diff options
| author | phk <phk@FreeBSD.org> | 2002-10-19 17:02:17 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 2002-10-19 17:02:17 +0000 |
| commit | f4a1c1173b3f45e1a14bc1d4c04c14d43383091b (patch) | |
| tree | f7190d834ab37c4346e4a07e080071a331ff485e /sys/conf | |
| parent | b98187d3390cbe9be86f537cbb5de42714f233ce (diff) | |
| download | FreeBSD-src-f4a1c1173b3f45e1a14bc1d4c04c14d43383091b.zip FreeBSD-src-f4a1c1173b3f45e1a14bc1d4c04c14d43383091b.tar.gz | |
Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access
to the contents of "cold disks" with or without destruction activation.
Major features:
* Based on AES, MD5 and ARC4 algorithms.
* Four cryptographic barriers:
1) Pass-phrase encrypts the master key.
2) Pass-phrase + Lock data locates master key.
3) 128 bit key derived from 2048 bit master key protects sector key.
3) 128 bit random single-use sector keys protect data payload.
* Up to four different changeable pass-phrases.
* Blackening feature for provable destruction of master key material.
* Isotropic disk contents offers no information about sector contents.
* Configurable destination sector range allows steganographic deployment.
This commit adds the kernel part, separate commits will follow for the
userland utility and documentation.
This software was developed for the FreeBSD Project by Poul-Henning Kamp and
NAI Labs, the Security Research Division of Network Associates, Inc. under
DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
research program.
Many thanks to Robert Watson, CBOSS Principal Investigator for making this
possible.
Sponsored by: DARPA & NAI Labs.
Diffstat (limited to 'sys/conf')
| -rw-r--r-- | sys/conf/NOTES | 1 | ||||
| -rw-r--r-- | sys/conf/files | 4 | ||||
| -rw-r--r-- | sys/conf/options | 1 |
3 files changed, 6 insertions, 0 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 81df5c3..02e1d9f 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -115,6 +115,7 @@ options PQ_CACHESIZE=512 # color for 512k/16k cache options INCLUDE_CONFIG_FILE # Include this file in kernel options GEOM_AES +options GEOM_BDE options GEOM_BSD options GEOM_GPT options GEOM_MBR diff --git a/sys/conf/files b/sys/conf/files index 2bace6d..c003bc3 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -796,6 +796,10 @@ fs/umapfs/umap_vnops.c optional umapfs fs/unionfs/union_subr.c optional unionfs fs/unionfs/union_vfsops.c optional unionfs fs/unionfs/union_vnops.c optional unionfs +geom/bde/g_bde.c optional geom_bde +geom/bde/g_bde_crypt.c optional geom_bde +geom/bde/g_bde_lock.c optional geom_bde +geom/bde/g_bde_work.c optional geom_bde geom/geom_aes.c optional geom_aes geom/geom_bsd.c optional geom_bsd geom/geom_ctl.c standard diff --git a/sys/conf/options b/sys/conf/options index 8480b1c..0311849 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -88,6 +88,7 @@ GDB_REMOTE_CHAT opt_ddb.h GDBSPEED opt_ddb.h NO_GEOM opt_geom.h GEOM_AES opt_geom.h +GEOM_BDE opt_geom.h GEOM_BSD opt_geom.h GEOM_GPT opt_geom.h GEOM_MBR opt_geom.h |
