aboutsummaryrefslogtreecommitdiff
path: root/lib/geom/eli
Commit message (Collapse)AuthorAgeFilesLines
* The UMA man page is lowercased. Reference it as uma.9 to avoid 404.Jens Schweikhardt2025-04-171-1/+1
|
* lib/geom: remove redundant libraries and objectsRobert Clausecker2024-10-151-3/+1
| | | | | | | | | | | Do not link lib/geom/raid with libmd, it is not required for the module. Do not include the sha256/sha512 code in lib/geom/eli, it is provided by libmd. Remove ${.CURDIR:H:H}/misc from .PATH for all modules. This path has stopped being valid when the GEOM modules were moved from sbin/geom to lib/geom. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D47061
* Remove residual blank line at start of MakefileWarner Losh2024-07-151-1/+0
| | | | | | | This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
* Remove cross-references to GBDEPoul-Henning Kamp2024-05-071-2/+0
|
* geli.8: add some notes regarding performance tuningAlan Somers2024-04-241-1/+41
| | | | | | | MFC after: 1 week Sponsored by: Axcient Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D44908
* geli.8: minor proofreadingAlan Somers2024-04-221-3/+3
| | | | | | | MFC after: 3 days Sponsored by: Axcient Reviewed by: imp, pauamma (manpages) Differential Revision: https://reviews.freebsd.org/D44907
* lib: Automated cleanup of cdefs and other formattingWarner Losh2023-11-271-1/+0
| | | | | | | | | | | | | | | | Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
* geli: Fix geli setkey -J for detached providersArjan de Vet2023-08-281-0/+6
| | | | | | | | | Clear cached_passphrase before generating a new key, otherwise the operation nonsensically tries to reuse the old passphrase. PR: 254966 Pull Request: https://github.com/freebsd/freebsd-src/pull/780 MFC after: 1 week
* Remove $FreeBSD$: two-line nroff patternWarner Losh2023-08-161-2/+0
| | | | Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
* Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-162-2/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* Remove $FreeBSD$: one-line .c patternWarner Losh2023-08-161-2/+0
| | | | Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
* geli: fix typoMariusz Zaborski2023-05-151-1/+1
| | | | | | PR: 271396 Reported by: Tim Chase <freebsd@tim.thechases.com> MFC after: 1 week
* spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSDWarner Losh2023-05-121-1/+1
| | | | | | | | | The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
* Update/fix Makefile.depend for userlandSimon J. Gerraty2023-04-191-2/+0
|
* geli: split the initalization of HMACMariusz Zaborski2023-02-081-18/+54
| | | | | | | | | | | | | | | | GELI allows to read a user key from a standard input. However if user initialize multiple providers at once, the standard input will be empty for the second and next providers. This caused GELI to encrypt a master key with an empty key file. This commits initialize the HMAC with the key file, and then reuse the finalized structure to generate different encryption keys for different providers. Reported by: Nathan Dorfman Tested by: philip Security: FreeBSD-SA-23:01.geli Security: CVE-2023-0751
* pkgbase: Put geom utilities in their own packageEmmanuel Vadot2022-10-261-1/+1
| | | | | | | | For most users it's not needed to boot and they are also available in the FreeBSD-rescue package in case an update break and FreeBSD-geom package isn't updated correctly. Differential Revision: https://reviews.freebsd.org/D36224
* geli: Add a chicken switch for unmapped I/OMark Johnston2022-04-181-1/+7
| | | | | | | | | | | | We have a report of a panic in GELI that appears to go away when unmapped I/O is disabled. Add a tunable to make such investigations easier in the future. No functional change intended. PR: 262894 Reviewed by: asomers MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34944
* geli(8): Do not report error on resize to the same size.Alexander Motin2021-08-181-4/+4
| | | | | | | | | | Just validate the old metadata and exit. Originally the check was added to not thash the only copy of metadata, but we can achieve the same just by skipping the writing/trashing. The metadata validation should protect user from wrongly specifying new size instead of old. MFC after: 1 month Sponsored by: iXsystems, Inc.
