Date: Wed, 16 Apr 2025 01:41:07 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 283043] gptboot fails to read the encrypted rootfs if geli authentication (geli -a) is used Message-ID: <bug-283043-227-tXCFk6Jw3I@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-283043-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283043 --- Comment #5 from John Baldwin <jhb@FreeBSD.org> --- My patch was incorrect. The key is actually ok I think, the bigger problem is that the data layout on disk is very different when auth is enabled. A logical 4k sector is striped across multiple underlying sectors each of which contains a MAC along with a payload (typically for 512 byte sectors you get 480 bytes of data). This needs a much larger change to the data path in geliboot to handle. In the kernel this is the difference between g_eli_integrity.c vs g_eli_privacy.c. This is a non-trivial amount of work unfortunately. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-283043-227-tXCFk6Jw3I>