Multi-purpose function that can protect the interactive boot menu,
prevent boot without password, or prompt for geli(8) passphrase
(depending on loader.conf 5 settings).
First checks bootlock_password and if-set, the user cannot continue until the correct password is entered.
Next, checks geom_eli_passphrase_prompt and if set to YES (case-insensitive) prompts the user to enter their GELI password for later mounting of the root device(s) during boot.
Last, checks password and if-set, tries to autoboot and only prompts for password on failure or user-interrupt. See loader.conf(5) for additional information.
The environment variables that effect its behavior are:
|Sets the bootlock password (up to 16 characters long) that is required by check-password to be entered before the system is allowed to boot.|
|Selects whether loader(8) will prompt for GELI credentials, handing-off to the kernel for later mounting of geli(8) encrypted root device(s).|
|password||Sets the password (up to 16 characters long) that is required by check-password before the user is allowed to visit the boot menu.|
/boot/loader The loader(8). /boot/check-password.4th check-password.4th itself. /boot/loader.rc loader(8) bootstrapping script.
Standard i386 /boot/loader.rc:
include /boot/loader.4th check-password
Set a password in loader.conf(5) to prevent modification of boot options:
Set a password in loader.conf(5) to prevent booting without password:
loader.conf(5), loader(8), loader.4th(8)
The check-password.4th set of commands first appeared in
.Fx 9.0 .
The check-password.4th set of commands was written by
.An Devin Teske Aq dteske@FreeBSD.org .