diff options
| author | gjb <gjb@FreeBSD.org> | 2015-07-07 18:52:22 +0000 |
|---|---|---|
| committer | gjb <gjb@FreeBSD.org> | 2015-07-07 18:52:22 +0000 |
| commit | 4b4ce39bb7a197a48d25e0fc4b1c3445277f2f60 (patch) | |
| tree | 00467c418a2be355ff8c5f18c3455d0c2ce0d484 /sys/geom | |
| parent | c6218b1955382ad46213448dab7e3e89d086f785 (diff) | |
| download | FreeBSD-src-4b4ce39bb7a197a48d25e0fc4b1c3445277f2f60.zip FreeBSD-src-4b4ce39bb7a197a48d25e0fc4b1c3445277f2f60.tar.gz | |
MFC r273489 (cperciva):
Populate the GELI passphrase cache with the kern.geom.eli.passphrase
variable (if any) provided in the boot environment. Unset it from
the kernel environment after doing this, so that the passphrase is
no longer present in kernel memory once we enter userland.
This will make it possible to provide a GELI passphrase via the boot
loader.
PR: 200448
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'sys/geom')
| -rw-r--r-- | sys/geom/eli/g_eli.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index 01c3b53..2e5810d 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -99,6 +99,25 @@ SYSCTL_UINT(_kern_geom_eli, OID_AUTO, boot_passcache, CTLFLAG_RD, &g_eli_boot_passcache, 0, "Passphrases are cached during boot process for possible reuse"); static void +fetch_loader_passphrase(void * dummy) +{ + char * env_passphrase; + + KASSERT(dynamic_kenv, ("need dynamic kenv")); + + if ((env_passphrase = kern_getenv("kern.geom.eli.passphrase")) != NULL) { + /* Extract passphrase from the environment. */ + strlcpy(cached_passphrase, env_passphrase, + sizeof(cached_passphrase)); + freeenv(env_passphrase); + + /* Wipe the passphrase from the environment. */ + kern_unsetenv("kern.geom.eli.passphrase"); + } +} +SYSINIT(geli_fetch_loader_passphrase, SI_SUB_KMEM + 1, SI_ORDER_ANY, + fetch_loader_passphrase, NULL); +static void zero_boot_passcache(void * dummy) { |
