Date: Sun, 01 Jul 2012 15:27:48 +0200 From: joerg_surmann <joerg_surmann@snafu.de> To: freebsd-stable@freebsd.org Subject: Re: geli decrypt only one partition Message-ID: <4FF05054.90902@snafu.de> In-Reply-To: <20120621122133.2fed5862@fabiankeil.de> References: <20120620202807.66fdf248@fabiankeil.de> <70eb69bde16fba598b2701be9654624885f0936c@mein.snafu.de> <20120621122133.2fed5862@fabiankeil.de>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Fabian and all, Sorry, i no had enough time for this geli problem. I work with a testsystem. When start booting in verbose mode the system found the keypaths. Preloaded ada0p4:geli_keyfile0 "/root/keys/ada0p4.key" at 0xc14bf540. Preloaded ada1p4:geli_keyfile1 "/root/keys/ada1p4.key" at 0xc14bf598. loader.conf geom_eli_load="YES" geli_ada0p4_keyfile0_load="YES" geli_ada0p4_keyfile0_type="ada0p4:geli_keyfile0" geli_ada0p4_keyfile0_name="/root/keys/ada0p4.key" geli_ada1p4_keyfile1_load="YES" geli_ada1p4_keyfile1_type="ada1p4:geli_keyfile1" geli_ada1p4_keyfile1_name="/root/keys/ada1p4.key" zfs_load="YES" vfs.root.mountfrom="zfs:zroot" on boottime i can decrypt ada0p4. for ada1p4 ... wrong key. i can decrypt ada1p4 later by hand with the keyfile like loader.conf. same situation. ada0p4 and ada1p4 are a zfs mirror. On the attachement the dmesg file direct after login. Thanks for help. Suri Am 21.06.12 12:21, schrieb Fabian Keil: > joerg_surmann@snafu.de wrote: > >> the keyfile in loader.conf is correct. > > Did you verify that you get the boot message I quoted in the > previous mail for both keyfiles? This would surprise me. > >> when i decrypt ada1p3 via geli attach -k /priv/keys/ada1p3 >> /dev/ada1p3 ........ ada1p3.eli created >> >> in loader.conf is the same path specified. >> >> geli_ada1p3_keyfile1_load="YES" >> geli_ada1p3_keyfile1_type="ada1p3:geli_keyfile1" >> geli_ada1p3_keyfile1_name="/priv/keys/ada1p3.key" >> >> only ada0p3 (keyfile0 in loader.conf) will decrypt on boottime. >> for ada1p3 comes wrong key. >> >> any suggestions. > > I suspect the problem is that you named the first keyfile for > ada1p3 keyfile1 instead of keyfile0. The keyfile numeration > restarts for each provider and the kernel will not load keyfile1 if > keyfile0 doesn't exist. > > Fabian > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP8FBNAAoJEDyDkpKh+9pTZAkQALKW325XIRae9P+5Rgx6ib+T tqxQBm+ndwaMMroiF33D8dao6o9YSWB4z1bMNVRLgluG0jEHvjc2JufhHgIot8Rf lZLQSC2b3qo+AvFtvkyn7pvEPqPNLhGvZZx9buihvAuZTGRVVCya6txFJ0u0VRq0 FDHYqFlL9bxnbhn/2jem8EdFHwlEmyvYzdyF4dGzrqCOeBlXBDvSQqtrlK3FuNYe VOnIFZ+MdU1TdjyglalWSoFPCCZcFsc7uEUwwvOBXM48oqsAiZVKu+lMHr3cF2Fp 3gHK6GD1jzu5tQ7Zt+FUn93YM6T8Vm0+7um25uvVmdU+GHY6g1gh1YNLRv/yU9uk c6JHi0Nxr2339aZAwAxYp5YINFksl2yxr1RZXPQb5g5xEl/V7hM72oBoWGx9oE7Z GVLEJYRk1Bvy5wIxrUMdqM5U7KhcA/OmP7psJkP0ov6+JQOzXHSjZDn4Ng6cUnQb 6vHyYvNvPlHw5ng3NjiGv/ZGUDozR+E9qiIYaLBztsMZCIdo3nd1iN1NtLvh+jQU xGERHXKaQglOW4VJQVJLhQpD3omuHRBBzfh9tBBMAmxSSdAMcUp+hARkWnFQu8sE tKihHeKpOXPIyyUFT+q1HthVfE5RCMK6JZlNpvyCaXkPqaHtdqq5GVXr8J9ciZri cBpWjKQa5CCzB+MA8QU+ =aOdj -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF05054.90902>