From owner-freebsd-geom@FreeBSD.ORG  Fri Apr  7 22:27:39 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 78D2116A404
	for <freebsd-geom@freebsd.org>; Fri,  7 Apr 2006 22:27:39 +0000 (UTC)
	(envelope-from aswood@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 999AD43D55
	for <freebsd-geom@freebsd.org>; Fri,  7 Apr 2006 22:27:38 +0000 (GMT)
	(envelope-from aswood@gmail.com)
Received: by zproxy.gmail.com with SMTP id s1so483515nze
	for <freebsd-geom@freebsd.org>; Fri, 07 Apr 2006 15:27:38 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=bLJY9xa9Hx8H35pad0NNzIy3Xg8GCJ0Cd0QSfKy1KbsoYyYEVgm9a+cCHSNqQIeppwG7RWpylBQV/bfgo2sg/kKHvjqEiPmc8Zw4nb+ojbHGiYofPhNDFbh3NE1eAHKRce1vIEf7Es/Zmwm8Xg3YeHwllu7ZbSpguESQb/OVe7U=
Received: by 10.36.224.58 with SMTP id w58mr2326605nzg;
	Fri, 07 Apr 2006 15:27:38 -0700 (PDT)
Received: by 10.36.138.6 with HTTP; Fri, 7 Apr 2006 15:27:38 -0700 (PDT)
Message-ID: <77518d100604071527o8a53760u3dce7b318655e7a9@mail.gmail.com>
Date: Fri, 7 Apr 2006 17:27:38 -0500
From: "Adam Wood" <aswood@gmail.com>
To: "Pawel Jakub Dawidek" <pjd@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Cc: freebsd-geom@freebsd.org
Subject: geli not recognizing passphrase on boot (was: geli not prompting
	for password on boot)
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2006 22:27:39 -0000

Hello,

I have tried a new method using the 6.1-BETA4 ISO images.
Unfortunately, I am still not getting it to work properly. I am,
however, making slight progress, as it does ask for a passphrase at
boot.

It does not seem to recognize my passphrase, though.

Here's what I've done:

1. Booted with 6.1-BETA4 disc 1.
2. Launched Fixit with livefilesystem on CD.
3. Created symlink /dist/lib to /lib (ln -s /dist/lib /lib) and
/dist/boot/kernel to /boot/kernel (ln -s /dist/boot/kernel
/boot/kernel).
4. Loaded the geom_eli module (kldload geom_eli).
5. Initiated the geli device (geli init -b -s 4096 -l 256 /dev/ad0).
6. Attached the new geli device (geli attach /dev/ad0 -- works!).
7. Created bsdlabel on new, encrypted disk (bsdlabel -w /dev/ad0).
8. a. Set editor (export EDITOR=3D/dist/usr/bin/vi).
   b. Partitioned new disk manually (bsdlabel -e /dev/ad0).
9. Created new filesystems (newfs /dev/ad0.elia, newfs /dev/ad0.elid,
newfs /dev/ad0.elie, newfs /dev/ad0.elif).
10. Defined a mountpoint (mkdir /crypt).
11. Mounted encrypted partitions (mount /dev/ad0.elia /crypt, mount
/dev/ad0.elid /crypt/var, mount /dev/ad0.elie /crypt/tmp, mount
/dev/ad0.elif /crypt/usr).
12. Installed base system (cd /dist/6.1-BETA4/base && export
DESTDIR=3D/crypt && ./install.sh).
NOTE: This did not populate /crypt/boot/kernel/ for some reason, so I
copied /dist/boot/kernel/* to /crypt/boot/kernel/).
13. tar'ed up the boot directory (cd /crypt; tar -zcvpf
/crypt/boot.tgz boot) and transfered to separate system with cdrtools
(ln -s /dist/usr/bin /usr/bin; scp boot.tgz user@host:~/).
14. On other system, I created a new directory which contains the boot
directory I copied and also an etc directory with the fstab.
15. Edited boot/loader.conf and added geom_eli_load=3D"YES" and
kern.geom.eli.debug=3D1.
16. Ran mkisofs -b boot/bootcd -t /tmp/bootcd.iso /newdirectory_containingd=
irs.
17. Burned /tmp/bootcd.iso.
18. Rebooted with the new CD as boot device.

It prompts me for the passphrase for ad0, but when I supply it I just get:

GEOM_ELI[0]: Wrong key for ad0. Tries left: 2.

I know I'm typing it correctly, and if I boot back into the install
disc I can attach just fine. Can you think of anything that would be
causing this? Does the boot media need /lib? I don't think it does,
but perhaps I'm wrong.

For reference, here is the /etc/fstab on the media:

# Device                Mountpoint      FStype  Options         Dump    Pas=
s#
/dev/ad0.elib           none            swap    sw              0       0
/dev/ad0.elia           /               ufs     rw              1       1
/dev/ad0.elie           /tmp            ufs     rw              2       2
/dev/ad0.elif           /usr            ufs     rw              2       2
/dev/ad0.elid           /var            ufs     rw              2       2

Sincerely,

Adam Wood

On 4/6/06, Pawel Jakub Dawidek <pjd@freebsd.org> wrote:
> On Wed, Apr 05, 2006 at 08:33:55PM -0500, Adam Wood wrote:
> +> Hello,
> +>
> +> I've recently began researching GELI and disk-encryption altogether
> +> and have run into a problem.
> +>
> +> I've created a bootable media with the 6.0-RELEASE kernel with all the
> +> standard modules. It also has geom_eli_load=3D"YES" in loader.conf. I
> +> also have the following /etc/fstab in the boot media:
> +>
> +> # Device                Mountpoint      FStype  Options         Dump  =
  Pass#
> +> /dev/ad0.elib           none            swap    sw              0     =
  0
> +> /dev/ad0.elia           /               ufs     rw              1     =
  1
> +> /dev/ad0.elie           /tmp            ufs     rw              2     =
  2
> +> /dev/ad0.elif           /usr            ufs     rw              2     =
  2
> +> /dev/ad0.elid           /var            ufs     rw              2     =
  2
> +>
> +> I created /dev/ad0.eli via the following:
> +>
> +> geli init -b -l 256 /dev/ad0
> +>
> +> and the partitions:
> +>
> +> bsdlabel -w /dev/ad0.eli
> +> bsdlabel -e /dev/ad0.eli
> +>
> +> However, when I boot, I can see that geom_eli is loaded, but it does
> +> not ever ask me for the password. I believe that is the point of the
> +> -b argument I supplied to the geli init command.
> +>
> +> When I boot I am greeted with the following error:
> +>
> +> Trying to mount root from ufs:/dev/ad0.elia
> +>
> +> Manual root filesystem specification:
> +>  <fstype>:<device> Mount <device> using filesystem <fstype>
> +>                                  eg. ufs:da0s1a
> +> ?                           List valid disk boot devices
> +> <empty line>          Abort manual input
> +>
> +> mountroot>
> +>
> +> Any help you could provide would be much appreciated.
>
> Which FreeBSD version are you using? There could be a race in earlier
> versions where geli stops waiting for providers before they actually
> show up. You increase debug level to 1 by adding:
>
> kern.geom.eli.debug=3D1
>
> to the /boot/loader.conf and see when message "Tasting no more." is
> printed.
>
> This problem is fixed in 6-STABLE and will be also in 6.1-RELEASE.
>
> --
> Pawel Jakub Dawidek                       http://www.wheel.pl
> pjd@FreeBSD.org                           http://www.FreeBSD.org
> FreeBSD committer                         Am I Evil? Yes, I Am!
>
>
>