From owner-freebsd-geom@FreeBSD.ORG Mon Nov 17 09:33:17 2014 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C7E6E6F0 for ; Mon, 17 Nov 2014 09:33:17 +0000 (UTC) Received: from maild-bd.linkedin.com (maild-bd.linkedin.com [108.174.3.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.linkedin.com", Issuer "DigiCert Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 662679EC for ; Mon, 17 Nov 2014 09:33:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkedin.com; s=proddkim1024; t=1416216729; bh=WMYn7KOX0ZDLYmV0FfNLtzhDTSTQeRi21KLlMkScvIc=; h=From:Subject:MIME-Version:Content-Type:To:Date:X-LinkedIn-Class: X-LinkedIn-Template:X-LinkedIn-fbl; b=qVUglWmmniXkpkSay1vlksW3m74OI+BIsKzZKCfrZ0s4/SOB9ChtpMjJxEj9jMyT6 uu+ftBame81rLBV45FFijn4XyuySOqOVhNp6pTcQ+lfEk5KppYiuhS0c9VuE55SFcA N2BJ8Q1DgmJdwTMACT01CQUFXbmyHYRVd791vT0A= From: Anderson Souza via LinkedIn Message-ID: <1340146255.2314930.1416216729091.JavaMail.app@lva1-app1733.prod> Subject: =?UTF-8?Q?O_convite_de_Anderson_Souza_est=C3=A1_aguardando_sua_resposta?= MIME-Version: 1.0 To: Date: Mon, 17 Nov 2014 09:32:09 +0000 (UTC) X-LinkedIn-Class: INVITE-REMIND-GUEST X-LinkedIn-Template: inv_exp_19 X-LinkedIn-fbl: s-4vy378nspe5nhr39igm3fobb7q5juox0cqm0o83247418x8a2c9db8ma X-LinkedIn-Id: -gt9qwx-i2lmv7jt-66 Content-Type: text/plain;charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2014 09:33:18 -0000 Anderson Souza quer fazer parte da sua rede no LinkedIn. Como deseja respon= der? Aceitar: http://www.linkedin.com/blink?simpleRedirect=3Dd3cSd3oRcPwTcj4Zh4B= KrSBQonhFtCVF9CpIokMTcBdqfnBBiShBsC5EsOoVclZMu6lvtCVFfmJB9D9Bp6VFrmlObnhMpm= dzoiRybmtSrCBvrmRLoORIrmkZpSVFqSdxsDgCpnhFtCV9pSlipn9Mfm4CdzoJt6ETtCRIcCAJu= 7tNenhDbjRBfP9SbSkLrmZzbCVFp6lHrCBIbDtTtOYLeDdMt7hE&msgID=3DI8282559111_1&m= arkAsRead=3D Visualizar o perfil de Anderson Souza: http://www.linkedin.com/blink?simple= Redirect=3Dej5vs7xBnTpKqjRHpipOpmhKqmRBsyRQs6lzoS4JoyRDtCVFnSRJrScJr6RBfmtK= qmJzon9Q9DpMrzRQ9zoSbnhGdTpJr39FbnxTsjBQpOQZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTs= LbPFMt7hE&msgID=3DI8282559111_1&markAsRead=3D Voc=C3=AA est=C3=A1 recebendo e-mails de lembretes sobre convites pendentes= . Cancele sua inscri=C3=A7=C3=A3o aqui: http://www.linkedin.com/blink?simpl= eRedirect=3D6tOrQkO9mhPoClBsCoMd2lJrSlDbmhPoClBsCoZr6BxrmkCc3oMc38Zp6ACd3cS= d3oRcPwTcj4Zp6BD9zANnT1UplZSrCAZqSkCoDlPrDkJpyRzoClJnSRJrScJr6RBfmtKqmJzon9= Q9CZLpPRQ9zoSbnhGdTpJr39FbnxTsjBQpOQZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTsLbPFMt7= hE&msgID=3DI8282559111_1&markAsRead=3D Voc=C3=AA recebeu um convite de conex=C3=A3o. O LinkedIn utiliza seu endere= =C3=A7o de e-mail para fazer sugest=C3=B5es a nossos usu=C3=A1rios em recur= sos como Pessoas que talvez voc=C3=AA conhe=C3=A7a. Clique aqui para cancel= ar a inscri=C3=A7=C3=A3o: http://www.linkedin.com/blink?simpleRedirect=3D0S= dyRQqztSrmMOqiRUtT4Vt6sJfmhFpip1rRdhkBlCcSRisT94hSRLgQdlr6RVcRxBpkQQt6VBqRZ= plT5ilTdmp7kQtQxesjtlllASiRBqtjxyk69gi79ohAsVrll1gk5Dt69Stjllc4FejQthgjRAqm= ZI9zANnT1UplZSrCAZqSkCkjoPp4l7q5p6sCR6kk4ZrClHrRhAqmQCrDlIfngCdzoJt6ETtCRIc= CAJu7tNenhDbjRBfP9SbSkLrmZzbCVFp6lHrCBIbDtTtOYLeDdMt7hE&msgID=3DI828255= 