Project

General

Profile

Feature #28592

Automatically unlock SEDs during boot

Added by Josh Paetzel about 1 year ago. Updated 10 months ago.

Status:
Done
Priority:
Nice to have
Assignee:
William Grzybowski
Category:
Middleware
Target version:
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

This is the first pass for unlocking SED drives at boot using passwords that can be saved via the GUI.

The passwords are stored encrypted in the database and are obfuscated via the GUI and API, however anyone with access to the database and the encryption key can decrypt the passwords.

Second pass is giving FreeNAs the ability to talk to a keyserver to unlock SED drives, that pull request will come later.

There is one deficiency in this pull request, if a drive with a password is modified unless the password is entered again the password will be removed. I need to talk to William about the best way to fix that, as the paradigm for "keep the existing field if the to be saved field is blank" doesn't exist in FreeNAS yet to my knowledge. (There's places other than SEDs this could be used IMO)


Related issues

Copied to FreeNAS - Feature #28607: Add unlock SEDs at boot to new UIDone

History

#2 Updated by Dru Lavigne about 1 year ago

  • Target version set to 11.2-RC2

#3 Updated by Dru Lavigne about 1 year ago

  • Assignee changed from William Grzybowski to Alexander Motin

#4 Updated by Josh Paetzel about 1 year ago

commit 57062f4eee7d43e6b729fc19aa06e38405f32fd9 has the fix that I needed to talk to William about.

So this pull request should be good to go.

#5 Updated by William Grzybowski about 1 year ago

  • Category changed from OS to Middleware
  • Status changed from Not Started to Done
  • Assignee changed from Alexander Motin to William Grzybowski
  • Needs Merging changed from Yes to No

#6 Updated by Dru Lavigne about 1 year ago

#7 Updated by Dru Lavigne about 1 year ago

  • Target version changed from 11.2-RC2 to 11.2-BETA1

#8 Updated by Dru Lavigne about 1 year ago

  • Subject changed from Unlock SEDs at boot to Add ability to unlock SEDs during boot to Volumes -> View Disks

#9 Updated by Dru Lavigne 12 months ago

  • Status changed from Done to Ready for Testing

#10 Updated by Dru Lavigne 11 months ago

  • Severity set to New
  • Needs Doc changed from Yes to No

#11 Updated by Dru Lavigne 10 months ago

  • Status changed from Ready for Testing to Done
  • Needs QA changed from Yes to No

#12 Updated by Dru Lavigne 10 months ago

  • Subject changed from Add ability to unlock SEDs during boot to Volumes -> View Disks to Automatically unlock SEDs during boot

Also available in: Atom PDF