Create the GELIBOOT GEOM_ELI flag

This flag indicates that the user wishes to use the GELIBOOT feature to boot from a fully encrypted root file system.
Currently, GELIBOOT does not support key files, and in the future when it does, they will be loaded differently.
Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if any) to the HMAC before the optional passphrase, so there is no way to tell if a GELI partition requires key files or not.

Since the GELIBOOT code in boot2 and the loader does not support keys, they will now only attempt to attach if this flag is set. This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process

PR:		208251
Reviewed by:	ed, oshogbo, wblock
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D5867

3 files changed, 35 insertions, 1 deletions

diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
index a2b4e6517ee4..912a5c5d841f 100644
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -1181,6 +1181,7 @@ g_eli_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp,
 		ADD_FLAG(G_ELI_FLAG_DESTROY, "DESTROY");
 		ADD_FLAG(G_ELI_FLAG_RO, "READ-ONLY");
 		ADD_FLAG(G_ELI_FLAG_NODELETE, "NODELETE");
+		ADD_FLAG(G_ELI_FLAG_GELIBOOT, "GELIBOOT");
 #undef  ADD_FLAG
 	}
 	sbuf_printf(sb, "</Flags>\n");
diff --git a/sys/geom/eli/g_eli.h b/sys/geom/eli/g_eli.h
index 3deb865c4af7..13e780762549 100644
--- a/sys/geom/eli/g_eli.h
+++ b/sys/geom/eli/g_eli.h
@@ -97,6 +97,8 @@
 #define	G_ELI_FLAG_RO			0x00000020
 /* Don't pass through BIO_DELETE requests. */
 #define	G_ELI_FLAG_NODELETE		0x00000040
+/* This GELI supports GELIBoot */
+#define	G_ELI_FLAG_GELIBOOT		0x00000080
 /* RUNTIME FLAGS. */
 /* Provider was open for writing. */
 #define	G_ELI_FLAG_WOPEN		0x00010000
diff --git a/sys/geom/eli/g_eli_ctl.c b/sys/geom/eli/g_eli_ctl.c
index 9de7ec3d55cb..89e9f0247ad9 100644
--- a/sys/geom/eli/g_eli_ctl.c
+++ b/sys/geom/eli/g_eli_ctl.c
@@ -376,7 +376,7 @@ g_eli_ctl_configure(struct gctl_req *req, struct g_class *mp)
 	char param[16];
 	const char *prov;
 	u_char *sector;
-	int *nargs, *boot, *noboot, *trim, *notrim;
+	int *nargs, *boot, *noboot, *trim, *notrim, *geliboot, *nogeliboot;
 	int zero, error, changed;
 	u_int i;
 
@@ -421,6 +421,19 @@ g_eli_ctl_configure(struct gctl_req *req, struct g_class *mp)
 	if (*trim || *notrim)
 		changed = 1;
 
+	geliboot = gctl_get_paraml(req, "geliboot", sizeof(*geliboot));
+	if (geliboot == NULL)
+		geliboot = &zero;
+	nogeliboot = gctl_get_paraml(req, "nogeliboot", sizeof(*nogeliboot));
+	if (nogeliboot == NULL)
+		nogeliboot = &zero;
+	if (*geliboot && *nogeliboot) {
+		gctl_error(req, "Options -g and -G are mutually exclusive.");
+		return;
+	}
+	if (*geliboot || *nogeliboot)
+		changed = 1;
+
 	if (!changed) {
 		gctl_error(req, "No option given.");
 		return;
@@ -469,6 +482,16 @@ g_eli_ctl_configure(struct gctl_req *req, struct g_class *mp)
 			continue;
 		}
 
+		if (*geliboot && (sc->sc_flags & G_ELI_FLAG_GELIBOOT)) {
+			G_ELI_DEBUG(1, "GELIBOOT flag already configured for %s.",
+			    prov);
+			continue;
+		} else if (*nogeliboot && !(sc->sc_flags & G_ELI_FLAG_GELIBOOT)) {
+			G_ELI_DEBUG(1, "GELIBOOT flag not configured for %s.",
+			    prov);
+			continue;
+		}
+
 		if (!(sc->sc_flags & G_ELI_FLAG_ONETIME)) {
 			/*
 			 * ONETIME providers don't write metadata to
@@ -504,6 +527,14 @@ g_eli_ctl_configure(struct gctl_req *req, struct g_class *mp)
 			sc->sc_flags &= ~G_ELI_FLAG_NODELETE;
 		}
 
+		if (*geliboot) {
+			md.md_flags |= G_ELI_FLAG_GELIBOOT;
+			sc->sc_flags |= G_ELI_FLAG_GELIBOOT;
+		} else if (*nogeliboot) {
+			md.md_flags &= ~G_ELI_FLAG_GELIBOOT;
+			sc->sc_flags &= ~G_ELI_FLAG_GELIBOOT;
+		}
+
 		if (sc->sc_flags & G_ELI_FLAG_ONETIME) {
 			/* There's no metadata on disk so we are done here. */
 			continue;