* Fix formatting of SYNOPSISMateusz Piotrowski2020-10-151-3/+2
| | | | | | | | | There was an unnecessary newline being added before Nm. MFC after: 3 days Notes: svn path=/head/; revision=366725
* geli(8): Add missing commands in the EXAMPLES sectionGordon Bergling2020-07-221-2/+4
| | | | | | | | | | | | | - Add a missing 'geli attach' command - Fix the passphrase prompt for a 'geli attach' command Reported by: Fabian Keil <freebsd-listen at fabiankeil dot de> Reviewed by: bcr (mentor) Approved by: bcr (mentor) Differential Revision: https://reviews.freebsd.org/D25761 Notes: svn path=/head/; revision=363416
* geli(8): Add an example on how to use geli(8) with a file as encrypted storageGordon Bergling2020-07-201-2/+62
| | | | | | | | | | Reviewed by: bcr (mentor) Approved by: bcr (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25741 Notes: svn path=/head/; revision=363363
* Remove support for geli(4) algorithms deprecated in r348206.John Baldwin2020-04-152-42/+3
| | | | | | | | | | | | | | | | | | | | This removes support for reading and writing volumes using the following algorithms: - Triple DES - Blowfish - MD5 HMAC integrity In addition, this commit adds an explicit whitelist of supported algorithms to give a better error message when an invalid or unsupported algorithm is used by an existing volume. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24343 Notes: svn path=/head/; revision=359945
* Document geli(8) loader variables conventionsMateusz Piotrowski2020-03-191-1/+30
| | | | | | | | | | | | | | | | | | The geli(8) manual page has an example for preloading keyfiles during boot. There is no detail though on how the lookup of these variables actually works. Let's document that the name of a device does not have to be a part of the variable. PR: 243261 Submitted by: johannes@jo-t.de Approved by: bcr (mentor) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D24114 Notes: svn path=/head/; revision=359125
* geli: raise WARNS to 6Alan Somers2019-11-012-13/+11
| | | | | | | | MFC after: 2 weeks Sponsored by: Axcient Notes: svn path=/head/; revision=354234
* Correct the argument passed to g_eli_algo2str()Li-Wen Hsu2019-05-241-1/+1
| | | | | | | | MFC with: r348206 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=348231
* Add deprecation warnings for weaker algorithms to geli(4).John Baldwin2019-05-232-2/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | - Triple DES has been formally deprecated in Kerberos (RFC 8429) and is soon to be deprecated in IPsec (RFC 8221). - Blowfish is deprecated. FreeBSD doesn't support its successor (Twofish). - MD5 is generally considered a weak digest that has known attacks. geli refuses to create new volumes using these algorithms via 'geli init'. It also warns when attaching to existing volumes or creating temporary volumes via 'geli onetime' . The plan is to fully remove support for these algorithms in FreeBSD 13. Note that none of these algorithms have ever been the default algorithm used by geli(8). Users would have had to explicitly select these algorithms when creating volumes in the past. Reviewed by: cem, delphij MFC after: 3 days Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D20344 Notes: svn path=/head/; revision=348206
* Implement automatic online expansion of GELI providers - if the underlyingPawel Jakub Dawidek2019-04-032-18/+75
| | | | | | | | | | | | | | | | | | | provider grows, GELI will expand automatically and will move the metadata to the new location of the last sector. This functionality is turned on by default. It can be turned off with the -R flag, but it is not recommended - if the underlying provider grows and automatic expansion is turned off, it won't be possible to attach this provider again, as the metadata is no longer located in the last sector. If the automatic expansion is turned off and the underlying provider grows, GELI will only log a message with the previous size of the provider, so recovery can be easier. Obtained from: Fudo Security Notes: svn path=/head/; revision=345862
* - Add missing -T (notrim) option to the label subcommand.Pawel Jakub Dawidek2019-04-031-1/+2
| | | | | | | | | - Add missing -T option in the onetime subcommand comment. Obtained from: Fudo Security Notes: svn path=/head/; revision=345861
* geli init with multiple providers - fix init and fix -B "none"Ben Woods2018-09-101-20/+13
| | | | | | | | | | | | | | | | | | | | Apply some fixes post rS336659, which allowed multiple provders to be initialized in a single command. - Fix issue where second and subsequent providers would fail init. This was due to the metadata struct being zeroed after the first provider init was completed, despite containing common data required for subsequent providers. - Fix issue where -B "none" would still result in the metadata being backed-up if multiple providers had been specified. This was due to the backupfile of "none" being incorrectly made unique for each provider by appending "-<prov>". Approved by: asomers Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D17096 Notes: svn path=/head/; revision=338558
* geli init: Allow initialization of multiple geli providers at once ifBen Woods2018-07-232-84/+210
| | | | | | | | | | | | | | | | | they use same passphrase and keyfiles. Unique salt will be randomly generated for each provider to ensure the Master Key for each is unique. This change follows on from r335673 and r336602, which allowed multiple providers to be attached in a single command. Reviewed by: asomers Approved by: sobomax Differential Revision: https://reviews.freebsd.org/D16115 Notes: svn path=/head/; revision=336659
* geli attach: Fix exit codes and errors not being printed after r335673Ben Woods2018-07-221-11/+20
| | | | | | | | | | | | | | Now that multiple providers can be attached at once, exit codes and error messages must be handled correctly if there are failures in on any of the providers. Reported by: asomers (Kyua test failures via continuous integration) Reviewed by: asomers Approved by: allanjude Differential Revision: https://reviews.freebsd.org/D16386 Notes: svn path=/head/; revision=336602
* geli attach multiple providersBen Woods2018-06-262-120/+185
| | | | | | | | | | | | | | | | | | | | | | | | | Allow attaching of multiple geli providers at once if they use same passphrase and keyfiles. This is helpful when the providers being attached are not used for boot, and therefore the existing code to first try the cached password when tasting the providers during boot does not apply. Multiple providers with the same passphrase and keyfiles can be attached at the same time during system start-up by adding the following to rc.conf: geli_groups="storage backup" geli_storage_flags="-k /etc/geli/storage.keys" geli_storage_devices="ada0 ada1" geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys" geli_backup_devices="ada2 ada3" Reviewed by: wblock, delphij, jilles Approved by: sobomax (src), bcr (doc) Differential Revision: https://reviews.freebsd.org/D12644 Notes: svn path=/head/; revision=335673
* Normalize the g(eom,cache,part,...) build.Brooks Davis2018-06-254-0/+2933
Rather then combining hardlink creation for the geom(8) binary with shared library build, move libraries to src/lib/geom so they are built and installed normally. Create a common Makefile.classes which is included by both lib/geom/Makefile and sbin/geom/Makefile so the symlink and libraries stay in sync. The relocation of libraries allows libraries to be build for 32-bit compat. This also reduces the number of non-standard builds in the system. This commit is not sufficent to run a 32-bit /sbin/geom on a 64-bit system out of the box as it will look in the wrong place for libraries unless GEOM_LIBRARY_PATH is set appropriatly in the environment. Reviewed by: bdrewery Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D15360 Notes: svn path=/head/; revision=335645
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-16 14:40:37 +0000