From owner-freebsd-stable@FreeBSD.ORG Sun Jul 1 15:32:28 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 35BB8106564A for ; Sun, 1 Jul 2012 15:32:28 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.31.30]) by mx1.freebsd.org (Postfix) with ESMTP id BA51A8FC1E for ; Sun, 1 Jul 2012 15:32:27 +0000 (UTC) Received: from [78.35.140.111] (helo=fabiankeil.de) by smtprelay03.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1SlM6m-0006Eo-Hf; Sun, 01 Jul 2012 17:30:44 +0200 Date: Sun, 1 Jul 2012 17:29:29 +0200 From: Fabian Keil To: joerg_surmann Message-ID: <20120701172929.6229c5bf@fabiankeil.de> In-Reply-To: <4FF050C5.7050909@snafu.de> References: <20120620202807.66fdf248@fabiankeil.de> <70eb69bde16fba598b2701be9654624885f0936c@mein.snafu.de> <20120621122133.2fed5862@fabiankeil.de> <4FF050C5.7050909@snafu.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/TdwE2e1Cl15+ZX+Xv7NoH/n"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 Cc: freebsd-stable@freebsd.org Subject: Re: geli decrypt only one partition X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@freebsd.org List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 15:32:28 -0000 --Sig_/TdwE2e1Cl15+ZX+Xv7NoH/n Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable joerg_surmann wrote: > Sorry, i no had enough time for this geli problem. > I work with a testsystem. > When start booting in verbose mode the system found the keypaths. >=20 > Preloaded ada0p4:geli_keyfile0 "/root/keys/ada0p4.key" at 0xc14bf540. > Preloaded ada1p4:geli_keyfile1 "/root/keys/ada1p4.key" at 0xc14bf598. >=20 > loader.conf > geom_eli_load=3D"YES" >=20 > geli_ada0p4_keyfile0_load=3D"YES" > geli_ada0p4_keyfile0_type=3D"ada0p4:geli_keyfile0" > geli_ada0p4_keyfile0_name=3D"/root/keys/ada0p4.key" >=20 > geli_ada1p4_keyfile1_load=3D"YES" > geli_ada1p4_keyfile1_type=3D"ada1p4:geli_keyfile1" > geli_ada1p4_keyfile1_name=3D"/root/keys/ada1p4.key" >=20 > zfs_load=3D"YES" > vfs.root.mountfrom=3D"zfs:zroot" >=20 > on boottime i can decrypt ada0p4. > for ada1p4 ... wrong key. >=20 > i can decrypt ada1p4 later by hand with the keyfile like loader.conf. > same situation. > ada0p4 and ada1p4 are a zfs mirror. Like I already wrote before, the problem is most like that you named the first keyfile for the second provider keyfile1 instead of keyfile0. The keyfile numeration restarts for each provider and geli will not use keyfile1 if keyfile0 doesn't exist. I missed that the "Preloaded ..." messages are a bit misleading here as they only show that the loader lines are recognized and that the kernel read the files, not that geli does anything useful with them. If you increase kern.geom.eli.debug you'll probably see that /root/keys/ada0p4.key is used by geli while /root/keys/ada1p4.key isn't. Fabian --Sig_/TdwE2e1Cl15+ZX+Xv7NoH/n Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/wbNsACgkQBYqIVf93VJ2tRQCfU1nGG4Bkb/u7z5ItroDTH13E qKQAn28puowroIny4GiVkU/zZCYbshot =Owfr -----END PGP SIGNATURE----- --Sig_/TdwE2e1Cl15+ZX+Xv7NoH/n--