NetBSD CGD Timeoutnavigate:backcounter

CGD Timeout

On boot, /etc/rc.d/cgd waits on the passphrase prompt (in my case for the home partition) and the whole bootup is blocked. Neither networking nor sshd are started at that time. Upon a power-failure, the system administrator might not be on site and the computer remains unaccessible.

Below patch introduces a timeout on waiting for the passphrase. Upon timeout, the boot sequence continues skipping the creation of the cryto device cgd. The timeout can be configured in /etc/rc.conf via

cgd_flags="-t 60"

Also, the crypto device cgd needs to be tagged with "opt" (for optional) as /etc/rc.d/fsck fails checking non-existent devices dropping into an emergency shell.

/dev/cgd0a      /home           ffs     rw,log,opt       1 2

With above configuration, the boot sequence continues after 60 seconds and networking and ssh will be set up soon after. The system administrator can now remotely access the machine and manually mount encrypted partitions.

Patch against /usr/src/ [raw]

Index: etc/defaults/rc.conf
===================================================================
RCS file: /cvsroot/src/etc/defaults/rc.conf,v
retrieving revision 1.151.2.1
diff -u -p -r1.151.2.1 rc.conf
--- etc/defaults/rc.conf	27 Sep 2019 09:18:38 -0000	1.151.2.1
+++ etc/defaults/rc.conf	8 Apr 2020 23:36:17 -0000
@@ -116,7 +116,7 @@ raidframe=YES
 
 # Crypto file system.
 #
-cgd=YES
+cgd=YES			cgd_flags=""
 
 # Logical Volume Manager
 #
Index: etc/rc.d/cgd
===================================================================
RCS file: /cvsroot/src/etc/rc.d/cgd,v
retrieving revision 1.8
diff -u -p -r1.8 cgd
--- etc/rc.d/cgd	1 Nov 2010 14:41:11 -0000	1.8
+++ etc/rc.d/cgd	8 Apr 2020 23:36:17 -0000
@@ -19,7 +19,7 @@ cgd_start()
 {
 	if [ -f /etc/cgd/cgd.conf ]; then
 		print_rc_normal "Configuring CGD devices."
-		cgdconfig -C
+		cgdconfig -C ${cgd_flags}
 	fi
 }
 
Index: include/mntopts.h
===================================================================
RCS file: /cvsroot/src/include/mntopts.h,v
retrieving revision 1.18
diff -u -p -r1.18 mntopts.h
--- include/mntopts.h	9 Jan 2018 03:31:12 -0000	1.18
+++ include/mntopts.h	8 Apr 2020 23:36:45 -0000
@@ -77,12 +77,14 @@ struct mntopt {
 /* This is parsed by mount(8), but is ignored by specific mount_*(8)s. */
 #define MOPT_AUTO		{ "auto",	0, 0, 0 }
 #define MOPT_RUMP		{ "rump",	0, 0, 0 }
+#define MOPT_OPT		{ "opt",	0, 0, 0 }
 #define MOPT_NULL		{ NULL,		0, 0, 0 }
 