9111_1&markAsRead=3D Saiba por que inclu=C3=ADmos isso neste link: http= ://www.linkedin.com/blink?simpleRedirect=3D0Ue3sQfmh9pmNzqnhOoioVclZMu6lvtC= VFfmJB9CNOlmlzqnpOpldOpmRLt7dRoPRx9zoSbnhGdTpJr39FbnxTsjBQpOQZpjYOtyZBbSRLo= OVKqmhBqSVFr2VTtTsLbPFMt7hE&msgID=3DI8282559111_1&markAsRead=3D © 2014, LinkedIn Corporation. 2029 Stierlin Ct. Mountain View, CA 9404= 3, EUA From owner-freebsd-geom@FreeBSD.ORG Mon Nov 17 23:25:38 2014 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 49700F79; Mon, 17 Nov 2014 23:25:38 +0000 (UTC) Received: from mail.cyberleo.net (paka.cyberleo.net [216.226.128.180]) by mx1.freebsd.org (Postfix) with ESMTP id 274CB850; Mon, 17 Nov 2014 23:25:37 +0000 (UTC) Received: from [172.16.44.4] (vitani.den.cyberleo.net [216.80.73.130]) by mail.cyberleo.net (Postfix) with ESMTPSA id 154731996E; Mon, 17 Nov 2014 18:25:29 -0500 (EST) Message-ID: <546A83E8.9050409@cyberleo.net> Date: Mon, 17 Nov 2014 17:25:28 -0600 From: CyberLeo Kitsana User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.8.0 MIME-Version: 1.0 To: Pawel Jakub Dawidek Subject: Re: [patch] GELI Boot-time unlock failure References: <5467F826.3070208@cyberleo.net> <20141117052910.GE1771@garage.freebsd.pl> In-Reply-To: <20141117052910.GE1771@garage.freebsd.pl> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: FreeBSD Geom X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2014 23:25:38 -0000 On 11/16/2014 11:29 PM, Pawel Jakub Dawidek wrote: > On Sat, Nov 15, 2014 at 07:04:38PM -0600, CyberLeo Kitsana wrote: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193624 >> >> I've reworked the patch to apply to 10.1-RELEASE, and am now using it >> successfully. >> >> The proper fix for this issue is most likely a new metadata version to >> set the md_iterations per-keyslot instead of per-container, but I didn't >> want to introduce incompatibility without input from the current GELI >> maintainers; this patch works with the layout as-is. >> >> If a GELI container has a keyfile in one slot and a passphrase in the >> other (to implement automatic boot-time unlock with offline key escrow, >> for example), the boot-time unlock code will get confused and assume the >> key and passphrase are to be combined, resulting in a container that >> cannot be unlocked during boot when its keyfile is preloaded. The >> included patch attempts to unlock using only the keyfile first. > > Hi, > > thanks for the patch, but I'd prefer to fix it properly, ie. allow for > each key slot to have its dedicated iterations counter. Do you think > this is something you could work on? I think so. I'll see what I can do. It might take a bit, though, as, for that, I must familiarize myself with the userland portions as well. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net Furry Peace! - http://www.fur.com/peace/