From eb2ef36995604f5d16d0762efbf7566e92462e56 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 25 Mar 2016 18:13:52 +0100 Subject: [PATCH] sys/boot: Don't request GELI passphrases for passphrase-less boot devices r296963 added support for GELI boot devices with passphrases and without keyfiles but the passphrase prompt was shown for all boot devices, including those that only required a keyfile, or that required both a keyfile and a passphrase. Attaching such devices (obviously) did not work and as a result r296963 broke unattended booting from these configurations. This commit suppresses the promt for passphrase-less boot devices but does not suppress it for boot devices that require both a passphrase and a keyfile as this currently can't be deduced from the GELI metadata. Probably a new GELI on-disk flag should be added to solve this. Obtained from: ElectroBSD PR: 208251 (not completely fixed, though) --- sys/boot/geli/geliboot.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sys/boot/geli/geliboot.c b/sys/boot/geli/geliboot.c index 6959ab8..a218fd9 100644 --- a/sys/boot/geli/geliboot.c +++ b/sys/boot/geli/geliboot.c @@ -94,6 +94,11 @@ geli_taste(int read_func(void *vdev, void *priv, off_t off, void *buf, /* Disk is not GELI boot device, skip it */ return (1); } + if (md.md_iterations < 0) { + /* Disk is GELI boot device without passphrase, skip it */ + return (1); + } + geli_e = malloc(sizeof(struct geli_entry)); if (geli_e == NULL) return (2); -- 2.7.4