Automatically unlock SEDs during boot
This is the first pass for unlocking SED drives at boot using passwords that can be saved via the GUI.
The passwords are stored encrypted in the database and are obfuscated via the GUI and API, however anyone with access to the database and the encryption key can decrypt the passwords.
Second pass is giving FreeNAs the ability to talk to a keyserver to unlock SED drives, that pull request will come later.
There is one deficiency in this pull request, if a drive with a password is modified unless the password is entered again the password will be removed. I need to talk to William about the best way to fix that, as the paradigm for "keep the existing field if the to be saved field is blank" doesn't exist in FreeNAS yet to my knowledge. (There's places other than SEDs this could be used IMO)
- Target version set to 11.2-RC2
- Assignee changed from William Grzybowski to Alexander Motin
commit 57062f4eee7d43e6b729fc19aa06e38405f32fd9 has the fix that I needed to talk to William about.
So this pull request should be good to go.
Updated by William Grzybowski about 2 years ago
- Category changed from OS to Middleware
- Status changed from Not Started to Done
- Assignee changed from Alexander Motin to William Grzybowski
- Needs Merging changed from Yes to No
- Target version changed from 11.2-RC2 to 11.2-BETA1
- Subject changed from Unlock SEDs at boot to Add ability to unlock SEDs during boot to Volumes -> View Disks
- Status changed from Done to Ready for Testing
- Severity set to New
- Needs Doc changed from Yes to No
- Status changed from Ready for Testing to Done
- Needs QA changed from Yes to No
- Subject changed from Add ability to unlock SEDs during boot to Volumes -> View Disks to Automatically unlock SEDs during boot
Also available in: Atom