli provider.
This isn't very handy. If you are a lucky user of a laptop where suspend/resume actually works with FreeBSD (I'm not!) you most likely want to suspend your laptop, because you don't want to start everything over again when you turn your laptop back on.
And this is where geli suspend/resume steps in. When you execute:
# geli suspend -a
geli will wait for all in-flight I/O requests, suspend new I/O requests, remove all geli sensitive data from the kernel memory (like encryption keys) and will wait for either 'geli resume' or 'geli detach'.
Now with no keys in memory you can suspend your laptop without stopping any processes or unmounting any file systems.
When you resume your laptop you have to resume geli devices using 'geli resume' command. You need to provide your passphrase, etc. again so the keys can be restored and suspended I/O requests released.
Of course you need to remember that 'geli suspend' won't clear file system cache and other places where data from your geli-encrypted file system might be present. But to get rid of those stopping processes and unmounting file system won't help either - you have to turn your laptop off. Be warned.
Also note, that suspending geli device which contains file system with geli utility (or anything used by 'geli resume') is not very good idea, as you won't be able to resume it - when you execute geli(8), the kernel will try to read it and this read I/O request will be suspended.
|
213662 |
09-Oct-2010 |
ae |
Replace strlen(_PATH_DEV) with sizeof(_PATH_DEV) - 1.
Suggested by: kib Approved by: kib (mentor) MFC after: 5 days
|
213172 |
25-Sep-2010 |
pjd |
- Add support for loading passphrase from a file (-J and -j options). This is especially useful for things like installers, where regular geli prompt can't be used. - Add support for specifing multiple -K or -k options, so there is no need to cat all keyfiles and read them from standard input.
Requested by: Kris Moore <kris@pcbsd.org>, thompsa MFC after: 2 weeks
|
213073 |
23-Sep-2010 |
pjd |
Update copyright years.
MFC after: 1 week
|
213071 |
23-Sep-2010 |
pjd |
Document AES-XTS.
MFC after: 1 week
|
213060 |
23-Sep-2010 |
pjd |
- When trashing metadata, repeat overwrite kern.geom.eli.overwrites times. - Flush write cache after each write.
MFC after: 1 week
|
213059 |
23-Sep-2010 |
pjd |
- Use g_*() API when doing backups. - fsync() created filed.
MFC after: 1 week
|
213058 |
23-Sep-2010 |
pjd |
Because we first write metadata into new place and then trash old place we don't want situation where old size is equal to new size, as we will trash newly written metadata.
MFC after: 1 week
|
213057 |
23-Sep-2010 |
pjd |
- Make use of g_*() API. - Flush cache after writing metadata.
MFC after: 1 week
|
213056 |
23-Sep-2010 |
pjd |
Simplify code a bit by using g_*() API from libgeom.
MFC after: 1 week
|
212934 |
20-Sep-2010 |
brian |
Add a geli resize subcommand to resize encrypted filesystems prior to growing the filesystem.
Refuse to attach providers where the metadata provider size is wrong. This makes post-boot attaches behave consistently with pre-boot attaches. Also refuse to restore metadata to a provider of the wrong size without the new -f switch. The new -f switch forces the metadata restoration despite the provider size, and updates the provider size in the restored metadata to the correct value.
Helped by: pjd Reviewed by: pjd
|
212846 |
19-Sep-2010 |
pjd |
Fix indent.
|
212554 |
13-Sep-2010 |
pjd |
- Remove gc_argname field. It was introduced for gpart(8), but if I understand everything correctly, we don't really need it. - Provide default numeric value as strings. This allows to simplify a lot of code. - Bump version number.
|
212547 |
13-Sep-2010 |
pjd |
- Allow to specify value as const pointers. - Make optional string values always an empty string.
|
182452 |
29-Aug-2008 |
pjd |
By default backup geli metadata to a file. It is quite critical 512 bytes, once it is lost, all data is gone.
Option '-B none' can by used to prevent backup. Option '-B path' can be used to backup metadata to a different file than the default, which is /var/backups/<prov>.eli.
The 'geli init' command also prints backup file location and gives short procedure how to restore metadata.
The 'geli setkey' command now warns that even after passphrase change or keys update there could be version of the master key encrypted with old keys/passphrase in the backup file.
