From owner-freebsd-questions@FreeBSD.ORG Mon Jul 30 14:56:35 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7BAE16A417 for ; Mon, 30 Jul 2007 14:56:35 +0000 (UTC) (envelope-from lazlar@lazlarlyricon.com) Received: from proxy1.bredband.net (proxy1.bredband.net [195.54.101.71]) by mx1.freebsd.org (Postfix) with ESMTP id 641B913C478 for ; Mon, 30 Jul 2007 14:56:35 +0000 (UTC) (envelope-from lazlar@lazlarlyricon.com) Received: from trapper.homedns.org (213.114.40.248) by proxy1.bredband.net (7.3.127) id 46A848D60011CB90; Mon, 30 Jul 2007 16:56:33 +0200 Received: from trapper.homedns.org (localhost [127.0.0.1]) by trapper.homedns.org (8.13.8/8.13.8) with ESMTP id l6UEuX3V001169; Mon, 30 Jul 2007 16:56:33 +0200 (CEST) (envelope-from lazlar@lazlarlyricon.com) Message-ID: <46ADFC20.5050805@lazlarlyricon.com> Date: Mon, 30 Jul 2007 16:56:32 +0200 From: Rolf G Nielsen User-Agent: Thunderbird 2.0.0.5 (X11/20070716) MIME-Version: 1.0 To: Reid Linnemann References: <46AA53CA.3090309@lazlarlyricon.com> <46AA5A62.1090309@cs.okstate.edu> <46AA5BB2.2010406@cs.okstate.edu> <46AA659F.7040801@lazlarlyricon.com> <46ADED58.9080605@cs.okstate.edu> In-Reply-To: <46ADED58.9080605@cs.okstate.edu> Content-Type: multipart/mixed; boundary="------------040800020205050205090203" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: ELI passphrase on boot with USB keyboard X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 14:56:35 -0000 This is a multi-part message in MIME format. --------------040800020205050205090203 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Reid Linnemann wrote: > Written by Rolf G Nielsen on 07/27/07 16:37>> >> Reid Linnemann wrote: >>> Written by Reid Linnemann on 07/27/07 15:49>> >>>> Written by Rolf G Nielsen on 07/27/07 15:21>> >>>>> Hi, >>>>> >>>>> I recently purchased a new USB keyboard, since my old PS/2 one has = >>>>> seen its best days. This has caused me annoying problems with my=20 >>>>> ELI disks, though. >>>>> >>>>> I have four SATA harddrives, all of which are encrypted using ELI=20 >>>>> encryption. I've encrypted the raw disks, ad0, ad1, ad2 and ad3.=20 >>>>> The resulting devices ad0.eli, ad1.eli, ad2.eli and ad3.eli, I've=20 >>>>> concatenated into a large device, cc0, on which I have several=20 >>>>> partitions. To get this working, I of course need to boot from a=20 >>>>> separate device, and for that I use an SD card, which holds a boot = >>>>> directory. With my old PS/2 keyboard, this worked like a charm, but= =20 >>>>> it seems to me, the ukbd driver isnt activated until after the ELI = >>>>> encryption, which means I'm unable to enter the passphrases for the= =20 >>>>> disks, thus I can't get the computer passed the first passphrase=20 >>>>> prompt. >>>>> >>>>> Currently I have both the old keyboard and the new USB one=20 >>>>> connected. I use the PS/2 one to enter the passphrases, then I put = >>>>> it on the floor under my desk and use the USB keyboard. As you may = >>>>> very well understand, this is quite annoying. Is there a way to get= =20 >>>>> the USB keyboard to work at the point where I enter the passphrases= ? >>>>> >>>>> I've tried to change the keys for the disks to not use a=20 >>>>> passphrase, but only keyfiles and load them from loader.conf, just = >>>>> as described in the GELI man page (yes I did set the -P option),=20 >>>>> but that simply will not work (and to be honest, it's not a=20 >>>>> solution I'd favour); if I set the -b option (ask for passphrase on= =20 >>>>> boot), it still asks for the passphrase, though there is none, and = >>>>> if I set the -B option (don't ask for passphrase on boot), the=20 >>>>> computer ends up at the "mountroot>" prompt. >>>>> >>>>> I'd appreciate any help. >>>>> >>>>> Sincerly, >>>>> >>>>> Rolf Nielsen >>>>> >>>> >>>> Try setting hints.atkbd0.disabled to 1 in the loader, or in the=20 >>>> device.hints file. Your usb keyboard may work in early stages with=20 >>>> that device hint. >>> >>> Erm, set the hint in the loader _first_, and then only put it in=20 >>> device.hints if it works! >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to=20 >>> "freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> >> Moreover, the usb keyboard works upto and including the boot menu (I=20 >> guess the hardware is strictly under BIOS control then, and the kernel= =20 >> doesnt really know if the keboard is usb or ps/2). Then, as soon as=20 >> the kernel starts probing devices, it stops working. It comes back=20 >> when daemons have been started. Does usbd have to be running for a usb= =20 >> keyboard to work? If so, could it be worked around? >> >> >=20 > That I don't know. It seems to me that the USB keyboard operates in one= =20 > of two modes - through the bios or through a device driver. When the=20 > system is yet to come up, the PC BIOS is able to talk with the USB=20 > keyboard, else you wouldn't be able to type commands in the loader. At = > some point, I guess the OS aborts talking to the USB keyboard through=20 > the BIOS until a driver is loaded. However, I'm not a kernel hacker, so= =20 > this is only a guess and someone more knowledgeable should respond to=20 > the thread at this point. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" >=20 >=20 >=20 Reid: No problem. Thanks a lot for your time anyway. :) Anyone: I read in the ukbd man page, the the USB keyboard will be detected after = the console driver initializes itself. However, I also noted a macro=20 named UPROTO_BOOT_KEYBOARD in the the /usr/src/sys/dev/usb/ukbd.c file.=20 I'm not a kernel hacker either, and my C skills date back to the late=20 90's, when I created various simple apps for Windoze, so I can't really=20 see what the macro does (it's obviously a flag of some kind; it's=20 defined as 1). Though its name suggests to me, that it might be possible = to make it work when the ELI passphrase is supposed to be entered. If=20 its not possible ( in that case, I hope it will be made possible in a=20 near future release), I'd be willing, as a fallback, to accept a no=20 passphrase solution, but as I also mentioned in my original post, I=20 can't make that work. I did exactly what the geli man page says (I=20 substituted the device names of course). Is the man page complete?=20 Should there be some flags set, that tells the kernel not to ask for a=20 passphrase, and only use the loaded keyfiles? I have ELI support=20 compiled into the kernel, but I've also tried it with the geom_eli KLD,=20 with the exact same result. --=20 V=C3=A4nligen / Sincerly, Rolf Nielsen --------------040800020205050205090203--