On Thu, Feb 08, 2024 at 01:29:46PM +0000, Stuart Henderson wrote:
> On 2024/02/08 11:07, Klemens Nanni wrote:
> > +		[pP]*)
> > +			while :; do
> > +				ask_password 'Passphrase for the root disk?'
> > +				[[ -n "$_password" ]] && break
> > +				echo 'The passphrase must be set.'
> > +			done
> > +			PASSFILE=/tmp/i/passfile
> > +			(umask 077 && print -r -- "$_password" >$PASSFILE)
> 
> This is fairly distasteful, OpenBSD usually goes out of its way to
> even wipe sensitive things like this even from memory in a single
> process after use.
> 
> If doing this, it might be better to only have this question for the
> autoinstall case (like how ask_root_sshd is done) and use the standard
> bioctl method for manual install.

If you mean 'New passphrase: ' interactively, but some question unattended,
than there'd be no way to discover the autoinstall(8) wording...

> >  	bioctl -Cforce -cC -l${_chunk}a $_args softraid0 >/dev/null
> > +	rm -f $PASSFILE
> 
> rm -fP perhaps?
> 
> But, do enough people really want autoinstall with FDE from a password
> fetched from a webserver to be worth doing this? It doesn't seem very
> sensible to me.

Unless I hear objections, I'll go ahead with my first diff (OK afresh1)
plus your -P suggestion.

Automate this at least helps testing and (k)eydisk does not have the problem
of relying on a secure network like (p)assphrase does.


Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
diff -u -p -r1.1258 install.sub
--- install.sub	26 Jan 2024 16:35:58 -0000	1.1258
+++ install.sub	10 Feb 2024 17:27:24 -0000
@@ -917,7 +917,7 @@ ask_password() {
 }
 
 # Ask for a passphrase once showing prompt $1. Ensure input is not empty
-# save it in $_passphrase.
+# and save it in $_passphrase.
 ask_passphrase() {
 	local _q=$1
 
@@ -3106,9 +3106,6 @@ encrypt_root() {
 
 	[[ $MDBOOTSR == y ]] || return
 
-	# The interactive bioctl(8) passphrase prompt requires a TTY.
-	$AI && return
-
 	[[ -x /sbin/bioctl ]] || return
 
 	# Do not even try if softraid is in use already,
@@ -3124,8 +3121,12 @@ encrypt_root() {
 			_args=-k$KEYDISK
 			break
 			;;
-		# Do nothing, bioctl(8) will handle the passphrase.
-		[pP]*)	break
+		[pP]*)  $AI || break
+			ask_passphrase 'New passphrase?'
+			PASSFILE=/tmp/i/passfile
+			(umask 077 && print -r -- "$_passphrase" >$PASSFILE)
+			_args=-p$PASSFILE
+			break
 			;;
 		[nN]*)	return
 			;;
@@ -3139,6 +3140,7 @@ encrypt_root() {
 	echo 'RAID *' | disklabel -w -A -T- $_chunk
 
 	bioctl -Cforce -cC -l${_chunk}a $_args softraid0 >/dev/null
+	rm -fP $PASSFILE
 
 	# No volumes existed before asking, but we just created one.
 	ROOTDISK=$(get_softraid_volumes)