| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | .\" $NetBSD: cgdconfig.8,v 1.44 2018/12/29 18:34:01 wiz Exp $ | | 1 | .\" $NetBSD: cgdconfig.8,v 1.45 2020/06/23 13:20:14 nia Exp $ |
| 2 | .\" | | 2 | .\" |
| 3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. |
| 4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
| 5 | .\" | | 5 | .\" |
| 6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
| 7 | .\" by Roland C. Dowdeswell. | | 7 | .\" by Roland C. Dowdeswell. |
| 8 | .\" | | 8 | .\" |
| 9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
| 10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
| 11 | .\" are met: | | 11 | .\" are met: |
| 12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
| 13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
| 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -17,27 +17,27 @@ | | | @@ -17,27 +17,27 @@ |
| 17 | .\" | | 17 | .\" |
| 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
| 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
| 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
| 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 28 | .\" POSSIBILITY OF SUCH DAMAGE. | | 28 | .\" POSSIBILITY OF SUCH DAMAGE. |
| 29 | .\" | | 29 | .\" |
| 30 | .Dd December 27, 2018 | | 30 | .Dd June 23, 2020 |
| 31 | .Dt CGDCONFIG 8 | | 31 | .Dt CGDCONFIG 8 |
| 32 | .Os | | 32 | .Os |
| 33 | .Sh NAME | | 33 | .Sh NAME |
| 34 | .Nm cgdconfig | | 34 | .Nm cgdconfig |
| 35 | .Nd configuration utility for the cryptographic disk driver | | 35 | .Nd configuration utility for the cryptographic disk driver |
| 36 | .Sh SYNOPSIS | | 36 | .Sh SYNOPSIS |
| 37 | .Nm | | 37 | .Nm |
| 38 | .Op Fl enpv | | 38 | .Op Fl enpv |
| 39 | .Op Fl V Ar vmeth | | 39 | .Op Fl V Ar vmeth |
| 40 | .Ar cgd dev | | 40 | .Ar cgd dev |
| 41 | .Op Ar paramsfile | | 41 | .Op Ar paramsfile |
| 42 | .Nm | | 42 | .Nm |
| 43 | .Fl C | | 43 | .Fl C |
| @@ -177,32 +177,29 @@ The method simply reads | | | @@ -177,32 +177,29 @@ The method simply reads |
| 177 | .Pa /dev/random | | 177 | .Pa /dev/random |
| 178 | and uses the resulting bits as the key. | | 178 | and uses the resulting bits as the key. |
| 179 | It does not require a passphrase to be entered. | | 179 | It does not require a passphrase to be entered. |
| 180 | This method is typically used to present disk devices that do not | | 180 | This method is typically used to present disk devices that do not |
| 181 | need to survive a reboot, such as the swap partition. | | 181 | need to survive a reboot, such as the swap partition. |
| 182 | It is also handy to facilitate overwriting the contents of | | 182 | It is also handy to facilitate overwriting the contents of |
| 183 | a disk volume with meaningless data prior to use. | | 183 | a disk volume with meaningless data prior to use. |
| 184 | .It urandomkey | | 184 | .It urandomkey |
| 185 | The method simply reads | | 185 | The method simply reads |
| 186 | .Pa /dev/urandom | | 186 | .Pa /dev/urandom |
| 187 | and uses the resulting bits as the key. | | 187 | and uses the resulting bits as the key. |
| 188 | This is similar to the | | 188 | This is similar to the |
| 189 | .Pa randomkey | | 189 | .Pa randomkey |
| 190 | method, but it guarantees that cgdconfig will not stall waiting for | | 190 | method, but it guarantees that cgdconfig will not stall waiting for 256 |
| 191 | hard-random bits (useful when configuring a cgd for swap at boot time). | | 191 | bits of entropy from a hardware RNG or seed (useful when configuring a |
| 192 | Note, however, that some or all of the bits used to generate the | | 192 | cgd for swap at boot time). |
| 193 | key may be obtained from a pseudo-random number generator, | | | |
| 194 | which may not be as secure as the entropy based hard-random | | | |
| 195 | number generator. | | | |
| 196 | .It shell_cmd | | 193 | .It shell_cmd |
| 197 | This method executes a shell command via | | 194 | This method executes a shell command via |
| 198 | .Xr popen 3 | | 195 | .Xr popen 3 |
| 199 | and reads the key from stdout. | | 196 | and reads the key from stdout. |
| 200 | .El | | 197 | .El |
| 201 | .Ss Verification Method | | 198 | .Ss Verification Method |
| 202 | The verification method is how | | 199 | The verification method is how |
| 203 | .Nm | | 200 | .Nm |
| 204 | determines if the generated key is correct. | | 201 | determines if the generated key is correct. |
| 205 | If the newly configured disk fails to verify, then | | 202 | If the newly configured disk fails to verify, then |
| 206 | .Nm | | 203 | .Nm |
| 207 | will regenerate the key and re-configure the device. | | 204 | will regenerate the key and re-configure the device. |
| 208 | It only makes sense to specify a verification method if at least one of the | | 205 | It only makes sense to specify a verification method if at least one of the |