| #
c2111d31 |
| 25-Apr-2024 |
kn <kn@openbsd.org> |
Add boot.conf(8) 'mach idle [secs]' to halt at idle passphrase prompts
Enable users to power down their machines if there was no input after N
seconds during disk descryption.
Motivation is to save
Add boot.conf(8) 'mach idle [secs]' to halt at idle passphrase prompts
Enable users to power down their machines if there was no input after N
seconds during disk descryption.
Motivation is to save battery and prevent pocket heaters when notebooks
unhibernate (e.g. lid accidentially opened) and sit at "Passphrase: ".
Only available on efi(4) systems as the timeout is saved as EFI variable;
mostly because that's trivial to do, but also because we lack a better
mechanism to configure that and persist such data without the root disk.
Discussed with many, starting at h2k23
OK Tests gnezdo
show more ...
|
| #
0c95ab44 |
| 24-Mar-2024 |
jsg <jsg@openbsd.org> |
use LIST_FOREACH_SAFE() to avoid use after free
this can't happen in a libsa environment
found by smatch, ok jsing@
|
| #
855f8c03 |
| 12-Aug-2022 |
stsp <stsp@openbsd.org> |
add support for booting from RAID 1C softraid(4) volumes on amd64
Only boot-loader changes are needed. Both installboot(8) and
the kernel already do what is required to make this work.
ok kn@
Test
add support for booting from RAID 1C softraid(4) volumes on amd64
Only boot-loader changes are needed. Both installboot(8) and
the kernel already do what is required to make this work.
ok kn@
Tested:
biosboot on vmm: kn, stsp
biosboot and efiboot on server hardware: stsp
show more ...
|
| #
27bea9a3 |
| 10-Aug-2018 |
jsing <jsing@openbsd.org> |
Retry on incorrect passphrase for softraid crypto boot.
Historically, the softraid crypto support in the boot loaders has only
given one attempt to provide the correct passphrase. There were a
few r
Retry on incorrect passphrase for softraid crypto boot.
Historically, the softraid crypto support in the boot loaders has only
given one attempt to provide the correct passphrase. There were a
few reasons for this, including the fact that pkcs5_pbkdf2() allows an
empty passphrase and that returning EPERM allowed for another attempt.
With the event of KARL and the need for bsd.booted with hibernate resumption,
this becomes much more of an issue - if you get the passphrase wrong you
fail to resume. There are also other situations like using /etc/boot.conf
to switch serial console, but an incorrect passphrase results in the config
not being read. Also, bcrypt_pbkdf() does not permit empty passphrases.
This reworks the softraid crypto support in the boot loaders so that it
loops requesting a valid passphrase until one is provided, or an empty
passphrase is entered (at which point it will abort).
ok mortimer@ tb@
show more ...
|
| #
c5a20270 |
| 10-Nov-2017 |
sunil <sunil@openbsd.org> |
"unknown KDF type 2" -> "keydisk not found".
Inputs and ok jsing@.
|
| #
df1890a2 |
| 18-Sep-2016 |
jsing <jsing@openbsd.org> |
Add bcrypt pbkdf support to the softraid crypto boot loader code.
Based on a diff from djm@
|
| #
94e1d415 |
| 11-Sep-2016 |
jsing <jsing@openbsd.org> |
Provide initial libsa softraid - this is currently just the data structures
and softraid crypto key handling code.
|