| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: cgdconfig.8,v 1.44 2018/12/29 18:34:01 wiz Exp $ | | 1 | .\" $NetBSD: cgdconfig.8,v 1.45 2020/06/23 13:20:14 nia Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
7 | .\" by Roland C. Dowdeswell. | | 7 | .\" by Roland C. Dowdeswell. |
8 | .\" | | 8 | .\" |
9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
11 | .\" are met: | | 11 | .\" are met: |
12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -17,27 +17,27 @@ | | | @@ -17,27 +17,27 @@ |
17 | .\" | | 17 | .\" |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | | 28 | .\" POSSIBILITY OF SUCH DAMAGE. |
29 | .\" | | 29 | .\" |
30 | .Dd December 27, 2018 | | 30 | .Dd June 23, 2020 |
31 | .Dt CGDCONFIG 8 | | 31 | .Dt CGDCONFIG 8 |
32 | .Os | | 32 | .Os |
33 | .Sh NAME | | 33 | .Sh NAME |
34 | .Nm cgdconfig | | 34 | .Nm cgdconfig |
35 | .Nd configuration utility for the cryptographic disk driver | | 35 | .Nd configuration utility for the cryptographic disk driver |
36 | .Sh SYNOPSIS | | 36 | .Sh SYNOPSIS |
37 | .Nm | | 37 | .Nm |
38 | .Op Fl enpv | | 38 | .Op Fl enpv |
39 | .Op Fl V Ar vmeth | | 39 | .Op Fl V Ar vmeth |
40 | .Ar cgd dev | | 40 | .Ar cgd dev |
41 | .Op Ar paramsfile | | 41 | .Op Ar paramsfile |
42 | .Nm | | 42 | .Nm |
43 | .Fl C | | 43 | .Fl C |
| @@ -177,32 +177,29 @@ The method simply reads | | | @@ -177,32 +177,29 @@ The method simply reads |
177 | .Pa /dev/random | | 177 | .Pa /dev/random |
178 | and uses the resulting bits as the key. | | 178 | and uses the resulting bits as the key. |
179 | It does not require a passphrase to be entered. | | 179 | It does not require a passphrase to be entered. |
180 | This method is typically used to present disk devices that do not | | 180 | This method is typically used to present disk devices that do not |
181 | need to survive a reboot, such as the swap partition. | | 181 | need to survive a reboot, such as the swap partition. |
182 | It is also handy to facilitate overwriting the contents of | | 182 | It is also handy to facilitate overwriting the contents of |
183 | a disk volume with meaningless data prior to use. | | 183 | a disk volume with meaningless data prior to use. |
184 | .It urandomkey | | 184 | .It urandomkey |
185 | The method simply reads | | 185 | The method simply reads |
186 | .Pa /dev/urandom | | 186 | .Pa /dev/urandom |
187 | and uses the resulting bits as the key. | | 187 | and uses the resulting bits as the key. |
188 | This is similar to the | | 188 | This is similar to the |
189 | .Pa randomkey | | 189 | .Pa randomkey |
190 | method, but it guarantees that cgdconfig will not stall waiting for | | 190 | method, but it guarantees that cgdconfig will not stall waiting for 256 |
191 | hard-random bits (useful when configuring a cgd for swap at boot time). | | 191 | bits of entropy from a hardware RNG or seed (useful when configuring a |
192 | Note, however, that some or all of the bits used to generate the | | 192 | cgd for swap at boot time). |
193 | key may be obtained from a pseudo-random number generator, | | | |
194 | which may not be as secure as the entropy based hard-random | | | |
195 | number generator. | | | |
196 | .It shell_cmd | | 193 | .It shell_cmd |
197 | This method executes a shell command via | | 194 | This method executes a shell command via |
198 | .Xr popen 3 | | 195 | .Xr popen 3 |
199 | and reads the key from stdout. | | 196 | and reads the key from stdout. |
200 | .El | | 197 | .El |
201 | .Ss Verification Method | | 198 | .Ss Verification Method |
202 | The verification method is how | | 199 | The verification method is how |
203 | .Nm | | 200 | .Nm |
204 | determines if the generated key is correct. | | 201 | determines if the generated key is correct. |
205 | If the newly configured disk fails to verify, then | | 202 | If the newly configured disk fails to verify, then |
206 | .Nm | | 203 | .Nm |
207 | will regenerate the key and re-configure the device. | | 204 | will regenerate the key and re-configure the device. |
208 | It only makes sense to specify a verification method if at least one of the | | 205 | It only makes sense to specify a verification method if at least one of the |