From owner-freebsd-arm@FreeBSD.ORG Thu Feb 12 10:31:20 2015 Return-Path: Delivered-To: freebsd-arm@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5620D1BC; Thu, 12 Feb 2015 10:31:20 +0000 (UTC) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D2DFAC88; Thu, 12 Feb 2015 10:31:19 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id r20so3121705wiv.2; Thu, 12 Feb 2015 02:31:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=hOOa64c7YQsHXSgKaEhizS/7/cQe/DY4oE7a4mq9fQM=; b=app8vinGY8p5CQtv0cHKJKXvV2XVHQ5MDuZpcqb+VAg0gRL+atoREY8TwnFIiPwPMx NfNFpLcjGkSqFh11zmFaNIAfOsoZOvyu6soYWmMX2Hrccd6VtLH8aHYojx4arbZx/2RW bfnYFdAcy1N6iEBA4l1/btqGSjqqg4V6Y3GpXCPLE6Wk5jvSbY9ZbCnbU6zRHXMFkjR5 2+QkMGzGAXpVo/ElNjlWI5MI4RVZwZLSmNldhGw++sBCTLJ1JVBCFx0P327otO9WP1Ok XhMCs+S8ZvibD8OVBI2I5TUrJ2xUSMgN0o0WoOC9hcMMB7Ea8PtP59MzhbL/zyCnkbEr EExg== X-Received: by 10.194.184.212 with SMTP id ew20mr6536215wjc.88.1423737078358; Thu, 12 Feb 2015 02:31:18 -0800 (PST) Received: from ?IPv6:2001:1458:202:46::101:a51f? ([2001:1458:202:46::101:a51f]) by mx.google.com with ESMTPSA id fa3sm1918187wib.17.2015.02.12.02.31.17 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Feb 2015 02:31:17 -0800 (PST) Message-ID: <54DC80FC.6010606@gmail.com> Date: Thu, 12 Feb 2015 11:31:24 +0100 From: Aurelien Martin <01aurelien@gmail.com> User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Brenden Bartelt , George Rosamond Subject: Re: "geli: Wrong key" unable to attach in RPi/ARM environment References: <54DB7B07.4080704@ceetonetechnology.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-arm@freebsd.org, Pawel Jakub Dawidek X-BeenThere: freebsd-arm@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Porting FreeBSD to ARM processors." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2015 10:31:20 -0000 Hi all, I have experienced the same behavior of geli with 11-CURRENT ARM r271779. I did the same steps as Brenden Cheers,Aurelien On 11/02/15 17:08, Brenden Bartelt wrote: > I have tried it both with and without a -K/-k keyfile specified and with > and without a passphrase (-P/-p). Any combination results in the same > "geli: Wrong key for mmcsd0s3." > For the sake of thoroughness I have even tried it with no PKCS#5v2 > iterations and with a NULL ealgo. > Each attempt writes a master key to the device metadata, but subsequent > attempts to attach the device fail with a wrong key. > > On Wed, Feb 11, 2015 at 10:53 AM, George Rosamond < > george@ceetonetechnology.com> wrote: > >> Brenden Bartelt: >>> Hi all, >>> >>> This a follow up to a previous thread in freebsd-geom where it was >>> determined that geli is functional in 11.0-CURRENT and it could be an ARM >>> problem. >>> >>> I have been unable to geli attach in RPi, even with a very simple >>> passphrase ("test"). Has anyone had success with this? I have tried on an >>> external usb, da0 as well as a partition on the SD card itself, mmcsd0s3. >>> The geli init appears to work, and a geli dump reveals that a master key >>> was indeed written to the device. What is even more puzzling is that a >> geli >>> onetime will work for the device, so it would appear that geli is >>> functional, but something has gone