From owner-freebsd-geom@FreeBSD.ORG Sun Aug 21 02:43:13 2011 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 699961065746 for ; Sun, 21 Aug 2011 02:43:13 +0000 (UTC) (envelope-from leonleon77@gmail.com) Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx1.freebsd.org (Postfix) with ESMTP id 3B8A88FC0C for ; Sun, 21 Aug 2011 02:43:12 +0000 (UTC) Received: by iye7 with SMTP id 7so15387732iye.17 for ; Sat, 20 Aug 2011 19:43:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=Z70Lz7bMivxJa2p5J3eXruUaHoR0SLlTpbmP6fGUxcQ=; b=JIzH5i/1gONbR+K4N6Ia51j0HCUOGqtpNI2jjLZfNNS0qeb1AsB59PW6PGvqRDH5Cm REueaQOGjPynC7wKNocw/zzJms6RLl6StMt3AlCg+ZoH7GRQ5Hu1QWZz5UbKLIgeyozZ 7cub2VUtmvlaWnIbNYY+zFVyLf+HyveUPvAKY= MIME-Version: 1.0 Received: by 10.42.29.193 with SMTP id s1mr981322icc.439.1313893033244; Sat, 20 Aug 2011 19:17:13 -0700 (PDT) Received: by 10.231.154.148 with HTTP; Sat, 20 Aug 2011 19:17:13 -0700 (PDT) Date: Sun, 21 Aug 2011 12:17:13 +1000 Message-ID: From: leon zadorin To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: potential problem with gpart, glabel and geli when using "ask for a passphrase on boot" option X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Aug 2011 02:43:13 -0000 Hello everyone, There appears to be a problem with how geli geom module treats "ask for a passphrase on boot" option when the system is booting (or I probably don't know the right way of doing this...) on 8.2-release branch. Essentially, I have a disk, for illustration purposes let's call it "/dev/aaa", which is first labeled permanently (with glabel) as let's say "/dev/label/ccc" and then setup with gpart to use gpt partition scheme. So far so good... I then initialize one of the gpt partitions (/dev/label/cccp2) to be used by a geli encryption module with "ask for a passphrase on boot" option... something like this: geli init -b -v -a hmac/sha256 -B none /dev/label/cccp2 the problem is that when the system boots, it asks for a passphrase on *multiple* devices/partitions: /dev/aaap2 /dev/gpt/bbb (where bbb is guid of the gpt partition in question) /dev/label/cccp2 Clearly -- since I had applied the 'geli init -b' to /dev/label/cccp2 only, it would be ideal if geli was asking for the passphrase only for 1 device/partition: /dev/label/cccp2 It would appear however that geli might be using some sort of value/data written to a partition to indicate that it may need to ask for passphrase on boot (?), and since each of /dev/aaap2, /dev/gpt/bbb, /dev/label/cccp2 are synonymous w.r.t. such a data -- it decides to ask for passphrase everytime a given "/dev/...." entry gets attached? Any way around this? Am I doing something wrong here? Or is there some way in 'loader.conf' to tell geli geom provider to ignore certain "/dev/..." entries? Best regards Leon.