From owner-freebsd-geom@FreeBSD.ORG Mon Nov 14 14:46:41 2005 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD82816A41F; Mon, 14 Nov 2005 14:46:41 +0000 (GMT) (envelope-from alexl@alkar.net) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id C529D43D4C; Mon, 14 Nov 2005 14:46:39 +0000 (GMT) (envelope-from alexl@alkar.net) X-Spam-Level: 2 [X] Received: from [127.0.0.1] (HELO cmail.optima.ua) by cmail.optima.ua (CommuniGate Pro SMTP 4.3.6) with ESMTPS id 10772948; Mon, 14 Nov 2005 16:46:38 +0200 Received: (from alexl@localhost) by cmail.optima.ua (8.13.3/8.13.1/Submit) id jAEEkbaG002798; Mon, 14 Nov 2005 16:46:37 +0200 (EET) (envelope-from alexl@alkar.net) X-Authentication-Warning: cmail.optima.ua: alexl set sender to alexl@alkar.net using -f Date: Mon, 14 Nov 2005 16:46:37 +0200 From: Alexey Luckyanchikov To: Pawel Jakub Dawidek Message-ID: <20051114144637.GS13743@alkar.net> References: <20051113105915.GC13743@alkar.net> <20051113125657.GE34696@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20051113125657.GE34696@garage.freebsd.pl> Organization: ISP Alkar Teleport Cc: freebsd-geom@FreeBSD.org Subject: Re: GELI doesn't ask passphrase on boot X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Nov 2005 14:46:41 -0000 On Sun, 13 Nov 2005, Pawel Jakub Dawidek wrote: PJD> +> After boot "dmesg -a | fgrep -i eli" show: PJD> +> GEOM_ELI[1]: Start tasting. PJD> +> g_modevent(ELI, LOAD) PJD> +> g_load_class(ELI) PJD> +> g_eli_taste(ELI, ad0) PJD> +> GEOM_ELI[3]: Tasting ad0. PJD> +> g_destroy_geom(0xc1257300(eli:taste)) PJD> +> g_eli_taste(ELI, ad0s1) PJD> +> GEOM_ELI[3]: Tasting ad0s1. PJD> +> g_destroy_geom(0xc1256e80(eli:taste)) PJD> +> GEOM_ELI[1]: Tasting no more. PJD> +> g_eli_taste(ELI, ad0s1a) PJD> +> g_eli_taste(ELI, ad0s1b) PJD> +> g_eli_taste(ELI, ad0s1c) PJD> +> g_eli_taste(ELI, ad1) PJD> +> g_eli_taste(ELI, ad1s1) PJD> +> g_eli_taste(ELI, ad1s1a) PJD> +> g_eli_taste(ELI, ad1s1c) PJD> +> g_eli_taste(ELI, ad0s1a) PJD> +>=20 PJD> +> It seems that problem is in g_eli.c, line 1092: PJD> +> SYSINIT(geli_boot_end, SI_SUB_RUN_SCHEDULER, SI_ORDER_ANY, g_eli_on= _boot_end, NULL) PJD> +> geli_boot_end() called before GELI finish tasting. PJD>=20 PJD> Use this feature only for encrypting root file system. PJD> In case of other file systems, check out /etc/defaults/rc.conf for PJD> examples of geli configuration on boot. It was just an experiment, actually I want to encrypt root partition. Let us assume that ad0 contain only unencrypted /boot and /etc/fstab with: /dev/ad1s1a.eli / ufs rw 1 1 AIUI GELI doesn't ask passphrase on boot for /dev/ad1s1a.eli. Could you explain "right way" to create encrypted root partition? --=20 Sincerely, Alexey Luckyanchikov