Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Apr 2009 13:38:02 GMT
From:      Terje Elde <terje@elde.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/134113: Problem setting secondary GELI key
Message-ID:  <200904301338.n3UDc2vx056120@www.freebsd.org>
Resent-Message-ID: <200904301340.n3UDe31H044316@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         134113
>Category:       kern
>Synopsis:       Problem setting secondary GELI key
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 30 13:40:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Terje Elde
>Release:        7.2-PRERELEASE
>Organization:
>Environment:
FreeBSD 42-gw.keepquiet.net 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Mon Apr 27 22:48:43 CEST 2009     tld@42-gw.keepquiet.net:/usr/obj/usr/src/sys/42  i386

>Description:
Created a GELI-setup using only a keyfile, partition to be mounted at boot.

When trying to set the secondary-key (key 1) using a passphrase incase the keyfile is lost, the following happens:

------------------------------------------------
42-gw# geli setkey -v -n 1 /dev/mirror/world
Enter new passphrase:
Reenter new passphrase: 
Calculating number of iterations...
Done, using 138302 iterations.
geli: Only already defined key can be changed when '-i' option is used.
------------------------------------------------

Note that the provider was attached at the time.





>How-To-Repeat:
Create a GELI slice with only a keyfile, no password, to be mounted on boot, then try to set secondary key while the provider is attached.

>Fix:
Workaround:

Setting the first key (key 0) that was used for attaching the provider with a keyfile, works:

------------------------------------------------
42-gw# geli setkey -v -n 0 /dev/mirror/world
Enter new passphrase:
Reenter new passphrase: 
Calculating number of iterations...
Done, using 80194 iterations.
Done.
------------------------------------------------

After that, setting the secondary key also works:

------------------------------------------------
42-gw# geli setkey -v -n 1 /dev/mirror/world
Enter new passphrase:
Reenter new passphrase: 
Done.
42-gw# 
------------------------------------------------

After that, I can set the primary key back to the keyfile.


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904301338.n3UDc2vx056120>