diff options
| author | dteske <dteske@FreeBSD.org> | 2015-04-01 02:01:34 +0000 |
|---|---|---|
| committer | dteske <dteske@FreeBSD.org> | 2015-04-01 02:01:34 +0000 |
| commit | 454ddb0c34aac80358a3c8f201162d642dec27e9 (patch) | |
| tree | d3a963f6c23020ff2891b08a4ddcae8c0065b997 /usr.sbin/bsdinstall/scripts | |
| parent | e520f6421505f39341b9f801c9f541c0f5f4d9cc (diff) | |
| download | FreeBSD-src-454ddb0c34aac80358a3c8f201162d642dec27e9.zip FreeBSD-src-454ddb0c34aac80358a3c8f201162d642dec27e9.tar.gz | |
Add "GELI Passphrase:" prompt to boot loader.
Summary:
Add "GELI Passphrase:" prompt to boot loader.
A new loader.conf(5) option of geom_eli_passphrase_prompt="YES" will now
allow you to enter your geli(8) root-mount credentials prior to invoking
the kernel.
See check-password.4th(8) for details.
Differential Revision: https://reviews.freebsd.org/D2105
Reviewed by: (your name[s] here)
MFC after: 3 days
X-MFC-to: stable/10
Relnotes: yes
Test Plan:
Drop a head copy of check-password.4th into /boot and then apply the patch
(only the patch to /boot/check-password.4th is required; no other changes are
required but you do have to have a HEAD copy of check-password.4th to
apply the patch).
NB: The rest of your /boot files can be up to 2 years old but no older.
NB: The test won't work unless your kernel has the following change
https://svnweb.freebsd.org/base?view=revision&revision=273489
Now, put into /boot/loader.conf:
geom_eli_passphrase_prompt="YES"
and reboot.
You should be prompted for a GELI passphrase before the menu (if enabled),
just after loading loader.conf(5).
NB: It doesn't matter if you're using GELI or not. However if you are using
GELI and a sufficiently new enough release (has SVN r273489) and you entered
the proper passphrase to mount your GELI encrypted root device(s), you should
notice that the boot process did not stop (you went from loader all the way to login).
Reviewers: cperciva, allanjude, scottl, kmoore
Subscribers: jkh, imp
Differential Revision: https://reviews.freebsd.org/D2105
Diffstat (limited to 'usr.sbin/bsdinstall/scripts')
| -rwxr-xr-x | usr.sbin/bsdinstall/scripts/zfsboot | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/usr.sbin/bsdinstall/scripts/zfsboot b/usr.sbin/bsdinstall/scripts/zfsboot index edd9f59..f1eeb2f 100755 --- a/usr.sbin/bsdinstall/scripts/zfsboot +++ b/usr.sbin/bsdinstall/scripts/zfsboot @@ -1343,6 +1343,9 @@ zfs_create_boot() $BSDINSTALL_TMPBOOT/loader.conf.aesni || return $FAILURE f_eval_catch $funcname echo "$ECHO_APPEND" 'geom_eli_load=\"YES\"' \ $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE + f_eval_catch $funcname echo "$ECHO_APPEND" \ + 'geom_eli_passphrase_prompt=\"YES\"' \ + $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE for disk in $disks; do f_eval_catch $funcname printf "$PRINTF_CONF" \ geli_%s_keyfile0_load "$disk$targetpart YES" \ |
