Date: Mon, 14 Nov 2005 16:46:37 +0200 From: Alexey Luckyanchikov <alexl@alkar.net> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-geom@FreeBSD.org Subject: Re: GELI doesn't ask passphrase on boot Message-ID: <20051114144637.GS13743@alkar.net> In-Reply-To: <20051113125657.GE34696@garage.freebsd.pl> References: <20051113105915.GC13743@alkar.net> <20051113125657.GE34696@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Nov 2005, Pawel Jakub Dawidek wrote: PJD> +> After boot "dmesg -a | fgrep -i eli" show: PJD> +> GEOM_ELI[1]: Start tasting. PJD> +> g_modevent(ELI, LOAD) PJD> +> g_load_class(ELI) PJD> +> g_eli_taste(ELI, ad0) PJD> +> GEOM_ELI[3]: Tasting ad0. PJD> +> g_destroy_geom(0xc1257300(eli:taste)) PJD> +> g_eli_taste(ELI, ad0s1) PJD> +> GEOM_ELI[3]: Tasting ad0s1. PJD> +> g_destroy_geom(0xc1256e80(eli:taste)) PJD> +> GEOM_ELI[1]: Tasting no more. PJD> +> g_eli_taste(ELI, ad0s1a) PJD> +> g_eli_taste(ELI, ad0s1b) PJD> +> g_eli_taste(ELI, ad0s1c) PJD> +> g_eli_taste(ELI, ad1) PJD> +> g_eli_taste(ELI, ad1s1) PJD> +> g_eli_taste(ELI, ad1s1a) PJD> +> g_eli_taste(ELI, ad1s1c) PJD> +> g_eli_taste(ELI, ad0s1a) PJD> +>=20 PJD> +> It seems that problem is in g_eli.c, line 1092: PJD> +> SYSINIT(geli_boot_end, SI_SUB_RUN_SCHEDULER, SI_ORDER_ANY, g_eli_on= _boot_end, NULL) PJD> +> geli_boot_end() called before GELI finish tasting. PJD>=20 PJD> Use this feature only for encrypting root file system. PJD> In case of other file systems, check out /etc/defaults/rc.conf for PJD> examples of geli configuration on boot. It was just an experiment, actually I want to encrypt root partition. Let us assume that ad0 contain only unencrypted /boot and /etc/fstab with: /dev/ad1s1a.eli / ufs rw 1 1 AIUI GELI doesn't ask passphrase on boot for /dev/ad1s1a.eli. Could you explain "right way" to create encrypted root partition? --=20 Sincerely, Alexey Luckyanchikov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051114144637.GS13743>