Date: Tue, 6 May 2003 13:10:32 -0700 From: "Lucky Green" <shamrock@cypherpunks.to> To: <freebsd-arch@freebsd.org> Cc: "'Geoffrey T. Falk'" <gtf@cirp.org> Subject: Putting gbde to use: changes to fstab(5)? Message-ID: <007901c3140b$8ccbad20$6601a8c0@VAIO650>
next in thread | raw e-mail | index | archive | help
I believe there is a need for a convention specifying where and how gbde(4)(8) encrypted devices should be listed in system configuration files. I don't hugely care what convention will be chosen is as long as there exists a clear convention that will enable authors to write software that will make it easy to deploy gbde. Background: gbde(4)-encrypted devices need to be attached to the kernel before they can be mounted. Attaching the device requires a password, which can either be automatically generated at boot, as would be in the case for encrypted swap, or has to be supplied by the administrator, typically via ssh, as is typically the case for UFS file systems. Even a partial automation of this process requires a configuration file containing a list of bde gbde(4) devices to be attached, their purpose (swap, UFS), a (potentially implied based on file system type) hint how to obtain the password, the type of the decrypted file system, and the ultimate mount point. In other words, what we need is the information usually found in fstab(5) and a little bit more. The configuration file should contain sufficient information to later on enable the following: - swapon(8): either extend the -a option to encrypt the swap file with a random password if the swap file is marked as to be encrypted in the configuration file or perhaps add a new option to swapon(8) to mount swap devices marked as to be encrypted. - add scripts that are executed, potentially manually, though in come cases as part of an extended boot sequence, after the system has come up in multi-user mode and sshd is running that will obtain the password, fsck the FS, and mount the unencrypted FS. - make other parts of the base OS, such as mount(8) aware of encrypted devices. I suspect the most intuitive approach to creating such a config file would be to make slight extensions to fstab(5), which was the preferred, though not unanimous, method mentioned to me in numerous conversations with current and potential gbde users. However, this carries the risk that software that uses fstab at present may get confused when presented with additional options. However, I don't know how big of problem this would really be in practice. Sooner or later, many of the programs that currently make use of fstab may need to become gbde-aware in some form or another for gbde to achieve its full potential. The absence of a formal way to specify gbde partitions in the config files at the moment has two direct consequences: 1) it is delaying the creation of various automation scripts and potential integration of gbde support with system utilities. 2) informal and not necessarily broadly suitable or compatible conventions are bound to appear. For an example of how one might enable encrypted swap at boot see Geoffrey Falk's sample script archived at http://segment7.net/FreeBSD/encrypted_swap.txt Straw man proposal options: 1) extend fstab(5)'s fs_vfstype field to accept a comma-separated list ("ufs,bde") to indicate that the FS system is gbde-encrypted. 2) extend fs_mntops field instead ("rw,bde"). 3) specify the format for an fstab-like file for bde devices "fstab.bde" My preference is for 1) or 2), because it is the most intuitive solution for your average FreeBSD administrator, but others may be able to think of more/better options. Note that I am not asking to solve the general, and at this time largely undetermined, problem domain of how to specify future gbde-encrypted devices that may not correspond to commonly-used FreeBSD file systems. Thanks for your guidance, --Lucky
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007901c3140b$8ccbad20$6601a8c0>