zfs crypto discuss - Mar 2008 - [Bug 672] New: Explicit zpool key -l needed during boot

http://defect.opensolaris.org/bz/show_bug.cgi?id=672

           Summary: Explicit zpool key -l needed during boot
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: other
        AssignedTo: ajscarp at yahoo.com
        ReportedBy: darrenm at opensolaris.org
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


One of the early (likely svc:/system/device/local) SMF services needs to
perform an explicit zpool key -l.  If we don''t do this then encrypted
ZVOLs
being used for swap won''t be available when svc:/system/devices/local
runs
/sbin/swapadd.

Since this will be happening under SMF there is no stdin (it is /dev/null) so
the passphrase/key prompting code needs to recognize this and not attempt to
prompt for keys/passphrases for those datasets.

Recognizing this should not be done by testing for a tty since that means we
then can''t have layered script do stuff like:
           /opt/local/passphrasetool tank | zpool key -l tank

We should allow for that without requring people to fake up a tty - after all
it is for cases like the above that we explicitly allow prompting for
"raw" and
"hex".

Since the issue is really "under SMF" so no way to interact with the
user the
prompting code in libzfs (or maybe in zpool itself) should test for the
appropriate $SMF_FMRI.  Note that it should test for the actual service not
just that $SMF_FMRI is set because the above scripted example could be in some
locally provided or layered software SMF method.

In pseudo code the prompt algorithm looks a little like this:

    zpool_get_prop(zhp, ZPOOL_PROP_KEYSOURCE, &keysource)
    if keysource_is_prompt(keysource) then
         smf_fmri = getenv("SMF_FMRI")
         if smf_fmri != ZPOOL_KEY_SMF_SERVICE then
                getpassphrase(prompt)
         fi
    fi

We need to choose the appropriate early boot SMF service since
svc:/system/device/local may not be it.  One possibility is creating
a new SMF service explicitly for running ''zpool key -l''. 
I''d rather avoid
that if possible.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=672





--- Comment #1 from Darren J Moffat <darrenm at opensolaris.org> 
2008-03-13 05:43:56 ---
For now so some encrypted ZVOL testing can be done more easily I''m
putting an
explicit ''zpool key -l'' into the devices/local start method
before volumes are
started up.  Note that this is NOT the full fix as outlined in my  2008-03-03
submission.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=672


ajscarp at yahoo.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #2 from ajscarp at yahoo.com  2008-04-09 10:36:19 ---
integrated on 2008-4-9

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.