>> The first is, I'd like a way to have it prompt for the key on the
>> console, directly from the kernel.  This would amount to
>> pkcs5_pbkdf2/sha1, except with only the salt, or perhaps even
>> nothing (see below) provided by cgdconfig; the kernel would prompt
>> for the user-input portion.
> So there'd be some way for a userland process (cgdconfig) to ask the
> kernel to issue a prompt and return the resulting string?  I dont'
> see that this gives any more security than eltting the userland
> process do it all.

Neither do I, possibly excepting some environment where knowing it came
from the console is actually of value (I can't think of an example
offhand, but one probably exists somewhere).  That's not the way I had
in mind.

> Or would you move more of cgdconfig into the kernel, so there's be
> some way for the userland part of cgdconfig to ask the kernel part of
> cgdconfig "here is a paramsfile; please issue a prompt and perform
> the real work of configuring the device"?

Loosely put, yes.  I wouldn't actually pass the paramsfile itself,
though; I'd do it by passing the kernel everything now passed to
configure a cgd, except that instead of passing the key, it just passes
the salt, plus something (a bit in ci_flags, maybe?) indicating that
the key is really just a salt and the kernel should prompt for the rest
and do the missing crunching to compute the final key.

> I would have no objection to this, and I can see how a prompt on the
> console in a colour reserved for kernel messages could give some warm
> feelings, but it doesn't really seem to be worth the effort.

On its own, perhaps not (though it does have a few benefits, as I
mentioned upthread).  But if you want to support root on cgd, it either
means the chroot-init dance outlined elsewhere upthread, or something
like this with the rest of the config hardwired (instead of passed from
cgdconfig).

>> The other is, I'd like a way to put root on cgd.  For my 1.4T+
>> version, this was something like
>> options 	ED0_ROOT="\"wd0f\""
> I would very much like to see an implementation of this idea.

As always, I dunno how the round tuit supply will be, but I'll see what
I can do.

Or, if you mean you'd like to see how I did it in 1.4T (where there was
nothing but the underlying device to configure once you were getting
the key from the console, because I supported only one encryption
algorithm, IV generation method, etc, and no salt), you can look at the
source.  It's on ftp.rodents.montreal.qc.ca in
/mouse/source-tree/postpatches/sys/dev/pseudo/ - you want the ed*
files, ed.c in particular.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B