mr44er
2018-Aug-17 13:52 UTC
kern.geom.eli.boot_passcache doesn't work anymore in 11.2-RELEASE for additional disks
I have a geli-encrypted zroot which was created with Auto (ZFS) Guided Root-on-ZFS during fresh installation of 11.1-RELEASE. No bootpool anymore, Partition scheme GPT (BIOS) The additional disks were prepared with 'geli init -b' to set only the BOOT-flag and the same password as the disks for zroot. Worked as expected: bootloader asked only one time for password and during boot every encrypted disk was attached. Since upgrading to 11.2-RELEASE geli asks during boot a second time for the password when it tries to attach the additional disks. This is like the old style, when this line gets lost between other boot-messages. The system won't boot further at this point. Typing the password 'blind' and geli will attach every additional disk. So far no any other errors. Being irritated, I did a complete reinstall with a 11.2 image from usb-stick, but geli asks still twice for the password. Some input: sysctl -a | grep kern.geom.eli kern.geom.eli.key_cache_misses: 0 kern.geom.eli.key_cache_hits: 0 kern.geom.eli.key_cache_limit: 8192 kern.geom.eli.boot_passcache: 1 kern.geom.eli.batch: 0 kern.geom.eli.threads: 0 kern.geom.eli.overwrites: 5 kern.geom.eli.visible_passphrase: 0 kern.geom.eli.tries: 3 kern.geom.eli.debug: 0 kern.geom.eli.version: 7 zpool status zroot ? pool: zroot ?state: ONLINE ? scan: none requested config: ??? NAME??????????? STATE???? READ WRITE CKSUM ??? zroot?????????? ONLINE?????? 0???? 0???? 0 ??? ? mirror-0????? ONLINE?????? 0???? 0???? 0 ??? ??? ada0p3.eli? ONLINE?????? 0???? 0???? 0 ??? ??? ada1p3.eli? ONLINE?????? 0???? 0???? 0 ??? ??? ada2p3.eli? ONLINE?????? 0???? 0???? 0 errors: No known data errors geli list ada0p3.eli Geom name: ada0p3.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: BOOT, GELIBOOT KeysAllocated: 67 KeysTotal: 67 Providers: 1. Name: ada0p3.eli ?? Mediasize: 285711790080 (266G) ?? Sectorsize: 4096 ?? Mode: r1w1e1 Consumers: 1. Name: ada0p3 ?? Mediasize: 285711794176 (266G) ?? Sectorsize: 512 ?? Stripesize: 4096 ?? Stripeoffset: 0 ?? Mode: r1w1e1 geli list da0.eli Geom name: da0.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: BOOT KeysAllocated: 466 KeysTotal: 466 Providers: 1. Name: da0.eli ?? Mediasize: 2000398929920 (1.8T) ?? Sectorsize: 4096 ?? Mode: r1w1e2 Consumers: 1. Name: da0 ?? Mediasize: 2000398934016 (1.8T) ?? Sectorsize: 512 ?? Stripesize: 4096 ?? Stripeoffset: 0 ?? Mode: r1w1e1