man.bsd.lv manual page server

Manual Page Search Parameters

GSHSEC(8) System Manager's Manual GSHSEC(8)

gshseccontrol utility for shared secret devices

gshsec label [-hv] name prov prov ...

gshsec stop [-fv] name ...

gshsec clear [-v] prov ...

gshsec dump prov ...

gshsec list

gshsec status

gshsec load

gshsec unload

The gshsec utility is used for setting up a device which contains a shared secret. The secret is shared between the given providers. To collect the secret, all providers are needed. If one of the components is missing, there is no way to get any useful data from the rest of them. The first argument to gshsec indicates an action to be performed:
Set up a shared secret device from the given components with the specified name. Metadata are stored in the last sector of every component.
Turn off an existing shared secret device by its name. This command does not touch on-disk metadata!
Clear metadata on the given providers.
Dump metadata stored on the given providers.
See geom(8).
See geom(8).
See geom(8).
See geom(8).

Additional options:

Force the removal of the specified shared secret device.
Hardcode providers' names in metadata.
Be more verbose.

Exit status is 0 on success, and 1 if the command fails.

The following example shows how to create a shared secret device. The secret will be split between a slice on a local disk and a USB Pen drive.

gshsec label -v secret /dev/ada0s1 /dev/da0
newfs /dev/shsec/secret

From now on, when the USB Pen drive is inserted, it will be automatically detected and connected, making the secret available via the /dev/shsec/secret device.

geom(4), gbde(8), geom(8), newfs(8)

The gshsec utility appeared in FreeBSD 5.4.

Pawel Jakub Dawidek <pjd@FreeBSD.org>

October 1, 2013 FreeBSD-12.0