 #define MOPT_FSTAB_COMPAT						\
 	MOPT_RO,							\
 	MOPT_RW,							\
-	MOPT_AUTO
+	MOPT_AUTO,							\
+	MOPT_OPT
 
 /* Standard options which all mounts can understand. */
 #define MOPT_STDOPTS							\
Index: sbin/cgdconfig/cgdconfig.8
===================================================================
RCS file: /cvsroot/src/sbin/cgdconfig/cgdconfig.8,v
retrieving revision 1.44
diff -u -p -r1.44 cgdconfig.8
--- sbin/cgdconfig/cgdconfig.8	29 Dec 2018 18:34:01 -0000	1.44
+++ sbin/cgdconfig/cgdconfig.8	8 Apr 2020 23:36:46 -0000
@@ -35,17 +35,20 @@
 .Nd configuration utility for the cryptographic disk driver
 .Sh SYNOPSIS
 .Nm
-.Op Fl enpv
+.Op Fl env
+.Op Fl p | Fl t Ar timeout
 .Op Fl V Ar vmeth
 .Ar cgd dev
 .Op Ar paramsfile
 .Nm
 .Fl C
-.Op Fl enpv
+.Op Fl env
+.Op Fl p | Fl t Ar timeout
 .Op Fl f Ar configfile
 .Nm
 .Fl G
-.Op Fl enpv
+.Op Fl env
+.Op Fl p | Fl t Ar timeout
 .Op Fl i Ar ivmeth
 .Op Fl k Ar kgmeth
 .Op Fl o Ar outfile
@@ -133,6 +136,8 @@ in question to be unconfigured rather th
 again.
 .It Fl s
 Read the key (nb: not the passphrase) from stdin.
+.It Fl t
+Timeout on reading the passphrase in seconds (default: 0 meaning no timeout).
 .It Fl U
 Unconfigure all the devices listed in the cgd configuration file.
 .It Fl u
Index: sbin/cgdconfig/cgdconfig.c
===================================================================
RCS file: /cvsroot/src/sbin/cgdconfig/cgdconfig.c,v
retrieving revision 1.50
diff -u -p -r1.50 cgdconfig.c
--- sbin/cgdconfig/cgdconfig.c	10 Apr 2019 06:11:37 -0000	1.50
+++ sbin/cgdconfig/cgdconfig.c	8 Apr 2020 23:36:46 -0000
@@ -83,6 +83,8 @@ enum action {
 	 ACTION_LIST			/* list configured devices */
 };
 
+int	timeout = 0;
+
 /* if nflag is set, do not configure/unconfigure the cgd's */
 
 int	nflag = 0;
@@ -203,7 +205,7 @@ main(int argc, char **argv)
 	p = params_new();
 	kg = NULL;
 
-	while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:spuv")) != -1)
+	while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:st:puv")) != -1)
 		switch (ch) {
 		case 'C':
 			set_action(&action, ACTION_CONFIGALL);
@@ -270,7 +272,9 @@ main(int argc, char **argv)
 		case 's':
 			set_action(&action, ACTION_CONFIGSTDIN);
 			break;
-
+		case 't':
+			timeout = atoi(optarg);
+			break;
 		case 'u':
 			set_action(&action, ACTION_UNCONFIGURE);
 			break;
@@ -387,12 +391,13 @@ maybe_getpass(char *prompt)
 
 	switch (pflag) {
 	case PFLAG_GETPASS:
-		p = getpass_r(prompt, buf, sizeof(buf));
+		p = getpassfd(prompt, buf, sizeof(buf), NULL,
+		    GETPASS_NEED_TTY, timeout);
 		break;
 
 	case PFLAG_GETPASS_ECHO:
 		p = getpassfd(prompt, buf, sizeof(buf), NULL,
-		    GETPASS_ECHO|GETPASS_ECHO_NL|GETPASS_NEED_TTY, 0);
+		    GETPASS_ECHO|GETPASS_ECHO_NL|GETPASS_NEED_TTY, timeout);
 		break;
 
 	case PFLAG_STDIN:
Index: sbin/fsck/fsck.c
===================================================================
RCS file: /cvsroot/src/sbin/fsck/fsck.c,v
retrieving revision 1.52
diff -u -p -r1.52 fsck.c
--- sbin/fsck/fsck.c	25 Oct 2014 22:00:19 -0000	1.52
+++ sbin/fsck/fsck.c	8 Apr 2020 23:36:46 -0000
@@ -246,6 +246,7 @@ main(int argc, char *argv[])
 static void *
 isok(struct fstab *fs)
 {
+	int fsreadfd;
 
 	if (fs->fs_passno == 0)
 		return NULL;
@@ -253,6 +254,17 @@ isok(struct fstab *fs)
 	if (BADTYPE(fs->fs_type))
 		return NULL;
 
+	if (strstr(fs->fs_mntops, "opt")) {
+		if ((fsreadfd = open(fs->fs_spec, O_RDONLY)) < 0) {
+			if (errno == ENXIO) {
+				printf("skipping unconfigured optional device %s\n",
+				       fs->fs_spec);
+				return NULL;
+			}
+		} else
+			close(fsreadfd);
+	}
+
 	if (!selected(fs->fs_vfstype))
 		return NULL;

Caveat

Once the system is up, some cron jobs may want to access the not yet mounted encrypted partition. They may want to check the availability of the partition first.

Contact

You are welcome to send me comments. Contact information is available on the main page.