Hello, I've been working on a series of changes designed to expand FreeBSD's full-disk encryption support via GELI (its preferred disk encryption mechanism). One of the important parts of this landed in HEAD last night:
https://github.com/freebsd/freebsd/commit/6a205a32527153697eb4df4114ff0cd3c7cd6fd8 This adds a general mechanism for passing keys into the FreeBSD kernel at boot. At present, this is used exclusively by the GELI subsystem. FreeBSD currently supports full-disk encryption for i386 BIOS. I am actively working on EFI support and would like to make sure that GRUB also supports full-disk encryption as well (as GRUB is our best option for a coreboot setup). Basically, to add support for this, I'd need to do two things: 1) Ensure that GRUB can handle an entirely GELI-encrypted disk hosting a FreeBSD system (I suspect it can, but I've never done a GRUB/GELI setup before) 2) An additional metadata item needs to get generated when booting the FreeBSD kernel that contains all the GELI keys. (For those who don't know, FreeBSD has a kernel metadata mechanism that is used to pass some information into the kernel: for example, the EFI console on EFI, some BIOS information on i386 BIOS, and so on) I've never submitted a patch to GRUB before, so I'm interested in 1) how hard would this be, 2) where should I look in the source code, and 3) what is the procedure for submitting patches like this? Best, Eric
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
