Date: Wed, 15 Apr 2020 08:11:19 +0000 (UTC) From: Mateusz Piotrowski <0mp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r359960 - stable/12/lib/geom/eli Message-ID: <202004150811.03F8BJLt034170@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: 0mp (doc,ports committer) Date: Wed Apr 15 08:11:19 2020 New Revision: 359960 URL: https://svnweb.freebsd.org/changeset/base/359960 Log: MFC 359125: Document geli(8) loader variables conventions The geli(8) manual page has an example for preloading keyfiles during boot. There is no detail though on how the lookup of these variables actually works. Let's document that the name of a device does not have to be a part of the variable. PR: 243261 Submitted by: johannes@jo-t.de Approved by: bcr (mentor) Differential Revision: https://reviews.freebsd.org/D24114 Modified: stable/12/lib/geom/eli/geli.8 Directory Properties: stable/12/ (props changed) Modified: stable/12/lib/geom/eli/geli.8 ============================================================================== --- stable/12/lib/geom/eli/geli.8 Wed Apr 15 05:55:14 2020 (r359959) +++ stable/12/lib/geom/eli/geli.8 Wed Apr 15 08:11:19 2020 (r359960) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 23, 2019 +.Dd March 19, 2020 .Dt GELI 8 .Os .Sh NAME @@ -988,6 +988,35 @@ geli_da1s3a_keyfile_load="YES" geli_da1s3a_keyfile_type="da1s3a:geli_keyfile" geli_da1s3a_keyfile_name="/boot/keys/da1s3a.key" .Ed +.Pp +By convention, these loader variables are called +.Sm off +.Va geli_ No < Ar device No > Va _load . +.Sm on +However, the actual name prefix before +.Va _load , _type , +or +.Va _name +does not matter. +At boot time, the +.Nm +module searches through all +.Sm off +.No < Va prefix No > Va _type No -like +.Sm on +variables that have a value of +.Sm off +.Dq < Ar device No > :geli_keyfile . +.Sm on +The paths to keyfiles are then extracted from +.Sm off +.No < Ar prefix No > Va _name +.Sm on +variables. +In the example above, +.Ar prefix +is +.Dq Li geli_da1s3a_keyfile . .Pp Not only configure encryption, but also data integrity verification using .Nm HMAC/SHA256 .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004150811.03F8BJLt034170>