Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 30 Jul 2007 16:56:32 +0200
From:      Rolf G Nielsen <>
To:        Reid Linnemann <>
Subject:   Re: ELI passphrase on boot with USB keyboard
Message-ID:  <>
In-Reply-To: <>
References:  <>	<>	<>	<> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is a multi-part message in MIME format.
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Reid Linnemann wrote:
> Written by Rolf G Nielsen on 07/27/07 16:37>>
>> Reid Linnemann wrote:
>>> Written by Reid Linnemann on 07/27/07 15:49>>
>>>> Written by Rolf G Nielsen on 07/27/07 15:21>>
>>>>> Hi,
>>>>> I recently purchased a new USB keyboard, since my old PS/2 one has =

>>>>> seen its best days. This has caused me annoying problems with my=20
>>>>> ELI disks, though.
>>>>> I have four SATA harddrives, all of which are encrypted using ELI=20
>>>>> encryption. I've encrypted the raw disks, ad0, ad1, ad2 and ad3.=20
>>>>> The resulting devices ad0.eli, ad1.eli, ad2.eli and ad3.eli, I've=20
>>>>> concatenated into a large device, cc0, on which I have several=20
>>>>> partitions. To get this working, I of course need to boot from a=20
>>>>> separate device, and for that I use an SD card, which holds a boot =

>>>>> directory. With my old PS/2 keyboard, this worked like a charm, but=
>>>>> it seems to me, the ukbd driver isnt activated until after the ELI =

>>>>> encryption, which means I'm unable to enter the passphrases for the=
>>>>> disks, thus I can't get the computer passed the first passphrase=20
>>>>> prompt.
>>>>> Currently I have both the old keyboard and the new USB one=20
>>>>> connected. I use the PS/2 one to enter the passphrases, then I put =

>>>>> it on the floor under my desk and use the USB keyboard. As you may =

>>>>> very well understand, this is quite annoying. Is there a way to get=
>>>>> the USB keyboard to work at the point where I enter the passphrases=
>>>>> I've tried to change the keys for the disks to not use a=20
>>>>> passphrase, but only keyfiles and load them from loader.conf, just =

>>>>> as described in the GELI man page (yes I did set the -P option),=20
>>>>> but that simply will not work (and to be honest, it's not a=20
>>>>> solution I'd favour); if I set the -b option (ask for passphrase on=
>>>>> boot), it still asks for the passphrase, though there is none, and =

>>>>> if I set the -B option (don't ask for passphrase on boot), the=20
>>>>> computer ends up at the "mountroot>" prompt.
>>>>> I'd appreciate any help.
>>>>> Sincerly,
>>>>> Rolf Nielsen
>>>> Try setting hints.atkbd0.disabled to 1 in the loader, or in the=20
>>>> device.hints file. Your usb keyboard may work in early stages with=20
>>>> that device hint.
>>> Erm, set the hint in the loader _first_, and then only put it in=20
>>> device.hints if it works!
>>> _______________________________________________
>>> mailing list
>>> To unsubscribe, send any mail to=20
>>> ""
>> Moreover, the usb keyboard works upto and including the boot menu (I=20
>> guess the hardware is strictly under BIOS control then, and the kernel=
>> doesnt really know if the keboard is usb or ps/2). Then, as soon as=20
>> the kernel starts probing devices, it stops working. It comes back=20
>> when daemons have been started. Does usbd have to be running for a usb=
>> keyboard to work? If so, could it be worked around?
> That I don't know. It seems to me that the USB keyboard operates in one=
> of two modes - through the bios or through a device driver. When the=20
> system is yet to come up, the PC BIOS is able to talk with the USB=20
> keyboard, else you wouldn't be able to type commands in the loader. At =

> some point, I guess the OS aborts talking to the USB keyboard through=20
> the BIOS until a driver is loaded. However, I'm not a kernel hacker, so=
> this is only a guess and someone more knowledgeable should respond to=20
> the thread at this point.
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to=20
> ""

Reid: No problem. Thanks a lot for your time anyway. :)

I read in the ukbd man page, the the USB keyboard will be detected after =

the console driver initializes itself. However, I also noted a macro=20
named UPROTO_BOOT_KEYBOARD in the the /usr/src/sys/dev/usb/ukbd.c file.=20
I'm not a kernel hacker either, and my C skills date back to the late=20
90's, when I created various simple apps for Windoze, so I can't really=20
see what the macro does (it's obviously a flag of some kind; it's=20
defined as 1). Though its name suggests to me, that it might be possible =

to make it work when the ELI passphrase is supposed to be entered. If=20
its not possible ( in that case, I hope it will be made possible in a=20
near future release), I'd be willing, as a fallback, to accept a no=20
passphrase solution, but as I also mentioned in my original post, I=20
can't make that work. I did exactly what the geli man page says (I=20
substituted the device names of course). Is the man page complete?=20
Should there be some flags set, that tells the kernel not to ask for a=20
passphrase, and only use the loaded keyfiles? I have ELI support=20
compiled into the kernel, but I've also tried it with the geom_eli KLD,=20
with the exact same result.


V=C3=A4nligen / Sincerly,
Rolf Nielsen


Want to link to this message? Use this URL: <>