Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 18 Aug 2019 15:46:02 +0200
From:      Marco Steinbach <coco@executive-computing.de>
To:        freebsd-geom@freebsd.org
Subject:   11.3: GELI attach: Wrong key despite correct passphrase
Message-ID:  <20190818154602.00003fa8@executive-computing.de>
next in thread | raw e-mail | index | archive | help 
Hi.

I have two bootable SSDs, both installed using a GELI encrypted root on
ZFS.

Both use the same passphrase, both boot, if I enter that passphrase at
GELIs prompt.

One contains a GELI encrypted ZFS on root installed using
the 11.1-RELEASE installer, which was source upgraded to 12
(without upgrading the zpools).

The other also contains a GELI encrypted ZFS on root, but installed
using the 11.3-RELEASE installer.  This one was source upgraded to
11.3-STABLE r350677.

I'd like to copy over data from the 12 to the 11.3 drive, so I put the
12 one into an external USB enclosure.

root@bsdbuch:~ # uname -a
FreeBSD bsdbuch.c0c0.intra 11.3-STABLE FreeBSD 11.3-STABLE #0 r350677:
Sun Aug 18 04:43:08 CEST 2019
root@bsdbuch.c0c0.intra:/usr/obj/usr/src/sys/GENERIC  amd64

Internal 11.3
root@bsdbuch:~ # gpart show ada0
=>        40  1953525088  ada0  GPT  (932G)
          40        1024     1  freebsd-boot  (512K)
        1064         984        - free -  (492K)
        2048    16777216     2  freebsd-swap  (8.0G)
    16779264  1936744448     3  freebsd-zfs  (924G)
  1953523712        1416        - free -  (708K)

External 12 USB
root@bsdbuch:~ # gpart show da0
=>        40  1953525088  da0  GPT  (932G)
          40      409600    1  efi  (200M)
      409640        1024    2  freebsd-boot  (512K)
      410664         984       - free -  (492K)
      411648     4194304    3  freebsd-zfs  (2.0G)
     4605952    33554432    4  freebsd-swap  (16G)
    38160384  1915363328    5  freebsd-zfs  (913G)
  1953523712        1416       - free -  (708K)

root@bsdbuch:~ # geli attach /dev/da0p5
Enter passphrase:
geli: Wrong key for da0p5.

I've then imported the bootpool from da0, and mounted it, so I can try
using the key in boot/

root@bsdbuch:~ # geli attach -k /bootpool/boot/ada0p5.eli /dev/da0p5
Enter passphrase:
geli: Wrong key for da0p5.

If I put the 11.3 drive into the external enclosure, and boot from the
12 drive, I can attach the 11.3 GELI provider without error using the
exact same passphrase (and without using a key)

Am I missing something ?

MfG CoCo

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190818154602.00003fa8>