Date: Sun, 1 Jul 2012 17:29:29 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: joerg_surmann <joerg_surmann@snafu.de> Cc: freebsd-stable@freebsd.org Subject: Re: geli decrypt only one partition Message-ID: <20120701172929.6229c5bf@fabiankeil.de> In-Reply-To: <4FF050C5.7050909@snafu.de> References: <20120620202807.66fdf248@fabiankeil.de> <70eb69bde16fba598b2701be9654624885f0936c@mein.snafu.de> <20120621122133.2fed5862@fabiankeil.de> <4FF050C5.7050909@snafu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/TdwE2e1Cl15+ZX+Xv7NoH/n Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable joerg_surmann <joerg_surmann@snafu.de> wrote: > Sorry, i no had enough time for this geli problem. > I work with a testsystem. > When start booting in verbose mode the system found the keypaths. >=20 > Preloaded ada0p4:geli_keyfile0 "/root/keys/ada0p4.key" at 0xc14bf540. > Preloaded ada1p4:geli_keyfile1 "/root/keys/ada1p4.key" at 0xc14bf598. >=20 > loader.conf > geom_eli_load=3D"YES" >=20 > geli_ada0p4_keyfile0_load=3D"YES" > geli_ada0p4_keyfile0_type=3D"ada0p4:geli_keyfile0" > geli_ada0p4_keyfile0_name=3D"/root/keys/ada0p4.key" >=20 > geli_ada1p4_keyfile1_load=3D"YES" > geli_ada1p4_keyfile1_type=3D"ada1p4:geli_keyfile1" > geli_ada1p4_keyfile1_name=3D"/root/keys/ada1p4.key" >=20 > zfs_load=3D"YES" > vfs.root.mountfrom=3D"zfs:zroot" >=20 > on boottime i can decrypt ada0p4. > for ada1p4 ... wrong key. >=20 > i can decrypt ada1p4 later by hand with the keyfile like loader.conf. > same situation. > ada0p4 and ada1p4 are a zfs mirror. Like I already wrote before, the problem is most like that you named the first keyfile for the second provider keyfile1 instead of keyfile0. The keyfile numeration restarts for each provider and geli will not use keyfile1 if keyfile0 doesn't exist. I missed that the "Preloaded ..." messages are a bit misleading here as they only show that the loader lines are recognized and that the kernel read the files, not that geli does anything useful with them. If you increase kern.geom.eli.debug you'll probably see that /root/keys/ada0p4.key is used by geli while /root/keys/ada1p4.key isn't. Fabian --Sig_/TdwE2e1Cl15+ZX+Xv7NoH/n Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/wbNsACgkQBYqIVf93VJ2tRQCfU1nGG4Bkb/u7z5ItroDTH13E qKQAn28puowroIny4GiVkU/zZCYbshot =Owfr -----END PGP SIGNATURE----- --Sig_/TdwE2e1Cl15+ZX+Xv7NoH/n--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120701172929.6229c5bf>