From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.bissa.eu ([176.10.215.156]) by ewsd; Tue Nov 12 18:51:47 EST 2019 Received: from [0.0.0.0] (unknown [185.220.101.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: petter9@bissa.eu) by smtp.bissa.eu (Postfix) with ESMTPSA id 74B49565FE5 for <9front@9front.org>; Wed, 13 Nov 2019 00:51:29 +0100 (CET) Subject: Re: [9front] Booting with encrypted partitions To: 9front@9front.org References: <2072D5F64C86C326359F41C953C1B7E6@felloff.net> From: petter9@bissa.eu Message-ID: Date: Wed, 13 Nov 2019 00:51:24 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <2072D5F64C86C326359F41C953C1B7E6@felloff.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=bissa.eu; s=170404; t=1573602696; bh=ZPRYHb+ZsWdDBKGJbKh8xqT9S0M=; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=Ie5n8Atk58XAlsReYfDSONfSacxCmS4tkCeUdOOi7uyTAyJ9eTBIvqedyE2MVhiOLNhKFeo1PvUYZMMqP2r99BKVXy2vXyFexMd6WNfoaAmOJQKkhXX0PeRkjaPsqWlHZeCgIyydUCZu71+zZNobqw2qB96vogm/s/VpfKh/Og8= Content-Transfer-Encoding: quoted-printable List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: plugin-based HTTP proxy standard Glad to see some interest! Just to be clear. My goal here was primarily=20 just to hack together something that scratches my itch, today. Thanks for pointing out the flaw with the empty test.=C2=A0 I actually ha= d it=20 there before, but it got lost retyping it after reinstalling.=C2=A0 (Yes,= my=20 process sucks.) Ori: I did consider briefly to make it work automatically for different=20 setups. Some quick thoughts that put me off: * What if new crypto programs are introduced. Which one to use. * What if someone has multiple plan9 installations on the same disk=20 and/or several disks. * Different filesystems may need different partitions decrypted.=20 Maintain a list? Update with new filesystems. * Different filesystems and multiple installations. * Should one decrypt before or after partition is selected. Felt a bit like a pandora's box to me.=C2=A0 (Could very well be i'm maki= ng=20 problems that aren't actually here obviously.=C2=A0 I don't know.) Having the user specify the decryption command themselves is the=20 simplest and cleanest solution i could think of, random unverified=20 concerns considered.=C2=A0 Not saying having it in plan9.ini like that is= the=20 right way to do it.=C2=A0 (But hey, step 1: get something that works;)) Cinap: Regarding having this in the main loop.=C2=A0 The scenario i had i= n=20 mind there was the user aborting the password input (DEL) to type in=20 some other partition in bootargs (multi-boot/usb).=C2=A0 And if that fail= s,=20 just start all over again. I'd be happy to help and experiment the next few days before i set this=20 computer to work.=C2=A0 I'll try moving it around. initcmd? -- Petter -- For the record. diff -r 8f9f3ee2eacf sys/src/9/boot/bootrc --- a/sys/src/9/boot/bootrc Mon Nov 11 13:35:47 2019 -0800 +++ b/sys/src/9/boot/bootrc Tue Nov 12 13:10:09 2019 +0100 @@ -65,6 +65,11 @@ mt=3D() =20 fn main{ + if(! ~ $#decryptfs 0) { + echo $decryptfs + eval $decryptfs + } + mp=3D() while(~ $#mp 0){ if(~ $#nobootprompt 0){ ---plan9.ini--- decryptfs=3Ddisk/cryptsetup -i /dev/sdE0/fsworm /dev/sdE0/fscache=20 /dev/sdE0/other nobootprompt=3Dlocal!/dev/fs/fscache mouseport=3Dps2 monitor=3Dx200 vgasize=3D1280x800x32 user=3Dp