From owner-freebsd-stable@FreeBSD.ORG Sun Jul 1 13:27:51 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 82FFE106564A for ; Sun, 1 Jul 2012 13:27:51 +0000 (UTC) (envelope-from joerg_surmann@snafu.de) Received: from sour.ops.eusc.inter.net (sour.ops.eusc.inter.net [84.23.254.154]) by mx1.freebsd.org (Postfix) with ESMTP id 3CAAF8FC14 for ; Sun, 1 Jul 2012 13:27:51 +0000 (UTC) X-Trace: 507c73757269697c37382e35322e3234322e3133337c31536c4b42702d30303030 47462d46717c31333431313439323639 Received: from sour.ops.eusc.inter.net ([10.154.10.19] helo=localhost) by sour.ops.eusc.inter.net with esmtpsa (Exim 4.72) id 1SlKBp-0000GF-Fq for freebsd-stable@freebsd.org; Sun, 01 Jul 2012 15:27:49 +0200 Message-ID: <4FF05054.90902@snafu.de> Date: Sun, 01 Jul 2012 15:27:48 +0200 From: joerg_surmann User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <20120620202807.66fdf248@fabiankeil.de> <70eb69bde16fba598b2701be9654624885f0936c@mein.snafu.de> <20120621122133.2fed5862@fabiankeil.de> In-Reply-To: <20120621122133.2fed5862@fabiankeil.de> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 78.52.242.133 X-SA-Exim-Mail-From: joerg_surmann@snafu.de X-SA-Exim-Scanned: No (on sour.ops.eusc.inter.net); SAEximRunCond expanded to false Subject: Re: geli decrypt only one partition X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 13:27:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Fabian and all, Sorry, i no had enough time for this geli problem. I work with a testsystem. When start booting in verbose mode the system found the keypaths. Preloaded ada0p4:geli_keyfile0 "/root/keys/ada0p4.key" at 0xc14bf540. Preloaded ada1p4:geli_keyfile1 "/root/keys/ada1p4.key" at 0xc14bf598. loader.conf geom_eli_load="YES" geli_ada0p4_keyfile0_load="YES" geli_ada0p4_keyfile0_type="ada0p4:geli_keyfile0" geli_ada0p4_keyfile0_name="/root/keys/ada0p4.key" geli_ada1p4_keyfile1_load="YES" geli_ada1p4_keyfile1_type="ada1p4:geli_keyfile1" geli_ada1p4_keyfile1_name="/root/keys/ada1p4.key" zfs_load="YES" vfs.root.mountfrom="zfs:zroot" on boottime i can decrypt ada0p4. for ada1p4 ... wrong key. i can decrypt ada1p4 later by hand with the keyfile like loader.conf. same situation. ada0p4 and ada1p4 are a zfs mirror. On the attachement the dmesg file direct after login. Thanks for help. Suri Am 21.06.12 12:21, schrieb Fabian Keil: > joerg_surmann@snafu.de wrote: > >> the keyfile in loader.conf is correct. > > Did you verify that you get the boot message I quoted in the > previous mail for both keyfiles? This would surprise me. > >> when i decrypt ada1p3 via geli attach -k /priv/keys/ada1p3 >> /dev/ada1p3 ........ ada1p3.eli created >> >> in loader.conf is the same path specified. >> >> geli_ada1p3_keyfile1_load="YES" >> geli_ada1p3_keyfile1_type="ada1p3:geli_keyfile1" >> geli_ada1p3_keyfile1_name="/priv/keys/ada1p3.key" >> >> only ada0p3 (keyfile0 in loader.conf) will decrypt on boottime. >> for ada1p3 comes wrong key. >> >> any suggestions. > > I suspect the problem is that you named the first keyfile for > ada1p3 keyfile1 instead of keyfile0. The keyfile numeration > restarts for each provider and the kernel will not load keyfile1 if > keyfile0 doesn't exist. > > Fabian > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP8FBNAAoJEDyDkpKh+9pTZAkQALKW325XIRae9P+5Rgx6ib+T tqxQBm+ndwaMMroiF33D8dao6o9YSWB4z1bMNVRLgluG0jEHvjc2JufhHgIot8Rf lZLQSC2b3qo+AvFtvkyn7pvEPqPNLhGvZZx9buihvAuZTGRVVCya6txFJ0u0VRq0 FDHYqFlL9bxnbhn/2jem8EdFHwlEmyvYzdyF4dGzrqCOeBlXBDvSQqtrlK3FuNYe VOnIFZ+MdU1TdjyglalWSoFPCCZcFsc7uEUwwvOBXM48oqsAiZVKu+lMHr3cF2Fp 3gHK6GD1jzu5tQ7Zt+FUn93YM6T8Vm0+7um25uvVmdU+GHY6g1gh1YNLRv/yU9uk c6JHi0Nxr2339aZAwAxYp5YINFksl2yxr1RZXPQb5g5xEl/V7hM72oBoWGx9oE7Z GVLEJYRk1Bvy5wIxrUMdqM5U7KhcA/OmP7psJkP0ov6+JQOzXHSjZDn4Ng6cUnQb 6vHyYvNvPlHw5ng3NjiGv/ZGUDozR+E9qiIYaLBztsMZCIdo3nd1iN1NtLvh+jQU xGERHXKaQglOW4VJQVJLhQpD3omuHRBBzfh9tBBMAmxSSdAMcUp+hARkWnFQu8sE tKihHeKpOXPIyyUFT+q1HthVfE5RCMK6JZlNpvyCaXkPqaHtdqq5GVXr8J9ciZri cBpWjKQa5CCzB+MA8QU+ =aOdj -----END PGP SIGNATURE-----