Date: Fri, 17 Aug 2018 15:52:17 +0200 From: mr44er <mr44er@gmail.com> To: freebsd-stable@freebsd.org Subject: kern.geom.eli.boot_passcache doesn't work anymore in 11.2-RELEASE for additional disks Message-ID: <58d172c3-1e6d-d8e3-c1b0-9582ead0c8d2@gmail.com>
next in thread | raw e-mail | index | archive | help
I have a geli-encrypted zroot which was created with Auto (ZFS) Guided Root-on-ZFS during fresh installation of 11.1-RELEASE. No bootpool anymore, Partition scheme GPT (BIOS) The additional disks were prepared with 'geli init -b' to set only the BOOT-flag and the same password as the disks for zroot. Worked as expected: bootloader asked only one time for password and during boot every encrypted disk was attached. Since upgrading to 11.2-RELEASE geli asks during boot a second time for the password when it tries to attach the additional disks. This is like the old style, when this line gets lost between other boot-messages. The system won't boot further at this point. Typing the password 'blind' and geli will attach every additional disk. So far no any other errors. Being irritated, I did a complete reinstall with a 11.2 image from usb-stick, but geli asks still twice for the password. Some input: sysctl -a | grep kern.geom.eli kern.geom.eli.key_cache_misses: 0 kern.geom.eli.key_cache_hits: 0 kern.geom.eli.key_cache_limit: 8192 kern.geom.eli.boot_passcache: 1 kern.geom.eli.batch: 0 kern.geom.eli.threads: 0 kern.geom.eli.overwrites: 5 kern.geom.eli.visible_passphrase: 0 kern.geom.eli.tries: 3 kern.geom.eli.debug: 0 kern.geom.eli.version: 7 zpool status zroot pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 ada0p3.eli ONLINE 0 0 0 ada1p3.eli ONLINE 0 0 0 ada2p3.eli ONLINE 0 0 0 errors: No known data errors geli list ada0p3.eli Geom name: ada0p3.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: BOOT, GELIBOOT KeysAllocated: 67 KeysTotal: 67 Providers: 1. Name: ada0p3.eli Mediasize: 285711790080 (266G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: ada0p3 Mediasize: 285711794176 (266G) Sectorsize: 512 Stripesize: 4096 Stripeoffset: 0 Mode: r1w1e1 geli list da0.eli Geom name: da0.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: BOOT KeysAllocated: 466 KeysTotal: 466 Providers: 1. Name: da0.eli Mediasize: 2000398929920 (1.8T) Sectorsize: 4096 Mode: r1w1e2 Consumers: 1. Name: da0 Mediasize: 2000398934016 (1.8T) Sectorsize: 512 Stripesize: 4096 Stripeoffset: 0 Mode: r1w1e1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58d172c3-1e6d-d8e3-c1b0-9582ead0c8d2>