thr3ads.net - freebsd stable - Boot-time pass for geli on 7.0-BETA2 (and RELENG

If this information is useful, please help other people find it:
Share via:

Marc Olzheim

2007-Nov-06 18:54 UTC

Boot-time pass for geli on 7.0-BETA2 (and RELENG_7) not working for me.

Hi.

I can't get the kernel to accept my passphrase at boot time.

Excerpt from dmesg:

...

FreeBSD 7.0-BETA2 #0: Tue Nov  6 15:06:03 UTC 2007
    root@lapcat.ilse.net:/usr/obj/usr/src/sys/LAPCAT
Preloaded elf kernel "/boot/kernel/kernel" at 0xffffffff808a5000.
Preloaded elf obj module "/boot/kernel/geom_eli.ko" at
0xffffffff808a5288.
Preloaded elf obj module "/boot/kernel/crypto.ko" at
0xffffffff808a58f8.
Preloaded elf obj module "/boot/kernel/zlib.ko" at 0xffffffff808a5f60.
Preloaded ad4s3e:keyfile0 "/boot/keys/ad4s3e.key" at
0xffffffff808a64c8.
Calibrating clock(s) ... i8254 clock: 1193193 Hz
CLK_USE_I8254_CALIBRATION not specified - using default frequency
Timecounter "i8254" frequency 1193182 Hz quality 0
Calibrating TSC clock ... TSC clock: 1496263977 Hz
CPU: Intel(R) Core(TM)2 Duo CPU     T5250  @ 1.50GHz (1496.26-MHz K8-class CPU)
  Origin = "GenuineIntel"  Id = 0x6fd  Stepping = 13
 
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0xe39d<SSE3,RSVD2,MON,DS_CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM>
  AMD Features=0x20100800<SYSCALL,NX,LM>
  AMD Features2=0x1<LAHF>
  Cores per package: 2
usable memory = 2128379904 (2029 MB)

...

ad4: 114473MB <FUJITSU MHW2120BH 8918> at ata2-master SATA150
ad4: 234441648 sectors [232581C/16H/63S] 16 sectors/interrupt 1 depth queue
GEOM: new disk ad4
battery0: battery initialization done, tried 1 times
GEOM_LABEL: Label for provider ad4s4 is ntfs/HP_RECOVERY.
Enter passphrase for ad4s3e: (probe4:sbp0:0:4:0): error 22
(probe4:sbp0:0:4:0): Unretryable Error
(probe5:sbp0:0:5:0): error 22
(probe5:sbp0:0:5:0): Unretryable Error
(probe6:sbp0:0:6:0): error 22
(probe6:sbp0:0:6:0): Unretryable Error
(probe0:sbp0:0:0:0): error 22
(probe0:sbp0:0:0:0): Unretryable Error
(probe1:sbp0:0:1:0): error 22
(probe1:sbp0:0:1:0): Unretryable Error
(probe2:sbp0:0:2:0): error 22
(probe2:sbp0:0:2:0): Unretryable Error
(probe3:sbp0:0:3:0): error 22
(probe3:sbp0:0:3:0): Unretryable Error

GEOM_ELI: Wrong key for ad4s3e. Tries left: 2.
Enter passphrase for ad4s3e: 
GEOM_ELI: Wrong key for ad4s3e. Tries left: 1.
Enter passphrase for ad4s3e: 
GEOM_ELI: Wrong key for ad4s3e. No tries left.
SMP: AP CPU #1 Launched!
cpu1 AP:
     ID: 0x01000000   VER: 0x00050014 LDR: 0x00000000 DFR: 0xffffffff
  lint0: 0x00010700 lint1: 0x00000400 TPR: 0x00000000 SVR: 0x000001ff
  timer: 0x000200ef therm: 0x00010000 err: 0x00010000 pcm: 0x00010000

...

Trying to mount root from ufs:/dev/ad4s3a
start_init: trying /sbin/init
Loading configuration files.
No suitable dump device was found.
Entropy harvesting:
 interrupts
 ethernet
 point_to_point
 kickstart
.
Starting file system checks:
Setting hostuuid: 434e4637-3332-3352-3451-001b24850b51.
Setting hostid: 0x55ee28a8.
Mounting local file systems:

...

But when trying after boot, "geli attach -k /boot/keys/ad4s3e.key":

GEOM_ELI: Device ad4s3e.eli created.
GEOM_ELI: Encryption: AES-CBC 128
GEOM_ELI:     Crypto: software

Then it works fine.

Any ideas ?



Another issue with BETA1.5 was that when disklabeling /dev/ad4s3e.eli
into multiple slices, after newfsing and mounting, I could create files
and fsck the filesystem, but as soon as I created a directory, it caused
a panic. I didn't see that after cvsuping to RELENG_7 then though, so i
assume something was already fixed in that department.

Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20071107/a6974121/attachment.pgp

Karsten Rothemund

2007-Nov-07 01:41 UTC

head link

Boot-time pass for geli on 7.0-BETA2 (and RELENG_7) not working for me.

On Tue, Nov 06, 2007 at 04:35:24PM +0100, Marc Olzheim
wrote:> Hi.
> 
> I can't get the kernel to accept my passphrase at boot time.
> 
What kind of passphrase do you use? I had the same "problem" until I
realized, that my passphrase contained a letter, which changed its
"position" on the keyboard when changing layout, during boot it is
still
the US-layout. Later it changed to de in my case (no problem to attach
geli device later).

Just a hint.

Ciao,

Karsten

-- 

Karsten Rothemund <karsten@photor.de>     /"\
PGP-Key:     0x7019CAA5                   \ /
Fingerprint: E752 C759 B9B2 2057 E42F      \  ASCII Ribbon Campaign
             50EE 47AC A7CE 7019 CAA5     / \ Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20071107/a69fd621/attachment.pgp

freebsd stable - Nov 2007 - Boot-time pass for geli on 7.0-BETA2 (and RELENG_7) not working for me.

Boot-time pass for geli on 7.0-BETA2 (and RELENG_7) not working for me.

Boot-time pass for geli on 7.0-BETA2 (and RELENG_7) not working for me.