From 8a416b59fb6270f0716facaa5f207c7f2270bc3e Mon Sep 17 00:00:00 2001 From: Devin Teske Date: Wed, 1 Apr 2015 02:05:26 +0000 Subject: [PATCH] Whoops! "arc commit --revision" != "arc diff --update" --- sys/boot/forth/check-password.4th | 9 ------- sys/boot/forth/check-password.4th.8 | 42 +++++------------------------ sys/boot/forth/loader.conf | 1 - usr.sbin/bsdinstall/scripts/zfsboot | 3 --- 4 files changed, 7 insertions(+), 48 deletions(-) diff --git a/sys/boot/forth/check-password.4th b/sys/boot/forth/check-password.4th index 9f25959bef6..04114aaae97 100644 --- a/sys/boot/forth/check-password.4th +++ b/sys/boot/forth/check-password.4th @@ -146,15 +146,6 @@ only forth definitions also password-processing 2drop read-reset else drop then - \ Prompt for GEOM ELI (geli(4)) passphrase if enabled - s" geom_eli_passphrase_prompt" getenv dup -1 <> if - s" YES" compare-insensitive 0= if - s" GELI Passphrase: " read ( prompt -- ) - readval readlen @ s" kern.geom.eli.passphrase" setenv - read-reset - then - else drop then - \ Exit if a password was not set s" password" getenv -1 = if exit else drop then diff --git a/sys/boot/forth/check-password.4th.8 b/sys/boot/forth/check-password.4th.8 index db0aa4bc6bc..e1f52b7d20d 100644 --- a/sys/boot/forth/check-password.4th.8 +++ b/sys/boot/forth/check-password.4th.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2011-2015 Devin Teske +.\" Copyright (c) 2011-2012 Devin Teske .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 20, 2015 +.Dd December 10, 2012 .Dt CHECK-PASSWORD.4TH 8 .Os .Sh NAME @@ -33,12 +33,8 @@ .Sh DESCRIPTION The file that goes by the name of .Nm -is a set of commands designed to do one or more of the following: -.Pp -.Dl o Prevent booting without password -.Dl o Prevent modification of boot options without password -.Dl o Provide a password to mount geli(8) encrypted root disk(s) -.Pp +is a set of commands designed to either prevent booting or prevent modification +of boot options without an appropriately configured password. The commands of .Nm by themselves are not enough for most uses. @@ -62,23 +58,14 @@ The commands provided by it are: .Pp .Bl -tag -width disable-module_module -compact -offset indent .It Ic check-password -Multi-purpose function that can protect the interactive boot menu, -prevent boot without password, or prompt for geli(8) passphrase -.Pq depending on Xr loader.conf 5 settings . +Dual-purpose function that can either protect the interactive boot menu or +prevent boot without password (separately). .Pp First checks .Va bootlock_password and if-set, the user cannot continue until the correct password is entered. .Pp -Next, checks -.Va geom_eli_passphrase_prompt -and if set to -.Li YES -.Pq case-insensitive -prompts the user to enter their GELI password for later mounting of the root -device(s) during boot. -.Pp -Last, checks +Next checks .Va password and if-set, tries to .Ic autoboot @@ -94,11 +81,6 @@ The environment variables that effect its behavior are: Sets the bootlock password (up to 16 characters long) that is required by .Ic check-password to be entered before the system is allowed to boot. -.It Va geom_eli_passphrase_prompt -Selects whether loader(8) will prompt for GELI credentials, handing-off to the -kernel for later mounting of -.Xr geli 8 -encrypted root device(s). .It Va password Sets the password (up to 16 characters long) that is required by .Ic check-password @@ -140,16 +122,6 @@ to prevent booting without password: .Bd -literal -offset indent -compact bootlock_password="boot" .Ed -.Pp -Add the following to -.Xr loader.conf 5 -to generate a prompt at boot to collect GELI credentials for mounting -.Xr geli 8 -encrypted root device(s): -.Pp -.Bd -literal -offset indent -compact -geom_eli_passphrase_prompt="YES" -.Ed .Sh SEE ALSO .Xr loader.conf 5 , .Xr loader 8 , diff --git a/sys/boot/forth/loader.conf b/sys/boot/forth/loader.conf index 275a58bf60f..573a06a7561 100644 --- a/sys/boot/forth/loader.conf +++ b/sys/boot/forth/loader.conf @@ -62,7 +62,6 @@ entropy_cache_type="/boot/entropy" # "NO" to disable autobooting #password="" # Prevent changes to boot options #bootlock_password="" # Prevent booting (see check-password.4th(8)) -#geom_eli_passphrase_prompt="NO" # Prompt for geli(8) passphrase to mount root #beastie_disable="NO" # Turn the beastie boot menu on and off #kernels="kernel kernel.old" # Kernels to display in the boot menu #loader_logo="orbbw" # Desired logo: orbbw, orb, fbsdbw, beastiebw, beastie, none diff --git a/usr.sbin/bsdinstall/scripts/zfsboot b/usr.sbin/bsdinstall/scripts/zfsboot index f1eeb2f0c75..edd9f596cd6 100755 --- a/usr.sbin/bsdinstall/scripts/zfsboot +++ b/usr.sbin/bsdinstall/scripts/zfsboot @@ -1343,9 +1343,6 @@ zfs_create_boot() $BSDINSTALL_TMPBOOT/loader.conf.aesni || return $FAILURE f_eval_catch $funcname echo "$ECHO_APPEND" 'geom_eli_load=\"YES\"' \ $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE - f_eval_catch $funcname echo "$ECHO_APPEND" \ - 'geom_eli_passphrase_prompt=\"YES\"' \ - $BSDINSTALL_TMPBOOT/loader.conf.geli || return $FAILURE for disk in $disks; do f_eval_catch $funcname printf "$PRINTF_CONF" \ geli_%s_keyfile0_load "$disk$targetpart YES" \