From owner-freebsd-arm@FreeBSD.ORG  Wed Feb 11 15:53:57 2015
Return-Path: <owner-freebsd-arm@FreeBSD.ORG>
Delivered-To: freebsd-arm@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 235453A2;
 Wed, 11 Feb 2015 15:53:57 +0000 (UTC)
Received: from feynman.konjz.org (feynman.konjz.org [64.147.119.39])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EAB9824D;
 Wed, 11 Feb 2015 15:53:56 +0000 (UTC)
Received: from 127.0.0.1 (chomsky.torservers.net [77.247.181.162])
 (authenticated bits=0)
 by feynman.konjz.org (8.14.7/8.14.4) with ESMTP id t1BFwfqk075427
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Wed, 11 Feb 2015 10:58:44 -0500 (EST)
 (envelope-from george@ceetonetechnology.com)
Message-ID: <54DB7B07.4080704@ceetonetechnology.com>
Date: Wed, 11 Feb 2015 10:53:43 -0500
From: George Rosamond <george@ceetonetechnology.com>
MIME-Version: 1.0
To: Brenden Bartelt <brenden.bartelt@gmail.com>, freebsd-arm@freebsd.org
Subject: Re: "geli: Wrong key" unable to attach in RPi/ARM environment
References: <CANUxo4omL1m0EkSnmad8qyZqRWbuZ5zJ29nzCA0+gSyCAyU9dw@mail.gmail.com>
In-Reply-To: <CANUxo4omL1m0EkSnmad8qyZqRWbuZ5zJ29nzCA0+gSyCAyU9dw@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Cc: Pawel Jakub Dawidek <pjd@FreeBSD.org>
X-BeenThere: freebsd-arm@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Porting FreeBSD to ARM processors." <freebsd-arm.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arm>,
 <mailto:freebsd-arm-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arm/>
List-Post: <mailto:freebsd-arm@freebsd.org>
List-Help: <mailto:freebsd-arm-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arm>,
 <mailto:freebsd-arm-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 15:53:57 -0000

Brenden Bartelt:
> Hi all,
> 
> This a follow up to a previous thread in freebsd-geom where it was
> determined that geli is functional in 11.0-CURRENT and it could be an ARM
> problem.
> 
> I have been unable to geli attach in RPi, even with a very simple
> passphrase ("test"). Has anyone had success with this? I have tried on an
> external usb, da0 as well as a partition on the SD card itself, mmcsd0s3.
> The geli init appears to work, and a geli dump reveals that a master key
> was indeed written to the device. What is even more puzzling is that a geli
> onetime will work for the device, so it would appear that geli is
> functional, but something has gone wrong with the master key
> generating/writing/reading operation.
> 
> Can anyone shed some light on something I am missing? Is geli not fully
> supported on ARM?
> 
> Thanks,
> Brenden

I haven't tried this, but two things:

1.  did you try setting the key with -k when you attach?

2.  I don't know if he's on this list, but I'm adding pdj@ to the cc.

g

> 
> Log:
> 
> # uname -a
> FreeBSD raspberry-pi 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r278031: Mon Feb
> 2 02:54:08 UTC 2015
> root@releng2.nyi.freebsd.org:/usr/obj/arm.armv6/usr/src/sys/RPI-B
> arm
> 
> # kldstat
> Id Refs Address    Size     Name
>  8    1 0xc5657000 17000    geom_eli.ko
>  9    1 0xc572e000 2c000    crypto.ko
> 
> # geli init mmcsd0s3
> Enter new passphrase:
> Reenter new passphrase:
> 
> Metadata backup can be found in /var/backups/mmcsd0s3.eli and
> can be restored with the following command:
> 
>         # geli restore /var/backups/mmcsd0s3.eli mmcsd0s3
> 
> # geli attach mmcsd0s3
> Enter passphrase:
> geli: Wrong key for mmcsd0s3.
> 
> # geli dump mmcsd0s3
> Metadata on mmcsd0s3:
>      magic: GEOM::ELI
>    version: 7
>      flags: 0x0
>      ealgo: AES-XTS
>     keylen: 128
>   provsize: 24796725248
> sectorsize: 512
>       keys: 0x01
> iterations: 21660
>       Salt:
> d2678fa977889263b18cbbb2e5a3151ac8185d9d0bc5dafa548abc4510ca49ce134ef9410cc63a9b0881514d9e9fedb6a3d392ba4096775030d0646fbfb4cce5
> Master Key:
> 4c26413b864d809b7e537e13ad442d22eada3a12ef61cd538f3a2bc9fd3a1dbbe80e19d6a009c51784461380ff150602c31c4910ad63aa52d105fc93b2005f18cd0b187e0e56b44eabc9784a6255e696a9c398653e4ec669cae64961bd7b43d9af01fa0897f84fef1608c632bbb881d418bdf81e637afff4191ceda6ec829f33c93a0cb5ead63ee63e4c4ccc3ee0b076e6f86b05d514c8b006bf8a11e3f78ac658e56bd824d6958747f09f3c8e80861d2f19eed3f334bbcc83aa28a227239c4bd9c4390a9e1acb5aefed4ef4602432359271217bfb9676eb753930f5c9c45899b0f44bdd230517d3238fc9ab9763b2def43658f44fc76094ccb4af54c7c492a790eca0b407adf66fccf2f3b049c874b66d4bbccd4e82fe8a2e79985ae5e1d64affed7ac66808a2bbd9d661b460c2b9acc1bac5a537bc7d862c711c9ca4892fcf3e607b6ee255555b742352483b7ffda80545bd3774f90ff0e74db58ef87c6c050501c0643c3921345df6e6d7a296c7c535ec81468a8a739824673303664a8874
>   MD5 hash: f97f3ca1cf95c25144c84a12b10d81ef
> 
> # geli onetime mmcsd0s3
> # geli list
> Geom name: mmcsd0s3.eli
> State: ACTIVE
> EncryptionAlgorithm: AES-XTS
> KeyLength: 128
> Crypto: software
> Version: 7
> Flags: ONETIME
> KeysAllocated: 47
> KeysTotal: 47
> Providers:
> 1. Name: mmcsd0s3.eli
>    Mediasize: 24796725248 (23G)
>    Sectorsize: 512
>    Mode: r0w0e0
> Consumers:
> 1. Name: mmcsd0s3
>    Mediasize: 24796725248 (23G)
>    Sectorsize: 512
>    Stripesize: 4194304
>    Stripeoffset: 0
>    Mode: r1w1e1
> _______________________________________________
> freebsd-arm@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arm
> To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org"
>