From owner-freebsd-current@freebsd.org Fri May 6 11:39:23 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4AA1DB31753 for ; Fri, 6 May 2016 11:39:23 +0000 (UTC) (envelope-from miguelmclara@gmail.com) Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C7A441C90 for ; Fri, 6 May 2016 11:39:22 +0000 (UTC) (envelope-from miguelmclara@gmail.com) Received: by mail-lf0-x231.google.com with SMTP id j8so127906973lfd.2 for ; Fri, 06 May 2016 04:39:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=7lhP/rI+Wg3uzAqtB6xDgIKKH4mOIhDim+TlVjTB0W4=; b=Ug3JXXK8FI9gtFLf2AEselafgcyP9/N0Zr2f0j3ZtGjQyXeNVJg6WKOPw0xf7G/xj1 lQRKx/zSK8tz7zUmoRTIviKnm9DntADL74kuTNVhPwwT1LBN+SEBe6UZGwER+x5ZKfGE NLi16btsPc5LrVyFUq43evR2W/bSxrW6pmQ4GDo4gHO3YgXOi+/CTEuUrKNPhrXnrd0B QcwUUHNbdBK8PQnD9LSkTbeD2EZSKb5NXxIrDt8WmB09RPcGPFDeZOe794U0bhdpa/a3 cNZ/U5gipkusdR9OMf5T1kh/ANfHyOc7FblMXERzF5brXri4qgy+S+4q++Yk5tvS26Et YiQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7lhP/rI+Wg3uzAqtB6xDgIKKH4mOIhDim+TlVjTB0W4=; b=ca5uW+KxOxtPy506vTtMtyPOY8mlAXmbfkjSr73X1Y3OG/pZWA6G+QCeHrAqWcCMSD z/JeIu4XOTG45KB93sJvupcMPogZn01X42SEOA2mllhJvtbXjrq4mTcFJJGDsRkBpbj/ qMQ/G8Fm1heAHz0NDj6OJRUuiOVU8IHKgHxVpZXGauKjIqfe2bqASnctO8axklTPeczc NcVFDO6ata3wvL+gM+NXnAMpnkp78LhF6jVdklmq2FksU/3oROQDDiAFBLm+oys0qZb9 oPmLSax1zHTeI7qS7Nv+X1GxpSc9iMsPhMWBd4Yb4uoEzfq2jIde5difO2nOsKrmQ2Lx nEFg== X-Gm-Message-State: AOPr4FVYXD+8+jg4gFO9fVQxJVo5QSp4Ov8pGJbfkoE2wCWF/WYawra1I68sbFv5i35jgoPyxKr0qdSgnC8oKg== X-Received: by 10.25.156.129 with SMTP id f123mr8257265lfe.61.1462534761060; Fri, 06 May 2016 04:39:21 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.15.213 with HTTP; Fri, 6 May 2016 04:38:41 -0700 (PDT) From: Miguel C Date: Fri, 6 May 2016 12:38:41 +0100 Message-ID: Subject: GELI Passphrase for disk0p4 on BTX loader - Bad GELI key: -1 with correct passphrase To: freebsd-current Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2016 11:39:23 -0000 Hi, In recent current build BTX loader now prompts for a geli passphrase, but typing the correct passphrase always fails. After the 2 trys I get to the next part where loader.conf is loaded and I am prompted again for a GELI Passphrase (I have geom_eli_passphrase_prompt set to "YES") this is the one that's saved to be used later and it does work. The main diference seems to be the first one is trying to decrypt disk0p4, while the other is doing it for "ada0p4" which should mean the same thing for geli (I think) but they are not. I've misstyped the passphrase on purpose in the second prompt and let it do the normal boot until it tries to attach the devices and ask for a passphrase for ada0p4, should like the "old days" and if I fail here 3 times it then swtichs to "disk0p4" or "DISKIDblahblah" and all of this fail with a correct passphrase. I've uses FreeBSD installer with ZFS + GELI to do this and it seems geli only knows how to decrypt "ada0..." but nothing else, probably due to how its was created, or maybe its by design... Anyway for me it works great if I get asked the passphrase when loader.conf quicks in, and use it later. But I am curious about the BTX loader prompt... even if it did work for disk0p4 how will it load the keyfile? I can type the passphrase but it wouldn't know about the keyfile or be able to access it. Thanks