Date: Sun, 01 Jul 2012 18:35:28 +0200 From: Joerg Surmann <joerg_surmann@snafu.de> To: freebsd-stable@freebsd.org Subject: Re: geli decrypt only one partition Message-ID: <4FF07C50.3020606@snafu.de> In-Reply-To: <20120701172929.6229c5bf@fabiankeil.de> References: <20120620202807.66fdf248@fabiankeil.de> <70eb69bde16fba598b2701be9654624885f0936c@mein.snafu.de> <20120621122133.2fed5862@fabiankeil.de> <4FF050C5.7050909@snafu.de> <20120701172929.6229c5bf@fabiankeil.de>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ok. i understand. ada1p4 is keyfile0 for the provider. that works. thanks and best regards. suri Am 01.07.12 17:29, schrieb Fabian Keil: > joerg_surmann <joerg_surmann@snafu.de> wrote: > >> Sorry, i no had enough time for this geli problem. I work with a >> testsystem. When start booting in verbose mode the system found >> the keypaths. >> >> Preloaded ada0p4:geli_keyfile0 "/root/keys/ada0p4.key" at >> 0xc14bf540. Preloaded ada1p4:geli_keyfile1 >> "/root/keys/ada1p4.key" at 0xc14bf598. >> >> loader.conf geom_eli_load="YES" >> >> geli_ada0p4_keyfile0_load="YES" >> geli_ada0p4_keyfile0_type="ada0p4:geli_keyfile0" >> geli_ada0p4_keyfile0_name="/root/keys/ada0p4.key" >> >> geli_ada1p4_keyfile1_load="YES" >> geli_ada1p4_keyfile1_type="ada1p4:geli_keyfile1" >> geli_ada1p4_keyfile1_name="/root/keys/ada1p4.key" >> >> zfs_load="YES" vfs.root.mountfrom="zfs:zroot" >> >> on boottime i can decrypt ada0p4. for ada1p4 ... wrong key. >> >> i can decrypt ada1p4 later by hand with the keyfile like >> loader.conf. same situation. ada0p4 and ada1p4 are a zfs mirror. > > Like I already wrote before, the problem is most like that you > named the first keyfile for the second provider keyfile1 instead of > keyfile0. > > The keyfile numeration restarts for each provider and geli will not > use keyfile1 if keyfile0 doesn't exist. > > I missed that the "Preloaded ..." messages are a bit misleading > here as they only show that the loader lines are recognized and > that the kernel read the files, not that geli does anything useful > with them. > > If you increase kern.geom.eli.debug you'll probably see that > /root/keys/ada0p4.key is used by geli while /root/keys/ada1p4.key > isn't. > > Fabian > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP8HxOAAoJEDyDkpKh+9pTQTwQAKOY0nPX55S5WKz1+2YC8Ggx h1dk1R2qGOe5LSUYjIa35HTwI4HXyXf2FTSTv4o+1rxQnmx3S99thTa5Z2qB1FlY mA7o/8s2H4VUrtHV4SinwkSXJ/6qQzoLGOgxRg5q90oZgoxMYi/U5MKn2iHs9mmG kpEU7v2BG4dcxvq6/EDOQiaYD/EHH38fx9ftD8iNaF/0ceo2KBl9OLUA07ixcD8P NRHDOKudhNTy29hJMPDsJT59nXrc7VNkFiVauyh/KMAMmbcC1JTSiLVPlztawIQF HW/JEZoslZaBGY3eefEsm2UXOPwRR2+dHHUr/0vbCZuBIbaPx8+LWDKPpXQFqf8H vTM2bmrTMZQHLtjn+kDRKOH6O4UJchcYEL1EszmL+fsEC2nxoBTOVPkQQ20IKa7w zXD23fgYWMuFKNils/OwRe5myQz2dKmxtbXo11krI5RbiEdlVtzNniTKvP4zTI6C czDmIHn+Ww2FK7u4XfgpLz1o9fBV9TYgIjM6NNwqQtoZlNOC5HS3+JbiIcVciQw4 vR57OPAs/V2lg31KzTeGF74KkBHisZTzvWB1YG9iiEe07EyUouAcHbqxso45I8v5 rmDs1V+9uNJQT7hxVffgG8FHYLjmgEVVCEnBy/adiuXjLRWtbmW3qqXLYuO7jkzd qsKC15hcfAK/1DFC5RhJ =l+YB -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF07C50.3020606>