1.\" 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd October 1, 2013 29.Dt GSHSEC 8 30.Os 31.Sh NAME 32.Nm gshsec 33.Nd "control utility for shared secret devices" 34.Sh SYNOPSIS 35.Nm 36.Cm label 37.Op Fl hv 38.Ar name 39.Ar prov prov ... 40.Nm 41.Cm stop 42.Op Fl fv 43.Ar name ... 44.Nm 45.Cm clear 46.Op Fl v 47.Ar prov ... 48.Nm 49.Cm dump 50.Ar prov ... 51.Nm 52.Cm list 53.Nm 54.Cm status 55.Nm 56.Cm load 57.Nm 58.Cm unload 59.Sh DESCRIPTION 60The 61.Nm 62utility is used for setting up a device which contains a shared secret. 63The secret is shared between the given providers. 64To collect the secret, all providers are needed. 65If one of the components is missing, there is no way to get any useful data from 66the rest of them. 67The first argument to 68.Nm 69indicates an action to be performed: 70.Bl -tag -width indent 71.It Cm label 72Set up a shared secret device from the given components with the specified 73.Ar name . 74Metadata are stored in the last sector of every component. 75.It Cm stop 76Turn off an existing shared secret device by its 77.Ar name . 78This command does not touch on-disk metadata! 79.It Cm clear 80Clear metadata on the given providers. 81.It Cm dump 82Dump metadata stored on the given providers. 83.It Cm list 84See 85.Xr geom 8 . 86.It Cm status 87See 88.Xr geom 8 . 89.It Cm load 90See 91.Xr geom 8 . 92.It Cm unload 93See 94.Xr geom 8 . 95.El 96.Pp 97Additional options: 98.Bl -tag -width indent 99.It Fl f 100Force the removal of the specified shared secret device. 101.It Fl h 102Hardcode providers' names in metadata. 103.It Fl v 104Be more verbose. 105.El 106.Sh EXIT STATUS 107Exit status is 0 on success, and 1 if the command fails. 108.Sh EXAMPLES 109The following example shows how to create a shared secret device. 110The secret will be split between a slice on a local disk and a USB Pen drive. 111.Bd -literal -offset indent 112gshsec label -v secret /dev/ada0s1 /dev/da0 113newfs /dev/shsec/secret 114.Ed 115.Pp 116From now on, when the USB Pen drive is inserted, it will be automatically 117detected and connected, making the secret available via the 118.Pa /dev/shsec/secret 119device. 120.Sh SEE ALSO 121.Xr geom 4 , 122.Xr geom 8 , 123.Xr newfs 8 124.Sh HISTORY 125The 126.Nm 127utility appeared in 128.Fx 5.4 . 129.Sh AUTHORS 130.An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org 131