| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: cgdconfig.8,v 1.45 2020/06/23 13:20:14 nia Exp $ | | 1 | .\" $NetBSD: cgdconfig.8,v 1.46 2020/06/23 13:23:56 nia Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
7 | .\" by Roland C. Dowdeswell. | | 7 | .\" by Roland C. Dowdeswell. |
8 | .\" | | 8 | .\" |
9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
11 | .\" are met: | | 11 | .\" are met: |
12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -168,38 +168,37 @@ It is retained for backwards compatibili | | | @@ -168,38 +168,37 @@ It is retained for backwards compatibili |
168 | files, and will be removed. | | 168 | files, and will be removed. |
169 | Existing parameters files should be | | 169 | Existing parameters files should be |
170 | converted to use the correct method using the | | 170 | converted to use the correct method using the |
171 | .Fl G | | 171 | .Fl G |
172 | option, and a new passphrase. | | 172 | option, and a new passphrase. |
173 | .It storedkey | | 173 | .It storedkey |
174 | This method stores its key in the parameters file. | | 174 | This method stores its key in the parameters file. |
175 | .It randomkey | | 175 | .It randomkey |
176 | The method simply reads | | 176 | The method simply reads |
177 | .Pa /dev/random | | 177 | .Pa /dev/random |
178 | and uses the resulting bits as the key. | | 178 | and uses the resulting bits as the key. |
179 | It does not require a passphrase to be entered. | | 179 | It does not require a passphrase to be entered. |
180 | This method is typically used to present disk devices that do not | | 180 | This method is typically used to present disk devices that do not |
181 | need to survive a reboot, such as the swap partition. | | 181 | need to survive a reboot. |
182 | It is also handy to facilitate overwriting the contents of | | 182 | It is also handy to facilitate overwriting the contents of |
183 | a disk volume with meaningless data prior to use. | | 183 | a disk volume with meaningless data prior to use. |
184 | .It urandomkey | | 184 | .It urandomkey |
185 | The method simply reads | | 185 | The method simply reads |
186 | .Pa /dev/urandom | | 186 | .Pa /dev/urandom |
187 | and uses the resulting bits as the key. | | 187 | and uses the resulting bits as the key. |
188 | This is similar to the | | 188 | This is similar to the |
189 | .Pa randomkey | | 189 | .Pa randomkey |
190 | method, but it guarantees that cgdconfig will not stall waiting for 256 | | 190 | method, but it guarantees that cgdconfig will not stall waiting for 256 |
191 | bits of entropy from a hardware RNG or seed (useful when configuring a | | 191 | bits of entropy from a hardware RNG or seed. |
192 | cgd for swap at boot time). | | | |
193 | .It shell_cmd | | 192 | .It shell_cmd |
194 | This method executes a shell command via | | 193 | This method executes a shell command via |
195 | .Xr popen 3 | | 194 | .Xr popen 3 |
196 | and reads the key from stdout. | | 195 | and reads the key from stdout. |
197 | .El | | 196 | .El |
198 | .Ss Verification Method | | 197 | .Ss Verification Method |
199 | The verification method is how | | 198 | The verification method is how |
200 | .Nm | | 199 | .Nm |
201 | determines if the generated key is correct. | | 200 | determines if the generated key is correct. |
202 | If the newly configured disk fails to verify, then | | 201 | If the newly configured disk fails to verify, then |
203 | .Nm | | 202 | .Nm |
204 | will regenerate the key and re-configure the device. | | 203 | will regenerate the key and re-configure the device. |
205 | It only makes sense to specify a verification method if at least one of the | | 204 | It only makes sense to specify a verification method if at least one of the |