Add regression tests to verify that new functionality works as expected.
Update other regression tests so they don't create backup files.
Reviewed by: keramida, rink Dedicated to: a friend who lost 400GB of his live by accidentally overwritting geli metadata MFC after: 2 weeks
|
182451 |
29-Aug-2008 |
pjd |
- Give algorithms recommendation. - Keep options in alphabetical order.
|
181639 |
12-Aug-2008 |
pjd |
geli onetime command can take only one GEOM provider at a time.
|
172031 |
01-Sep-2007 |
pjd |
Add support for Camellia encryption algorithm.
PR: kern/113790 Submitted by: Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp> Approved by: re (bmah)
|
169586 |
15-May-2007 |
marcel |
Add gpart(8).
In order to support gpart(8), geom(8) needs to support a named argument. Also, optional string parameters are a requirement. Both have been added to the infrastructure. The former required all existing classes to be adjusted.
|
169312 |
06-May-2007 |
pjd |
Correct some typos.
|
169193 |
01-May-2007 |
pjd |
Do some cleanups (like freeing memory and closing file descriptors) before leaving the functions.
|
167229 |
05-Mar-2007 |
pjd |
Warn when user use sectorsize bigger than the page size, which will lead to problems when the geli device is used with file system or as a swap.
Hopefully will prevent problems like kern/98742 in the future.
MFC after: 1 week
|
167227 |
05-Mar-2007 |
pjd |
Fix incorrect comment. Geli will protect against data modification, of course! It won't protect against reply attacks - try harder to explain them correctly.
MFC after: 1 week
|
166892 |
22-Feb-2007 |
pjd |
Correct typo.
Spotted by: Tomasz Dudzisz
|
166216 |
25-Jan-2007 |
pjd |
When the following conditions are meet: - First configured key is based only on keyfile (no passphrase). - Device is attached. - User changes first key (setkey) from keyfile to passphrase and doesn't specify number of iterations (with -i option). ...geli(8) won't store calculated number of iterations in metadata. This result in device beeing unaccesable after detach.
One can recover from this situation by guessing number of iterations generated, storing it in metadata and trying to attach device. Recovery procedure isn't nice, but one's data is not lost.
Reported by: Thomas Nickl <T.Nickl@gmx.net> MFC after: 1 week
|
162868 |
30-Sep-2006 |
pjd |
MFp4: G_TYPE_BOOL sounds much better than G_TYPE_NONE.
Changes: 98722
|
162371 |
17-Sep-2006 |
brueffer |
Remove a contraction and add a missing article.
|
162356 |
16-Sep-2006 |
pjd |
Fix copy&paste mistake.
Submitted by: Matthias Lederhofer <matled@gmx.net>
|
162353 |
16-Sep-2006 |
pjd |
Add 'configure' subcommand which for now only allows setting and removing of the BOOT flag. It can be performed on both attached and detached providers.
Requested by: Matthias Lederhofer <matled@gmx.net> MFC after: 1 week
|
162348 |
16-Sep-2006 |
pjd |
Note that we don't destroy keys on read-only attached providers.
MFC after: 1 week
|
162347 |
16-Sep-2006 |
pjd |
First kill detached providers, because of two reasons: - after killing all attached providers, all providers are then detached and operation is repeated for those who were attached, - we don't want to remove keys for read-only attached providers, we only want to detach them.
MFC after: 1 week
|
161142 |
10-Aug-2006 |
maxim |
o Spell.
Submitted by: ru
|
161133 |
09-Aug-2006 |
maxim |
o Strip eol whitespaces.
|
161130 |
09-Aug-2006 |
maxim |
o New sentence, new line. o Touch Dd for -r.
|
161127 |
09-Aug-2006 |
pjd |
Allow geli to operate on read-only providers.
Initial patch from: vd MFC after: 2 weeks
|
161052 |
07-Aug-2006 |
pjd |
Add missing #.
|
159361 |
06-Jun-2006 |
pjd |
Allow to use the old -a option to specify an encryption algorithm to use (for backward compatibility), but print a warning to inform about the change.
|
159354 |
06-Jun-2006 |
brueffer |
Clarify and merge two sentences.
