From owner-freebsd-stable@freebsd.org Fri Aug 17 13:52:20 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65818106F84A for ; Fri, 17 Aug 2018 13:52:20 +0000 (UTC) (envelope-from mr44er@gmail.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA0C67E882 for ; Fri, 17 Aug 2018 13:52:19 +0000 (UTC) (envelope-from mr44er@gmail.com) Received: by mail-wm0-x22f.google.com with SMTP id f21-v6so7677201wmc.5 for ; Fri, 17 Aug 2018 06:52:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=X3c8cK1jkUsn4PrZ+Wb+rsTYkHGvn7ZyblGyk3grM+k=; b=G9lHf3eNwclniAQ6feevO1rP3cEQ2R3Temn/ZaVMcpsnwk/mwkfD44I5+cH/frpzTi bTwE+JKjFsXfMX1kedFJBRlvjJ+mNSKlG1usshisHb0tTkHQxL9TrSinBUhMpDugxdOS z7OhHYAxmki+ucqXCLhcMwsIBR6BuOOJtVZkr1XlxxOkfeDs/NGFmq11SOD97TmbOl4R uW0HHqBL0ph/LYxb1+1Ot0rpmEN9ZG33UXcCdYC35Jx4NO+ZfgjXX96+H5JZRiGTwnwC PbEioJJIrEM4Ah+SbLhiTWsK+yvtOR8vYsBg+B5n2BhxGe153TzTPRMrd2XOZFokoVUf NOXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=X3c8cK1jkUsn4PrZ+Wb+rsTYkHGvn7ZyblGyk3grM+k=; b=iFqV2rUde4FSCSBZOu4zxwS9T5cIOEF3oHrWCddN0l+HIieM+XjCr5+C3KVZiG45LA 17ljOgr+MJXRrSPnPul0x+zd0spiM0Qby/7jrHuCR9jO3GNOeZ9VsgAcaPGk4Y9917Pl HtRy2xRq61NoGo8iBqMPY6QrFud6d8WgjZvpzKnEl2zgBWf3j+2LpUIhrUkpjgIGYY3C SMZQ4Ndn1nlUInP20zvmhO2BDzcWcOcXCj6U9/t3PehNlFB03tJQZlSsz77lKxtxUaVO y2zBhRmGgKMV9Qum5U0Cdq3AK7P/4gm1eRaw0NM78vNJLoMAHYwVKBNG5f6IF9MyYmzt ZPyg== X-Gm-Message-State: AOUpUlHhv9Mw12IE4R2UzeuGTlyeUS/pDoQA4GwkZHO9eXcO74XbhR7i fEr+rgfWLrnYuDTVdCjWNIvABF6V X-Google-Smtp-Source: AA+uWPw/vMAXCy90ejfib2gUjKVvLDVGkhEKK0fA9d+UUnwfm9kQ281JDf66SWPKqzL8qTjBSnJFeg== X-Received: by 2002:a1c:dac6:: with SMTP id r189-v6mr18910769wmg.150.1534513938627; Fri, 17 Aug 2018 06:52:18 -0700 (PDT) Received: from [10.0.8.50] ([94.16.80.107]) by smtp.gmail.com with ESMTPSA id o14-v6sm9435679wmd.35.2018.08.17.06.52.17 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Aug 2018 06:52:17 -0700 (PDT) To: freebsd-stable@freebsd.org From: mr44er Subject: kern.geom.eli.boot_passcache doesn't work anymore in 11.2-RELEASE for additional disks Message-ID: <58d172c3-1e6d-d8e3-c1b0-9582ead0c8d2@gmail.com> Date: Fri, 17 Aug 2018 15:52:17 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Aug 2018 13:52:20 -0000 I have a geli-encrypted zroot which was created with Auto (ZFS) Guided Root-on-ZFS during fresh installation of 11.1-RELEASE. No bootpool anymore, Partition scheme GPT (BIOS) The additional disks were prepared with 'geli init -b' to set only the BOOT-flag and the same password as the disks for zroot. Worked as expected: bootloader asked only one time for password and during boot every encrypted disk was attached. Since upgrading to 11.2-RELEASE geli asks during boot a second time for the password when it tries to attach the additional disks. This is like the old style, when this line gets lost between other boot-messages. The system won't boot further at this point. Typing the password 'blind' and geli will attach every additional disk. So far no any other errors. Being irritated, I did a complete reinstall with a 11.2 image from usb-stick, but geli asks still twice for the password. Some input: sysctl -a | grep kern.geom.eli kern.geom.eli.key_cache_misses: 0 kern.geom.eli.key_cache_hits: 0 kern.geom.eli.key_cache_limit: 8192 kern.geom.eli.boot_passcache: 1 kern.geom.eli.batch: 0 kern.geom.eli.threads: 0 kern.geom.eli.overwrites: 5 kern.geom.eli.visible_passphrase: 0 kern.geom.eli.tries: 3 kern.geom.eli.debug: 0 kern.geom.eli.version: 7 zpool status zroot   pool: zroot  state: ONLINE   scan: none requested config:     NAME            STATE     READ WRITE CKSUM     zroot           ONLINE       0     0     0       mirror-0      ONLINE       0     0     0         ada0p3.eli  ONLINE       0     0     0         ada1p3.eli  ONLINE       0     0     0         ada2p3.eli  ONLINE       0     0     0 errors: No known data errors geli list ada0p3.eli Geom name: ada0p3.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: BOOT, GELIBOOT KeysAllocated: 67 KeysTotal: 67 Providers: 1. Name: ada0p3.eli    Mediasize: 285711790080 (266G)    Sectorsize: 4096    Mode: r1w1e1 Consumers: 1. Name: ada0p3    Mediasize: 285711794176 (266G)    Sectorsize: 512    Stripesize: 4096    Stripeoffset: 0    Mode: r1w1e1 geli list da0.eli Geom name: da0.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: BOOT KeysAllocated: 466 KeysTotal: 466 Providers: 1. Name: da0.eli    Mediasize: 2000398929920 (1.8T)    Sectorsize: 4096    Mode: r1w1e2 Consumers: 1. Name: da0    Mediasize: 2000398934016 (1.8T)    Sectorsize: 512    Stripesize: 4096    Stripeoffset: 0    Mode: r1w1e1