svn commit: r285263 - stable/10/sys/geom/eli

[Glen Barber]

Author: gjb
Date: Wed Jul  8 09:54:17 2015
New Revision: 285263
URL: https://svnweb.freebsd.org/changeset/base/285263

Log:
  MFC r273489 (cperciva):
   Populate the GELI passphrase cache with the kern.geom.eli.passphrase
   variable (if any) provided in the boot environment.  Unset it from
   the kernel environment after doing this, so that the passphrase is
   no longer present in kernel memory once we enter userland.
  
   This will make it possible to provide a GELI passphrase via the boot
   loader.
  
   Note: head and stable/10 differ as a result of r273174, which renames
   the getenv(), setenv(), and unsetenv() functions with kern_getenv(),
   kern_setenv(), and kern_unsetenv(), which was reverted in the relevant
   parts of this change in 10-STABLE.
  
  PR:		200448
  Approved by:	re (kib)
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/10/sys/geom/eli/g_eli.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/geom/eli/g_eli.c
==============================================================================
--- stable/10/sys/geom/eli/g_eli.c	Wed Jul  8 03:20:28 2015	(r285262)
+++ stable/10/sys/geom/eli/g_eli.c	Wed Jul  8 09:54:17 2015	(r285263)
@@ -99,6 +99,25 @@ SYSCTL_UINT(_kern_geom_eli, OID_AUTO, bo
     &g_eli_boot_passcache, 0,
     "Passphrases are cached during boot process for possible reuse");
 static void
+fetch_loader_passphrase(void * dummy)
+{
+	char * env_passphrase;
+
+	KASSERT(dynamic_kenv, ("need dynamic kenv"));
+
+	if ((env_passphrase = getenv("kern.geom.eli.passphrase")) != NULL) {
+		/* Extract passphrase from the environment. */
+		strlcpy(cached_passphrase, env_passphrase,
+		    sizeof(cached_passphrase));
+		freeenv(env_passphrase);
+
+		/* Wipe the passphrase from the environment. */
+		unsetenv("kern.geom.eli.passphrase");
+	}
+}
+SYSINIT(geli_fetch_loader_passphrase, SI_SUB_KMEM + 1, SI_ORDER_ANY,
+    fetch_loader_passphrase, NULL);
+static void
 zero_boot_passcache(void * dummy)
 {