Date: Thu, 12 Feb 2015 11:31:24 +0100 From: Aurelien Martin <01aurelien@gmail.com> To: Brenden Bartelt <brenden.bartelt@gmail.com>, George Rosamond <george@ceetonetechnology.com> Cc: freebsd-arm@freebsd.org, Pawel Jakub Dawidek <pjd@freebsd.org> Subject: Re: "geli: Wrong key" unable to attach in RPi/ARM environment Message-ID: <54DC80FC.6010606@gmail.com> In-Reply-To: <CANUxo4ooMHMeEBPBFH89nsHvrkt-nNmSt2xf-1TTSN6M4htxVg@mail.gmail.com> References: <CANUxo4omL1m0EkSnmad8qyZqRWbuZ5zJ29nzCA0%2BgSyCAyU9dw@mail.gmail.com> <54DB7B07.4080704@ceetonetechnology.com> <CANUxo4ooMHMeEBPBFH89nsHvrkt-nNmSt2xf-1TTSN6M4htxVg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all,
I have experienced the same behavior of geli with 11-CURRENT ARM r271779.
I did the same steps as Brenden
Cheers,Aurelien
On 11/02/15 17:08, Brenden Bartelt wrote:
> I have tried it both with and without a -K/-k keyfile specified and with
> and without a passphrase (-P/-p). Any combination results in the same
> "geli: Wrong key for mmcsd0s3."
> For the sake of thoroughness I have even tried it with no PKCS#5v2
> iterations and with a NULL ealgo.
> Each attempt writes a master key to the device metadata, but subsequent
> attempts to attach the device fail with a wrong key.
>
> On Wed, Feb 11, 2015 at 10:53 AM, George Rosamond <
> george@ceetonetechnology.com> wrote:
>
>> Brenden Bartelt:
>>> Hi all,
>>>
>>> This a follow up to a previous thread in freebsd-geom where it was
>>> determined that geli is functional in 11.0-CURRENT and it could be an ARM
>>> problem.
>>>
>>> I have been unable to geli attach in RPi, even with a very simple
>>> passphrase ("test"). Has anyone had success with this? I have tried on an
>>> external usb, da0 as well as a partition on the SD card itself, mmcsd0s3.
>>> The geli init appears to work, and a geli dump reveals that a master key
>>> was indeed written to the device. What is even more puzzling is that a
>> geli
>>> onetime will work for the device, so it would appear that geli is
>>> functional, but something has gone wrong with the master key
>>> generating/writing/reading operation.
>>>
>>> Can anyone shed some light on something I am missing? Is geli not fully
>>> supported on ARM?
>>>
>>> Thanks,
>>> Brenden
>> I haven't tried this, but two things:
>>
>> 1. did you try setting the key with -k when you attach?
>>
>> 2. I don't know if he's on this list, but I'm adding pdj@ to the cc.
>>
>> g
>>
>>> Log:
>>>
>>> # uname -a
>>> FreeBSD raspberry-pi 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r278031: Mon
>> Feb
>>> 2 02:54:08 UTC 2015
>>> root@releng2.nyi.freebsd.org:/usr/obj/arm.armv6/usr/src/sys/RPI-B
>>> arm
>>>
>>> # kldstat
>>> Id Refs Address Size Name
>>> 8 1 0xc5657000 17000 geom_eli.ko
>>> 9 1 0xc572e000 2c000 crypto.ko
>>>
>>> # geli init mmcsd0s3
>>> Enter new passphrase:
>>> Reenter new passphrase:
>>>
>>> Metadata backup can be found in /var/backups/mmcsd0s3.eli and
>>> can be restored with the following command:
>>>
>>> # geli restore /var/backups/mmcsd0s3.eli mmcsd0s3
>>>
>>> # geli attach mmcsd0s3
>>> Enter passphrase:
>>> geli: Wrong key for mmcsd0s3.
>>>
>>> # geli dump mmcsd0s3
>>> Metadata on mmcsd0s3:
>>> magic: GEOM::ELI
>>> version: 7
>>> flags: 0x0
>>> ealgo: AES-XTS
>>> keylen: 128
>>> provsize: 24796725248
>>> sectorsize: 512
>>> keys: 0x01
>>> iterations: 21660
>>> Salt:
>>>
>> d2678fa977889263b18cbbb2e5a3151ac8185d9d0bc5dafa548abc4510ca49ce134ef9410cc63a9b0881514d9e9fedb6a3d392ba4096775030d0646fbfb4cce5
>>> Master Key:
>>>
>> 4c26413b864d809b7e537e13ad442d22eada3a12ef61cd538f3a2bc9fd3a1dbbe80e19d6a009c51784461380ff150602c31c4910ad63aa52d105fc93b2005f18cd0b187e0e56b44eabc9784a6255e696a9c398653e4ec669cae64961bd7b43d9af01fa0897f84fef1608c632bbb881d418bdf81e637afff4191ceda6ec829f33c93a0cb5ead63ee63e4c4ccc3ee0b076e6f86b05d514c8b006bf8a11e3f78ac658e56bd824d6958747f09f3c8e80861d2f19eed3f334bbcc83aa28a227239c4bd9c4390a9e1acb5aefed4ef4602432359271217bfb9676eb753930f5c9c45899b0f44bdd230517d3238fc9ab9763b2def43658f44fc76094ccb4af54c7c492a790eca0b407adf66fccf2f3b049c874b66d4bbccd4e82fe8a2e79985ae5e1d64affed7ac66808a2bbd9d661b460c2b9acc1bac5a537bc7d862c711c9ca4892fcf3e607b6ee255555b742352483b7ffda80545bd3774f90ff0e74db58ef87c6c050501c0643c3921345df6e6d7a296c7c535ec81468a8a739824673303664a8874
>>> MD5 hash: f97f3ca1cf95c25144c84a12b10d81ef
>>>
>>> # geli onetime mmcsd0s3
>>> # geli list
>>> Geom name: mmcsd0s3.eli
>>> State: ACTIVE
>>> EncryptionAlgorithm: AES-XTS
>>> KeyLength: 128
>>> Crypto: software
>>> Version: 7
>>> Flags: ONETIME
>>> KeysAllocated: 47
>>> KeysTotal: 47
>>> Providers:
>>> 1. Name: mmcsd0s3.eli
>>> Mediasize: 24796725248 (23G)
>>> Sectorsize: 512
>>> Mode: r0w0e0
>>> Consumers:
>>> 1. Name: mmcsd0s3
>>> Mediasize: 24796725248 (23G)
>>> Sectorsize: 512
>>> Stripesize: 4194304
>>> Stripeoffset: 0
>>> Mode: r1w1e1
>>> _______________________________________________
>>> freebsd-arm@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-arm
>>> To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org"
>>>
>>
> _______________________________________________
> freebsd-arm@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arm
> To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54DC80FC.6010606>