wrong with the master key >>> generating/writing/reading operation. >>> >>> Can anyone shed some light on something I am missing? Is geli not fully >>> supported on ARM? >>> >>> Thanks, >>> Brenden >> I haven't tried this, but two things: >> >> 1. did you try setting the key with -k when you attach? >> >> 2. I don't know if he's on this list, but I'm adding pdj@ to the cc. >> >> g >> >>> Log: >>> >>> # uname -a >>> FreeBSD raspberry-pi 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r278031: Mon >> Feb >>> 2 02:54:08 UTC 2015 >>> root@releng2.nyi.freebsd.org:/usr/obj/arm.armv6/usr/src/sys/RPI-B >>> arm >>> >>> # kldstat >>> Id Refs Address Size Name >>> 8 1 0xc5657000 17000 geom_eli.ko >>> 9 1 0xc572e000 2c000 crypto.ko >>> >>> # geli init mmcsd0s3 >>> Enter new passphrase: >>> Reenter new passphrase: >>> >>> Metadata backup can be found in /var/backups/mmcsd0s3.eli and >>> can be restored with the following command: >>> >>> # geli restore /var/backups/mmcsd0s3.eli mmcsd0s3 >>> >>> # geli attach mmcsd0s3 >>> Enter passphrase: >>> geli: Wrong key for mmcsd0s3. >>> >>> # geli dump mmcsd0s3 >>> Metadata on mmcsd0s3: >>> magic: GEOM::ELI >>> version: 7 >>> flags: 0x0 >>> ealgo: AES-XTS >>> keylen: 128 >>> provsize: 24796725248 >>> sectorsize: 512 >>> keys: 0x01 >>> iterations: 21660 >>> Salt: >>> >> d2678fa977889263b18cbbb2e5a3151ac8185d9d0bc5dafa548abc4510ca49ce134ef9410cc63a9b0881514d9e9fedb6a3d392ba4096775030d0646fbfb4cce5 >>> Master Key: >>> >> 4c26413b864d809b7e537e13ad442d22eada3a12ef61cd538f3a2bc9fd3a1dbbe80e19d6a009c51784461380ff150602c31c4910ad63aa52d105fc93b2005f18cd0b187e0e56b44eabc9784a6255e696a9c398653e4ec669cae64961bd7b43d9af01fa0897f84fef1608c632bbb881d418bdf81e637afff4191ceda6ec829f33c93a0cb5ead63ee63e4c4ccc3ee0b076e6f86b05d514c8b006bf8a11e3f78ac658e56bd824d6958747f09f3c8e80861d2f19eed3f334bbcc83aa28a227239c4bd9c4390a9e1acb5aefed4ef4602432359271217bfb9676eb753930f5c9c45899b0f44bdd230517d3238fc9ab9763b2def43658f44fc76094ccb4af54c7c492a790eca0b407adf66fccf2f3b049c874b66d4bbccd4e82fe8a2e79985ae5e1d64affed7ac66808a2bbd9d661b460c2b9acc1bac5a537bc7d862c711c9ca4892fcf3e607b6ee255555b742352483b7ffda80545bd3774f90ff0e74db58ef87c6c050501c0643c3921345df6e6d7a296c7c535ec81468a8a739824673303664a8874 >>> MD5 hash: f97f3ca1cf95c25144c84a12b10d81ef >>> >>> # geli onetime mmcsd0s3 >>> # geli list >>> Geom name: mmcsd0s3.eli >>> State: ACTIVE >>> EncryptionAlgorithm: AES-XTS >>> KeyLength: 128 >>> Crypto: software >>> Version: 7 >>> Flags: ONETIME >>> KeysAllocated: 47 >>> KeysTotal: 47 >>> Providers: >>> 1. Name: mmcsd0s3.eli >>> Mediasize: 24796725248 (23G) >>> Sectorsize: 512 >>> Mode: r0w0e0 >>> Consumers: >>> 1. Name: mmcsd0s3 >>> Mediasize: 24796725248 (23G) >>> Sectorsize: 512 >>> Stripesize: 4194304 >>> Stripeoffset: 0 >>> Mode: r1w1e1 >>> _______________________________________________ >>> freebsd-arm@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-arm >>> To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org" >>> >> > _______________________________________________ > freebsd-arm@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arm > To unsubscribe, send any mail to "freebsd-arm-unsubscribe@freebsd.org"