Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE
cycle.

Prune svn:mergeinfo from the new branch, and rename it to RC1.

Update __FreeBSD_version.

Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and
the dvd1.iso packages population.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Create the GELIBOOT GEOM_ELI flag

This flag indicates that the user wishes to use the GELIBOOT feature to boot from a fully encrypted root file system.
Currently, GELIBOOT does not support key files, and in the future when it does, they will be loaded differently.
Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if any) to the HMAC before the optional passphrase, so there is no way to tell if a GELI partition requires key files or not.

Since the GELIBOOT code in boot2 and the loader does not support keys, they will now only attempt to attach if this flag is set. This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process

PR: 208251
Reviewed by: ed, oshogbo, wblock
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D5867

Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected when
GELI is used on a SSD or inside virtual machine, so that guest can tell
host that it is no longer using some of the storage.

Enabling BIO_DELETE passthru comes with a small security consequence - an
attacker can tell how much space is being really used on encrypted device and
has less data no analyse then. This is why the -T option can be given to the
init subcommand to turn off this behaviour and -t/T options for the configure
subcommand can be used to adjust this setting later.

PR: 198863
Submitted by: Matthew D. Fuller fullermd at over-yonder dot net

This commit also includes a fix from Fabian Keil freebsd-listen at
fabiankeil.de for 'configure' on onetime providers which is not strictly
related, but is entangled in the same code, so would cause conflicts if
separated out.

Allow to omit keyfile number for the first keyfile.

use .Mt to mark up email addresses consistently (part1)

PR: 191174
Submitted by: Franco Fichtner <franco@lastsummer.de>

Fix spelling, typos, missing articles, contractions. Expanded version
of patch supplied with PR.

PR: 191001
Submitted by: olgeni
MFC after: 1 week

Add mention of metadata version 7 in FreeBSD 10.0

Reviewed by: pjd
MFC after: 1 day

Sweep man pages replacing ad -> ada.

Approved by: re (blackend)
MFC after: 1 week
X-MFC note: stable/9 only

Note NULL encryption method for GELI

PR: docs/180551
Submitted by: r4721@tormail.org
Approved by: gjb (mentor)

o Typo: IEE -> IEEE.

PR: docs/173069
Submitted by: Bjorn Heidotting
MFC after: 1 week

Improve description of various key used by GELI.

PR: docs/169089
Submitted by: John W. O'Brien <john@saltant.com>
MFC after: 3 days

Clarify error that geli generates
when it finds corrupt data.

PR: kern/165695
Submitted by: Robert Simmons <rsimmons0@gmail.com>
Reviewed by: pjd
Approved by: cperciva
MFC after: 1 week

As of r226840, GELI starts one thread per CPU.

PR: 167382
Submitted by: John W. O'Brien (john%saltant.com)
X-Needs-MFC: r226840

Remove superfluous paragraph macro.

Fix a variety of grammar issues and style nits.

PR: docs/165668
Submitted by: Robert Simmons <rsimmons0@gmail.com>
Reviewed by: kaduk@mit.edu
Approved by: cperciva
MFC after: 1 week

Add support for creating GELI devices with older metadata version for use
with older FreeBSD versions:
- Add -V option to 'geli init' to specify version number. If no -V is given
the most recent version is used.
- If -V is given don't allow to use features not supported by this version.
- Print version in 'geli list' output.
- Update manual page and add table describing which GELI version is
supported by which FreeBSD version, so one can use it when preparing GELI
device for older FreeBSD version.

Inspired by: Garrett Cooper <yanegomi@gmail.com>
MFC after: 3 days

Add 'geli version' subcommand, which will print GELI metadata version of each
given GEOM provider or if not providers are given it will print versions
supported by userland geli(8) utility and by ELI GEOM class.

MFC after: 3 days

Document the following sysctls:

kern.geom.eli.version
kern.geom.eli.key_cache_limit
kern.geom.eli.key_cache_hits
kern.geom.eli.key_cache_misses

MFC after: 1 week

Change example to not be controversial.
I'm sorry to anyone who felt offended by this.

PR: docs/155385
Reported by: maga_lena <mirto@riseup.net>
MFC after: 1 week

* Recommend a overwrite of whole geli provider before use.
* Correct a typo while I'm there.

Reviewed by: pjd
MFC after: 2 weeks

Bring in geli suspend/resume functionality (finally).

Before this change if you wanted to suspend your laptop and be sure that your
encryption keys are safe, you had to stop all processes that use file system
stored on encrypted device, unmount the file system and detach geli provider.

