marry(HW)


marry -- marry driver

Description

The marry driver allows a regular file to be treated as a device. It does not drive any hardware directly, but it redirects reads and writes on its device to the associated regular file.

marry(ADM) uses the marry driver to associate a block special device file with a regular file. The regular file may then be accessed through the block device node or a character device node created below the /dev/marry directory.

Do not use the marry driver to swap to a file. The kernel allows swapping to a file without the marry driver. See swap(ADM) for more information.

The only permanent device file associated with the marry driver is /dev/rmarry, a character device node that allows control of the driver through ioctl(S) calls. The default permissions on this node are 777. If you change the permissions on /dev/rmarry, you should also edit /etc/conf/node.d/marry so that the new permissions take effect whenever the kernel environment is rebuilt.

Note: Although file permissions were the means used to restrict access to the marry driver in previous releases, the privilege mechanism should be used for that purpose.

Limitations

The marry driver should only be used through marry(ADM); this maintains the /dev/marry hierarchy of block device nodes.

Files


/etc/conf/pack.d/marry/Driver.o
the marry driver

/etc/conf/sdevice.d/marry
configures the marriage driver in (Y) or out (N) of the kernel

/etc/conf/node.d/marry
specifies permissions for /dev/rmarry when the kernel is rebuilt

/etc/conf/pack.d/marry/space.c
defines various tuneable parameters for the marry device. Two tuneable parameters (MryEnc_MMDDBA_StretchCnt_TUNE and MryEnc_MKSB_StretchCnt_TUNE) related to the marry encryption feature specify the number of iterations that a stretching process is applied to the keys (generated from the passphrase), that encrypt/decrypt the regular file's (i.e., regfile's) Encrypted State Information Area and User Data Area. Please refer to marry(ADM) for details.

The stretching process increases the keys entropy (i.e., randomness). MryEnc_MMDDBA_StretchCnt_TUNE refers to the key used for the Encrypted State Information Area. MryEnc_MKSB_StretchCnt_TUNE refers to the keys used for the User Data Area. Each key is individually stretched. The settable values range from zero to the maximum value representable by an unsigned 64 bit integer. The value of zero defines a predefined stretch count defined in /usr/include/sys/fs/marry.h. The default value is one; this effectively disables the key stretching.

Depending on the stretch count value(s) selected and the speed of the machine, stretching can have a significant impact on the time it takes to start up and initialize a marriage. The stretch count does not affect the performance once the marriage has been created.

Defining a stretch count that both meets the needs of the desired increase in the number of bits of entropy for the key and an acceptable start up and initialization time for the marriage on a given system will require experimentation. NOTE: Once a stretch count is defined on a regfile that is enabled with the marry encrypted feature for the first time, it remains at that value regardless of any subsequent change to the tuneables. It is therefore suggested to use a temporary regfile while determining the appropriate stretch count for the system.

An alternate or combined (i.e. with stretching) method to increase a key's entropy is to increase the length of the passphrase. The passphrase should be unpredictable as well. Approximately 128 bits of entropy can be realized from a 64 character passphrase.

In order for changes to the tuneable parameters to take effect, the marry driver must be unloaded, rebuilt, and reloaded.

It is recommended that you do not modify any of the other tuneables in the marry driver's space.c file.


/etc/conf/mdevice.d/marry
defines the major number of the block and character marry devices

/etc/conf/init.d/marry
removes all paths under /dev/marry and the /dev/marry time of system initialization.

/dev/rmarry
permanent character device node (minor 0) used by marry when adding, deleting, or listing marriages using ioctl.

/dev/marry/path
block device node (minor number 1 or greater) temporarily associated by the marry driver with the regular file path. It also creates a character node.

/usr/include/sys/fs/marry.h
header file for the marry driver and utility

References

marry(ADM), mount(ADM), mkfs(ADM), swap(ADM)
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 - 02 June 2005