Discussed with: pjd
|
159342 |
06-Jun-2006 |
brueffer |
Mdoc cleanup and some wording improvements.
|
159329 |
06-Jun-2006 |
pjd |
Remove section committed by mistake. It is not yet ready.
|
159310 |
05-Jun-2006 |
pjd |
Document geli(8) data authentication.
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
|
159308 |
05-Jun-2006 |
pjd |
Userland bits of geli(8) data authentication. Now, encryption algorithm is given using '-e' option, not '-a'. The '-a' option is now used to specify authentication algorithm.
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
|
158214 |
01-May-2006 |
pjd |
Correct error messages.
MFC after: 2 weeks
|
155538 |
11-Feb-2006 |
pjd |
Add an example how to use keyfiles for encrypted providers which should be attached before the root file system is mounted.
MFC after: 3 days
|
155536 |
11-Feb-2006 |
pjd |
- Allow to use -b without passphrase or with keyfiles as it will be supported for a moment. - Don't allow to use -i when no passphrase is given. Now if iterations is equal to -1 (not set), we know that we should not ask for the passphrase on boot. It still doesn't handle situation when one key is protected with passphrase and the other is not. There is no quick fix for this. The complete solution will be to make number of iterations a per-key value. Because this need metadata format change and is only needed for devices attached on boot, I'll leave it as it is for now.
MFC after: 3 days
|
155183 |
01-Feb-2006 |
pjd |
Deny init/attach/setkey subcommands when no key components are given.
MFC after: 3 days Tested with: prove /usr/src/tools/regression/geom_eli
|
155181 |
01-Feb-2006 |
joel |
Expand contractions.
|
155175 |
01-Feb-2006 |
pjd |
Remove trailing spaces.
|
155101 |
31-Jan-2006 |
pjd |
Remove unused argument.
MFC after: 3 days
|
153190 |
07-Dec-2005 |
pjd |
- The geom(8) utility only uses three types of arguments: string (char *), value (intmax_t) and boolean (int). Based on that provide three functions: - gctl_get_ascii() - gctl_get_int() - gctl_get_intmax() - Hide gctl_get_param() function, as it is only used internally in subr.c. - Allow to provide argument name as (fmt, ...). - Assert geom(8) bugs (missing argument is a geom(8) bug).
- Clean-up and simplify the code by using new functions and assumtions (no more checking for missing argument).
Tested by: regression tests
|
152755 |
24-Nov-2005 |
joel |
s/5.5/6.0/ in HISTORY section.
Discussed with: ru
|
149928 |
10-Sep-2005 |
pjd |
Even if there are no valid keys in metadata, but provider is attached we can still use setkey subcommand.
MFC after: 3 days Found by: regression tests
|
149353 |
21-Aug-2005 |
pjd |
By default, when doing crypto work in software, start as many threads as we have active CPUs and bind each thread to its own CPU.
MFC after: 3 days
|
149304 |
19-Aug-2005 |
pjd |
Allow to change number of iterations for PKCS#5v2. It can only be used when there is only one key set.
MFC after: 3 days
|
149194 |
17-Aug-2005 |
pjd |
Update manual page (now dedicated kernel thread is always started).
MFC after: 3 days
|
149047 |
14-Aug-2005 |
pjd |
When keys were configured without passphrase, number of iterations in metadata is equal to -1. if we then wanted to attach provider (or change keys) and forget about '-p' flag it failed on assertion (quite ok, without assertion it could call PKCS#5v2 with 4294967295 iterations).
Instead of failing on assertion, remind about '-p' flag.
MFC after: 3 days
|
148982 |
12-Aug-2005 |
pjd |
GELI doesn't need cryptodev.
MFC after: 2 days
|
148569 |
30-Jul-2005 |
brueffer |
Misc cleanup (spelling, grammar, mdoc, style, cut >80 char lines).
|
148507 |
29-Jul-2005 |
pjd |
I actually do need libmd.
|
148463 |
27-Jul-2005 |
pjd |
- Reduce WARNS level to 3, so it will be compilabe on alpha. - Don't link libmd, it is not needed. - Connect manual page to the build.
MFC after: 1 week
|
148456 |
27-Jul-2005 |
pjd |
Add GEOM_ELI class which provides GEOM providers encryption. For features list and usage see manual page: geli(8).
Sponsored by: Wheel Sp. z o.o. http://www.wheel.pl MFC after: 1 week
|