aboutsummaryrefslogtreecommitdiff
path: root/lib/geom
diff options
context:
space:
mode:
authorMateusz Piotrowski <0mp@FreeBSD.org>2020-03-19 09:23:26 +0000
committerMateusz Piotrowski <0mp@FreeBSD.org>2020-03-19 09:23:26 +0000
commit9168ef5be39f5da8e4f562279895e5dd57bfe376 (patch)
treeb09f077f667655c35ab3494b20daa63b721e2c0b /lib/geom
parentd76ca5b15c107600f2bdeeb282e2cd260d20c5f0 (diff)
downloadsrc-9168ef5be39f5da8e4f562279895e5dd57bfe376.tar.gz
src-9168ef5be39f5da8e4f562279895e5dd57bfe376.zip
Document geli(8) loader variables conventions
The geli(8) manual page has an example for preloading keyfiles during boot. There is no detail though on how the lookup of these variables actually works. Let's document that the name of a device does not have to be a part of the variable. PR: 243261 Submitted by: johannes@jo-t.de Approved by: bcr (mentor) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D24114
Notes
Notes: svn path=/head/; revision=359125
Diffstat (limited to 'lib/geom')
-rw-r--r--lib/geom/eli/geli.831
1 files changed, 30 insertions, 1 deletions
diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8
index 43ca9a2928c7..c56b79cfbb61 100644
--- a/lib/geom/eli/geli.8
+++ b/lib/geom/eli/geli.8
@@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd May 23, 2019
+.Dd March 19, 2020
.Dt GELI 8
.Os
.Sh NAME
@@ -1013,6 +1013,35 @@ geli_da1s3a_keyfile_type="da1s3a:geli_keyfile"
geli_da1s3a_keyfile_name="/boot/keys/da1s3a.key"
.Ed
.Pp
+By convention, these loader variables are called
+.Sm off
+.Va geli_ No < Ar device No > Va _load .
+.Sm on
+However, the actual name prefix before
+.Va _load , _type ,
+or
+.Va _name
+does not matter.
+At boot time, the
+.Nm
+module searches through all
+.Sm off
+.No < Va prefix No > Va _type No -like
+.Sm on
+variables that have a value of
+.Sm off
+.Dq < Ar device No > :geli_keyfile .
+.Sm on
+The paths to keyfiles are then extracted from
+.Sm off
+.No < Ar prefix No > Va _name
+.Sm on
+variables.
+In the example above,
+.Ar prefix
+is
+.Dq Li geli_da1s3a_keyfile .
+.Pp
Not only configure encryption, but also data integrity verification using
.Nm HMAC/SHA256 .
.Bd -literal -offset indent