| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | .\" $NetBSD: cgdconfig.8,v 1.45 2020/06/23 13:20:14 nia Exp $ | | 1 | .\" $NetBSD: cgdconfig.8,v 1.46 2020/06/23 13:23:56 nia Exp $ |
| 2 | .\" | | 2 | .\" |
| 3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2002, The NetBSD Foundation, Inc. |
| 4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
| 5 | .\" | | 5 | .\" |
| 6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
| 7 | .\" by Roland C. Dowdeswell. | | 7 | .\" by Roland C. Dowdeswell. |
| 8 | .\" | | 8 | .\" |
| 9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
| 10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
| 11 | .\" are met: | | 11 | .\" are met: |
| 12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
| 13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
| 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -168,38 +168,37 @@ It is retained for backwards compatibili | | | @@ -168,38 +168,37 @@ It is retained for backwards compatibili |
| 168 | files, and will be removed. | | 168 | files, and will be removed. |
| 169 | Existing parameters files should be | | 169 | Existing parameters files should be |
| 170 | converted to use the correct method using the | | 170 | converted to use the correct method using the |
| 171 | .Fl G | | 171 | .Fl G |
| 172 | option, and a new passphrase. | | 172 | option, and a new passphrase. |
| 173 | .It storedkey | | 173 | .It storedkey |
| 174 | This method stores its key in the parameters file. | | 174 | This method stores its key in the parameters file. |
| 175 | .It randomkey | | 175 | .It randomkey |
| 176 | The method simply reads | | 176 | The method simply reads |
| 177 | .Pa /dev/random | | 177 | .Pa /dev/random |
| 178 | and uses the resulting bits as the key. | | 178 | and uses the resulting bits as the key. |
| 179 | It does not require a passphrase to be entered. | | 179 | It does not require a passphrase to be entered. |
| 180 | This method is typically used to present disk devices that do not | | 180 | This method is typically used to present disk devices that do not |
| 181 | need to survive a reboot, such as the swap partition. | | 181 | need to survive a reboot. |
| 182 | It is also handy to facilitate overwriting the contents of | | 182 | It is also handy to facilitate overwriting the contents of |
| 183 | a disk volume with meaningless data prior to use. | | 183 | a disk volume with meaningless data prior to use. |
| 184 | .It urandomkey | | 184 | .It urandomkey |
| 185 | The method simply reads | | 185 | The method simply reads |
| 186 | .Pa /dev/urandom | | 186 | .Pa /dev/urandom |
| 187 | and uses the resulting bits as the key. | | 187 | and uses the resulting bits as the key. |
| 188 | This is similar to the | | 188 | This is similar to the |
| 189 | .Pa randomkey | | 189 | .Pa randomkey |
| 190 | method, but it guarantees that cgdconfig will not stall waiting for 256 | | 190 | method, but it guarantees that cgdconfig will not stall waiting for 256 |
| 191 | bits of entropy from a hardware RNG or seed (useful when configuring a | | 191 | bits of entropy from a hardware RNG or seed. |
| 192 | cgd for swap at boot time). | | | |
| 193 | .It shell_cmd | | 192 | .It shell_cmd |
| 194 | This method executes a shell command via | | 193 | This method executes a shell command via |
| 195 | .Xr popen 3 | | 194 | .Xr popen 3 |
| 196 | and reads the key from stdout. | | 195 | and reads the key from stdout. |
| 197 | .El | | 196 | .El |
| 198 | .Ss Verification Method | | 197 | .Ss Verification Method |
| 199 | The verification method is how | | 198 | The verification method is how |
| 200 | .Nm | | 199 | .Nm |
| 201 | determines if the generated key is correct. | | 200 | determines if the generated key is correct. |
| 202 | If the newly configured disk fails to verify, then | | 201 | If the newly configured disk fails to verify, then |
| 203 | .Nm | | 202 | .Nm |
| 204 | will regenerate the key and re-configure the device. | | 203 | will regenerate the key and re-configure the device. |
| 205 | It only makes sense to specify a verification method if at least one of the | | 204 | It only makes sense to specify a verification method if at least one of the |