Attempt to add multiple device attachment to "geli attach"

Karl Denninger karl at denninger.net
Thu Sep 4 02:44:59 UTC 2014 

On 9/3/2014 15:00, John-Mark Gurney wrote:
> Karl Denninger wrote this message on Wed, Sep 03, 2014 at 14:33 -0500:
>> Never mind... I know what I missed -- the key generation that is passed
>> in is dependent on the metadata read from the userspace.
>>
>> More work to do here.... will have to pass a separate key structure for
>> each disk and it will also require some more work in the userspace
>> command area so it doesn't prompt a second time for a password.
>>
>> I'll post the completed patch set once I have it if people here think it
>> would be interesting.
> Just some comments on this as I've thought about this issue...
>
> There are two issues here, one is for root and one is for geli
> volume mounted later...
>
> For the later, I personally use a key volume that is encrypted, and uses
> that "key store" for my large 8 disk raidz pool..  This is less of an
> issue, but still requires me to type in the password twice...  It
> basicly boils down to:
> (cd /zkeys && for i in *.key; do geli attach -p -k "$i" "label/${i%.key}"; geli attach -p -k "$i" "gpt/${i%.key}"; done) || exit 5
>
> I have to do both label and gpt since disks are labeled, but things like
> zlog are on gpt partitions...
>
> I haven't reviewed your patch, nor have I looked at how geli keys
> volumes upon init, but make sure that you have each volume's master
> key salted seperately... This way if the volumes get seperated from
> your system, it won't leak that they use the same key... Yes, it'll
> take a bit more cpu time to unlock, but not that big of an issue IMO...
>
> Handling unlocking mirrored roots is a bit more interesting as you
> now have to touch the geli kernel code...
>
> btw, reattaching a single disk that was previously part of a pool is
> fast... I've done this on more than one occasion where one disk drops
> out of the raidz and then shortly after I reattach it... It will
> recognize the original data, so only if new data that got written
> can't be read will you suffer a loss, but that would be a double failure
> case, and known limitation of raidz...
>
> Thanks for looking at this... I'm definately interested in making
> multi disk geli more usable...
>
> $find /dev -name "*.eli" | wc -l
>        17
>
> :)
>
> 8 (raidz data disks) + 2 (mirrored root) + 1 (swap) + 2 (cache) +
> 2 (log) + 2 (duplicates from root ada vs ad)
>

Try this in /usr/local/etc/rc.d -- it is a modification of the geli 
script and gets the password, then iterates over the disks and tries to 
attach them.  If it fails it will prompt you again (up to three times as 
does the stock code, but you can override that if you want.)  This is to 
be used in place of the geli option in /etc/rc.conf.

Place the disks in /etc/rc.conf as:

encrypt_disks="..... "

The usual geli overrides also work (since I cribbed the code), EXCEPT 
the detach-on-close -- I have had serious problems with that when a 
non-related drive detaches from the bus -- it has on multiple occasions 
caused all my geli disks to detach on the same adapter! Needless to say 
I don't set that flag any more -- I let the kernel detach them when the 
machine shuts down.

As long as the password you originally supply is good it will keep 
iterating through the list and mount them all.  Voila -- enter it once!

#!/bin/sh
#
# Copyright 2014 Karl Denninger <karl at denninger.net>
# Cribbed modified from original as below
#
# Copyright (c) 2005 Pawel Jakub Dawidek <pjd at FreeBSD.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#

# PROVIDE: disks
# REQUIRE: initrandom
# KEYWORD: nojail

. /etc/rc.subr

name="encrypt"
start_cmd="encrypt_start"
stop_cmd="encrypt_stop"
required_modules="geom_eli:g_eli"

encrypt_start()
{

     devices=${encrypt_disks}

     echo -n 'Geli attach Password: '
     stty -echo
     read password
     stty echo
     echo

         if [ -z "${encrypt_tries}" ]; then
                 if [ -n "${encrypt_attach_attempts}" ]; then
                         # Compatibility with rc.d/gbde.
                         encrypt_tries=${encrypt_attach_attempts}
                 else
                         encrypt_tries=`${SYSCTL_N} kern.geom.eli.tries`
                 fi
         fi

     for provider in ${devices}; do
         provider_=`ltr ${provider} '/-' '_'`

         eval "flags=\${encrypt_${provider_}_flags}"
         if [ -z "${flags}" ]; then
             flags=${encrypt_default_flags}
         fi
         if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then
             echo "Geli attach ${provider}."
             count=1
             while [ ${count} -le ${encrypt_tries} ]; do
                 echo $password | geli attach -j - ${flags} ${provider}
                 if [ -e "/dev/${provider}.eli" ]; then
                     break
                 fi
                 echo "Attach failed; attempt ${count} of ${encrypt_tries}."
                 count=$((count+1))
                 if [ ${count} -gt ${encrypt_tries} ]; then
                     echo "KEY MISMATCH ERROR - Abort"
                     exit 1
                 fi
                 echo -n 'Geli attach Password: '
                 stty -echo
                 read password
                 stty echo
                 echo
             done
         else
             if [ -e "/dev/${provider}" ]; then
                 echo "${provider} is already attached."
             else
                 echo "${provider} does not exist."
             fi
         fi
     done
}

encrypt_stop()
{
     devices=${encrypt_disks}

     for provider in ${devices}; do
         if [ -e "/dev/${provider}.eli" ]; then
             umount "/dev/${provider}.eli" 2>/dev/null
             geli detach "${provider}"
         fi
     done
}

load_rc_config $name
run_rc_command "$1"


-- 
-- Karl
karl at denninger.net


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2711 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20140903/e21fdbed/attachment.bin>

More information about the freebsd-geom mailing list