Date: Tue, 22 Nov 2005 12:11:52 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Alexey Luckyanchikov <alexl@alkar.net> Cc: freebsd-geom@FreeBSD.org Subject: Re: GELI doesn't ask passphrase on boot Message-ID: <20051122111152.GB7826@garage.freebsd.pl> In-Reply-To: <20051114144637.GS13743@alkar.net> References: <20051113105915.GC13743@alkar.net> <20051113125657.GE34696@garage.freebsd.pl> <20051114144637.GS13743@alkar.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, Nov 14, 2005 at 04:46:37PM +0200, Alexey Luckyanchikov wrote: +> On Sun, 13 Nov 2005, Pawel Jakub Dawidek wrote: +> +> PJD> +> After boot "dmesg -a | fgrep -i eli" show: +> PJD> +> GEOM_ELI[1]: Start tasting. +> PJD> +> g_modevent(ELI, LOAD) +> PJD> +> g_load_class(ELI) +> PJD> +> g_eli_taste(ELI, ad0) +> PJD> +> GEOM_ELI[3]: Tasting ad0. +> PJD> +> g_destroy_geom(0xc1257300(eli:taste)) +> PJD> +> g_eli_taste(ELI, ad0s1) +> PJD> +> GEOM_ELI[3]: Tasting ad0s1. +> PJD> +> g_destroy_geom(0xc1256e80(eli:taste)) +> PJD> +> GEOM_ELI[1]: Tasting no more. +> PJD> +> g_eli_taste(ELI, ad0s1a) +> PJD> +> g_eli_taste(ELI, ad0s1b) +> PJD> +> g_eli_taste(ELI, ad0s1c) +> PJD> +> g_eli_taste(ELI, ad1) +> PJD> +> g_eli_taste(ELI, ad1s1) +> PJD> +> g_eli_taste(ELI, ad1s1a) +> PJD> +> g_eli_taste(ELI, ad1s1c) +> PJD> +> g_eli_taste(ELI, ad0s1a) +> PJD> +> +> PJD> +> It seems that problem is in g_eli.c, line 1092: +> PJD> +> SYSINIT(geli_boot_end, SI_SUB_RUN_SCHEDULER, SI_ORDER_ANY, g_eli_on_boot_end, NULL) +> PJD> +> geli_boot_end() called before GELI finish tasting. +> PJD> +> PJD> Use this feature only for encrypting root file system. +> PJD> In case of other file systems, check out /etc/defaults/rc.conf for +> PJD> examples of geli configuration on boot. +> +> It was just an experiment, actually I want to encrypt root partition. +> Let us assume that ad0 contain only unencrypted /boot and /etc/fstab +> with: +> /dev/ad1s1a.eli / ufs rw 1 1 +> AIUI GELI doesn't ask passphrase on boot for /dev/ad1s1a.eli. +> +> Could you explain "right way" to create encrypted root partition? You are right, something is wrong here. Hard to say how it can be fixed easly... There is root_mount() KPI for delying root file system mount, but you have to know that there is a reason to delay it. Maybe root_mount() KPI should be used in GEOM itself, to delay root mount if there are provider for taste... -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDgvz4ForvXbEpPzQRAmnoAKCm5YqdAkj8t95nBTRUQd1UsmncaQCfVHDz VpyzmAqh49B21e7MxJ4yTvk= =vvEw -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051122111152.GB7826>