3 # Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions
9 # 1. Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # 2. Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
15 # THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 desc="GELI disk encryption"
36 start_precmd='[ -n "$(geli_make_list)" -o -n "${geli_groups}" ]'
37 start_cmd="geli_start"
39 required_modules="geom_eli:g_eli"
42 # Reads key from EFIvar
43 # Returns tempfile pathname containing key
47 local provider_=`ltr ${provider} '/-' '_'`
48 local guid="65537263-7465-654b-4f79-44666f6f216d"
50 eval "efi=\${geli_${provider_}_efi}"
54 efivar="$(printf "%s-%s" "${guid}" "$(echo -n "${provider}" | sha256)")"
55 tmpkey="$(mktemp "/tmp/efikey_${provider_}")"
56 efivar --binary --no-name "${efivar}" > "${tmpkey}"
66 mount -t tmpfs tmpfs /tmp
76 devices=`geli_make_list`
78 if [ -z "${geli_tries}" ]; then
79 if [ -n "${geli_attach_attempts}" ]; then
80 # Compatibility with rc.d/gbde.
81 geli_tries=${geli_attach_attempts}
83 geli_tries=`${SYSCTL_N} kern.geom.eli.tries`
89 for provider in ${devices}; do
90 provider_=`ltr ${provider} '/-' '_'`
92 eval "flags=\${geli_${provider_}_flags}"
93 if [ -z "${flags}" ]; then
94 flags=${geli_default_flags}
97 efikey="$(geli_efi "${provider}")"
100 echo "Acquired key for ${provider} from EFI."
101 flags="${flags} -p -k ${efikey}"
104 if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then
105 echo "Configuring Disk Encryption for ${provider}."
107 while [ ${count} -le ${geli_tries} ]; do
108 geli attach ${flags} ${provider}
109 if [ -e "/dev/${provider}.eli" ]; then
112 echo "Attach failed; attempt ${count} of ${geli_tries}."
118 for group in ${geli_groups}; do
119 group_=`ltr ${group} '/-' '_'`
121 eval "flags=\${geli_${group_}_flags}"
122 if [ -z "${flags}" ]; then
123 flags=${geli_default_flags}
126 eval "providers=\${geli_${group_}_devices}"
127 if [ -z "${providers}" ]; then
128 echo "No devices listed in geli group ${group}."
132 efikey="$(geli_efi "${group}")"
133 if [ -s "${efikey}" ]
135 echo "Acquired key for ${group} from EFI."
136 flags="${flags} -p -k ${efikey}"
139 if [ -e "/dev/${providers%% *}" -a ! -e "/dev/${providers%% *}.eli" ]; then
140 echo "Configuring Disk Encryption for geli group ${group}, containing ${providers}."
142 while [ ${count} -le ${geli_tries} ]; do
143 geli attach ${flags} ${providers}
144 if [ -e "/dev/${providers%% *}.eli" ]; then
147 echo "Attach failed; attempt ${count} of ${geli_tries}."
158 devices=`geli_make_list`
160 for group in ${geli_groups}; do
161 group_=`ltr ${group} '/-' '_'`
163 eval "providers=\${geli_${group_}_devices}"
165 devices="${devices} ${providers}"
168 for provider in ${devices}; do
169 if [ -e "/dev/${provider}.eli" ]; then
170 umount "/dev/${provider}.eli" 2>/dev/null
171 geli detach "${provider}"