tech-kern: Re: cgd root [was Re: enabling cgd by default]

Subject: Re: cgd root [was Re: enabling cgd by default]
To: None <tech-kern@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 08/08/2007 15:49:26

>> The first is, I'd like a way to have it prompt for the key on the
>> console, directly from the kernel.
> In this case, I would guess that you'd want to hard-code the salt
> into the kernel config file.

For use with the root-on-cgd config option, possibly.  For
cgdconfig-driven use, it would also make sense for cgdconfig to supply
the salt.

For my own purposes, it doesn't much matter; my own implementation, to
put it in analogous terms, didn't use salts at all, which amounts to
used a fixed salt in most respects.

> Where does the kernel go if the boot disk contains no readable
> filesystem before cgd configuration?  Are you planning on having a
> small filesystem that contains just the kernel, and have the root
> filesystem mounted afterwards?

Yes.  I do that already for some of my machines - I have a tiny
filesystem (usually mounted on something like /kernels) that contains
bootblocks and kernels and nothing else.  The kernels in question are
built with explicit "config netbsd root on ..." configuration.

>> Thoughts?  Any interest in seeing these in NetBSD's cgd?
> I think it's a reasonable enhancement and I'd certainly make use of
> the feature if it was available. Actually implementing the feature
> with the same simplicity and elegance that cgd has currently might be
> a bit tricky, however; I'd be interested to hear more about your
> earlier implementation.

Well, you're welcome to a copy of the code.  If you have questions,
either before or after looking at the code, I'll be happy to answer
them.

ftp.rodents.montreal.qc.ca:/mouse/source-tree/postpatches/sys/dev/pseudo/

You want the ed* files in particular.  (My implementation attaches with
"attach ed at pseudo", where "pseudo" is a child of mainbus; I (thought
I) needed a struct device for ed disks, and this looked like the
cleanest way to get one.  I've never understood why pseudo-devices
weren't done that way all along, actually....)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B