From owner-freebsd-stable@FreeBSD.ORG Sun Jul 1 16:35:31 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5C40F1065670 for ; Sun, 1 Jul 2012 16:35:31 +0000 (UTC) (envelope-from joerg_surmann@snafu.de) Received: from waikiki.ops.eusc.inter.net (waikiki.ops.eusc.inter.net [84.23.254.155]) by mx1.freebsd.org (Postfix) with ESMTP id 12DD58FC08 for ; Sun, 1 Jul 2012 16:35:31 +0000 (UTC) X-Trace: 507c73757269697c39322e3232392e3131372e3131367c31536c4e37522d303030 3679562d4a477c31333431313630353239 Received: from waikiki.ops.eusc.inter.net ([10.155.10.19] helo=localhost) by waikiki.ops.eusc.inter.net with esmtpsa (Exim 4.72) id 1SlN7R-0006yV-JG for freebsd-stable@freebsd.org; Sun, 01 Jul 2012 18:35:29 +0200 Message-ID: <4FF07C50.3020606@snafu.de> Date: Sun, 01 Jul 2012 18:35:28 +0200 From: Joerg Surmann User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <20120620202807.66fdf248@fabiankeil.de> <70eb69bde16fba598b2701be9654624885f0936c@mein.snafu.de> <20120621122133.2fed5862@fabiankeil.de> <4FF050C5.7050909@snafu.de> <20120701172929.6229c5bf@fabiankeil.de> In-Reply-To: <20120701172929.6229c5bf@fabiankeil.de> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 92.229.117.116 X-SA-Exim-Mail-From: joerg_surmann@snafu.de X-SA-Exim-Scanned: No (on waikiki.ops.eusc.inter.net); SAEximRunCond expanded to false Subject: Re: geli decrypt only one partition X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 16:35:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ok. i understand. ada1p4 is keyfile0 for the provider. that works. thanks and best regards. suri Am 01.07.12 17:29, schrieb Fabian Keil: > joerg_surmann wrote: > >> Sorry, i no had enough time for this geli problem. I work with a >> testsystem. When start booting in verbose mode the system found >> the keypaths. >> >> Preloaded ada0p4:geli_keyfile0 "/root/keys/ada0p4.key" at >> 0xc14bf540. Preloaded ada1p4:geli_keyfile1 >> "/root/keys/ada1p4.key" at 0xc14bf598. >> >> loader.conf geom_eli_load="YES" >> >> geli_ada0p4_keyfile0_load="YES" >> geli_ada0p4_keyfile0_type="ada0p4:geli_keyfile0" >> geli_ada0p4_keyfile0_name="/root/keys/ada0p4.key" >> >> geli_ada1p4_keyfile1_load="YES" >> geli_ada1p4_keyfile1_type="ada1p4:geli_keyfile1" >> geli_ada1p4_keyfile1_name="/root/keys/ada1p4.key" >> >> zfs_load="YES" vfs.root.mountfrom="zfs:zroot" >> >> on boottime i can decrypt ada0p4. for ada1p4 ... wrong key. >> >> i can decrypt ada1p4 later by hand with the keyfile like >> loader.conf. same situation. ada0p4 and ada1p4 are a zfs mirror. > > Like I already wrote before, the problem is most like that you > named the first keyfile for the second provider keyfile1 instead of > keyfile0. > > The keyfile numeration restarts for each provider and geli will not > use keyfile1 if keyfile0 doesn't exist. > > I missed that the "Preloaded ..." messages are a bit misleading > here as they only show that the loader lines are recognized and > that the kernel read the files, not that geli does anything useful > with them. > > If you increase kern.geom.eli.debug you'll probably see that > /root/keys/ada0p4.key is used by geli while /root/keys/ada1p4.key > isn't. > > Fabian > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP8HxOAAoJEDyDkpKh+9pTQTwQAKOY0nPX55S5WKz1+2YC8Ggx h1dk1R2qGOe5LSUYjIa35HTwI4HXyXf2FTSTv4o+1rxQnmx3S99thTa5Z2qB1FlY mA7o/8s2H4VUrtHV4SinwkSXJ/6qQzoLGOgxRg5q90oZgoxMYi/U5MKn2iHs9mmG kpEU7v2BG4dcxvq6/EDOQiaYD/EHH38fx9ftD8iNaF/0ceo2KBl9OLUA07ixcD8P NRHDOKudhNTy29hJMPDsJT59nXrc7VNkFiVauyh/KMAMmbcC1JTSiLVPlztawIQF HW/JEZoslZaBGY3eefEsm2UXOPwRR2+dHHUr/0vbCZuBIbaPx8+LWDKPpXQFqf8H vTM2bmrTMZQHLtjn+kDRKOH6O4UJchcYEL1EszmL+fsEC2nxoBTOVPkQQ20IKa7w zXD23fgYWMuFKNils/OwRe5myQz2dKmxtbXo11krI5RbiEdlVtzNniTKvP4zTI6C czDmIHn+Ww2FK7u4XfgpLz1o9fBV9TYgIjM6NNwqQtoZlNOC5HS3+JbiIcVciQw4 vR57OPAs/V2lg31KzTeGF74KkBHisZTzvWB1YG9iiEe07EyUouAcHbqxso45I8v5 rmDs1V+9uNJQT7hxVffgG8FHYLjmgEVVCEnBy/adiuXjLRWtbmW3qqXLYuO7jkzd qsKC15hcfAK/1DFC5RhJ =l+YB -----END PGP SIGNATURE-----