This isn't very handy. If you are a lucky user of a laptop where suspend/resume
actually works with FreeBSD (I'm not!) you most likely want to suspend your
laptop, because you don't want to start everything over again when you turn
your laptop back on.

And this is where geli suspend/resume steps in. When you execute:

# geli suspend -a

geli will wait for all in-flight I/O requests, suspend new I/O requests, remove
all geli sensitive data from the kernel memory (like encryption keys) and will
wait for either 'geli resume' or 'geli detach'.

Now with no keys in memory you can suspend your laptop without stopping any
processes or unmounting any file systems.

When you resume your laptop you have to resume geli devices using 'geli resume'
command. You need to provide your passphrase, etc. again so the keys can be
restored and suspended I/O requests released.

Of course you need to remember that 'geli suspend' won't clear file system
cache and other places where data from your geli-encrypted file system might be
present. But to get rid of those stopping processes and unmounting file system
won't help either - you have to turn your laptop off. Be warned.

Also note, that suspending geli device which contains file system with geli
utility (or anything used by 'geli resume') is not very good idea, as you won't
be able to resume it - when you execute geli(8), the kernel will try to read it
and this read I/O request will be suspended.

- Add support for loading passphrase from a file (-J and -j options).
This is especially useful for things like installers, where regular
geli prompt can't be used.
- Add support for specifing multiple -K or -k options, so there is no
need to cat all keyfiles and read them from standard input.

Requested by: Kris Moore <kris@pcbsd.org>, thompsa
MFC after: 2 weeks

Document AES-XTS.

MFC after: 1 week

Add a geli resize subcommand to resize encrypted filesystems prior
to growing the filesystem.

Refuse to attach providers where the metadata provider size is
wrong. This makes post-boot attaches behave consistently with
pre-boot attaches. Also refuse to restore metadata to a provider
of the wrong size without the new -f switch. The new -f switch
forces the metadata restoration despite the provider size, and
updates the provider size in the restored metadata to the correct
value.

Helped by: pjd
Reviewed by: pjd

Fix indent.

By default backup geli metadata to a file. It is quite critical 512 bytes,
once it is lost, all data is gone.

Option '-B none' can by used to prevent backup. Option '-B path' can be
used to backup metadata to a different file than the default, which is
/var/backups/<prov>.eli.

The 'geli init' command also prints backup file location and gives short
procedure how to restore metadata.

The 'geli setkey' command now warns that even after passphrase change or keys
update there could be version of the master key encrypted with old
keys/passphrase in the backup file.

Add regression tests to verify that new functionality works as expected.

Update other regression tests so they don't create backup files.

Reviewed by: keramida, rink
Dedicated to: a friend who lost 400GB of his live by accidentally overwritting geli metadata
MFC after: 2 weeks

- Give algorithms recommendation.
- Keep options in alphabetical order.

geli onetime command can take only one GEOM provider at a time.

Add support for Camellia encryption algorithm.

PR: kern/113790
Submitted by: Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp>
Approved by: re (bmah)

Fix incorrect comment. Geli will protect against data modification, of
course! It won't protect against reply attacks - try harder to explain
them correctly.

MFC after: 1 week

Remove a contraction and add a missing article.

Add 'configure' subcommand which for now only allows setting and removing
of the BOOT flag. It can be performed on both attached and detached
providers.

Requested by: Matthias Lederhofer <matled@gmx.net>
MFC after: 1 week

Note that we don't destroy keys on read-only attached providers.

MFC after: 1 week

o Spell.

Submitted by: ru

o Strip eol whitespaces.

o New sentence, new line.
o Touch Dd for -r.

Allow geli to operate on read-only providers.

Initial patch from: vd
MFC after: 2 weeks

Clarify and merge two sentences.

Discussed with: pjd

Mdoc cleanup and some wording improvements.

Remove section committed by mistake. It is not yet ready.

Document geli(8) data authentication.

Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)

Add an example how to use keyfiles for encrypted providers which should be
attached before the root file system is mounted.

MFC after: 3 days

Expand contractions.

s/5.5/6.0/ in HISTORY section.

Discussed with: ru

By default, when doing crypto work in software, start as many threads
as we have active CPUs and bind each thread to its own CPU.

MFC after: 3 days

Allow to change number of iterations for PKCS#5v2. It can only be used
when there is only one key set.

MFC after: 3 days

Update manual page (now dedicated kernel thread is always started).

MFC after: 3 days

GELI doesn't need cryptodev.

MFC after: 2 days

Misc cleanup (spelling, grammar, mdoc, style, cut >80 char lines).

Add GEOM_ELI class which provides GEOM providers encryption.
For features list and usage see manual page: geli(8).

Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 1 week