Date: Fri, 7 Apr 2006 17:27:38 -0500 From: "Adam Wood" <aswood@gmail.com> To: "Pawel Jakub Dawidek" <pjd@freebsd.org> Cc: freebsd-geom@freebsd.org Subject: geli not recognizing passphrase on boot (was: geli not prompting for password on boot) Message-ID: <77518d100604071527o8a53760u3dce7b318655e7a9@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I have tried a new method using the 6.1-BETA4 ISO images. Unfortunately, I am still not getting it to work properly. I am, however, making slight progress, as it does ask for a passphrase at boot. It does not seem to recognize my passphrase, though. Here's what I've done: 1. Booted with 6.1-BETA4 disc 1. 2. Launched Fixit with livefilesystem on CD. 3. Created symlink /dist/lib to /lib (ln -s /dist/lib /lib) and /dist/boot/kernel to /boot/kernel (ln -s /dist/boot/kernel /boot/kernel). 4. Loaded the geom_eli module (kldload geom_eli). 5. Initiated the geli device (geli init -b -s 4096 -l 256 /dev/ad0). 6. Attached the new geli device (geli attach /dev/ad0 -- works!). 7. Created bsdlabel on new, encrypted disk (bsdlabel -w /dev/ad0). 8. a. Set editor (export EDITOR=3D/dist/usr/bin/vi). b. Partitioned new disk manually (bsdlabel -e /dev/ad0). 9. Created new filesystems (newfs /dev/ad0.elia, newfs /dev/ad0.elid, newfs /dev/ad0.elie, newfs /dev/ad0.elif). 10. Defined a mountpoint (mkdir /crypt). 11. Mounted encrypted partitions (mount /dev/ad0.elia /crypt, mount /dev/ad0.elid /crypt/var, mount /dev/ad0.elie /crypt/tmp, mount /dev/ad0.elif /crypt/usr). 12. Installed base system (cd /dist/6.1-BETA4/base && export DESTDIR=3D/crypt && ./install.sh). NOTE: This did not populate /crypt/boot/kernel/ for some reason, so I copied /dist/boot/kernel/* to /crypt/boot/kernel/). 13. tar'ed up the boot directory (cd /crypt; tar -zcvpf /crypt/boot.tgz boot) and transfered to separate system with cdrtools (ln -s /dist/usr/bin /usr/bin; scp boot.tgz user@host:~/). 14. On other system, I created a new directory which contains the boot directory I copied and also an etc directory with the fstab. 15. Edited boot/loader.conf and added geom_eli_load=3D"YES" and kern.geom.eli.debug=3D1. 16. Ran mkisofs -b boot/bootcd -t /tmp/bootcd.iso /newdirectory_containingd= irs. 17. Burned /tmp/bootcd.iso. 18. Rebooted with the new CD as boot device. It prompts me for the passphrase for ad0, but when I supply it I just get: GEOM_ELI[0]: Wrong key for ad0. Tries left: 2. I know I'm typing it correctly, and if I boot back into the install disc I can attach just fine. Can you think of anything that would be causing this? Does the boot media need /lib? I don't think it does, but perhaps I'm wrong. For reference, here is the /etc/fstab on the media: # Device Mountpoint FStype Options Dump Pas= s# /dev/ad0.elib none swap sw 0 0 /dev/ad0.elia / ufs rw 1 1 /dev/ad0.elie /tmp ufs rw 2 2 /dev/ad0.elif /usr ufs rw 2 2 /dev/ad0.elid /var ufs rw 2 2 Sincerely, Adam Wood On 4/6/06, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > On Wed, Apr 05, 2006 at 08:33:55PM -0500, Adam Wood wrote: > +> Hello, > +> > +> I've recently began researching GELI and disk-encryption altogether > +> and have run into a problem. > +> > +> I've created a bootable media with the 6.0-RELEASE kernel with all the > +> standard modules. It also has geom_eli_load=3D"YES" in loader.conf. I > +> also have the following /etc/fstab in the boot media: > +> > +> # Device Mountpoint FStype Options Dump = Pass# > +> /dev/ad0.elib none swap sw 0 = 0 > +> /dev/ad0.elia / ufs rw 1 = 1 > +> /dev/ad0.elie /tmp ufs rw 2 = 2 > +> /dev/ad0.elif /usr ufs rw 2 = 2 > +> /dev/ad0.elid /var ufs rw 2 = 2 > +> > +> I created /dev/ad0.eli via the following: > +> > +> geli init -b -l 256 /dev/ad0 > +> > +> and the partitions: > +> > +> bsdlabel -w /dev/ad0.eli > +> bsdlabel -e /dev/ad0.eli > +> > +> However, when I boot, I can see that geom_eli is loaded, but it does > +> not ever ask me for the password. I believe that is the point of the > +> -b argument I supplied to the geli init command. > +> > +> When I boot I am greeted with the following error: > +> > +> Trying to mount root from ufs:/dev/ad0.elia > +> > +> Manual root filesystem specification: > +> <fstype>:<device> Mount <device> using filesystem <fstype> > +> eg. ufs:da0s1a > +> ? List valid disk boot devices > +> <empty line> Abort manual input > +> > +> mountroot> > +> > +> Any help you could provide would be much appreciated. > > Which FreeBSD version are you using? There could be a race in earlier > versions where geli stops waiting for providers before they actually > show up. You increase debug level to 1 by adding: > > kern.geom.eli.debug=3D1 > > to the /boot/loader.conf and see when message "Tasting no more." is > printed. > > This problem is fixed in 6-STABLE and will be also in 6.1-RELEASE. > > -- > Pawel Jakub Dawidek http://www.wheel.pl > pjd@FreeBSD.org http://www.FreeBSD.org > FreeBSD committer Am I Evil? Yes, I Am! > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77518d100604071527o8a53760u3dce7b318655e7a9>