From owner-freebsd-current@freebsd.org  Wed Feb 21 15:13:10 2018
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 939D4F0AC4C
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Wed, 21 Feb 2018 15:13:10 +0000 (UTC)
 (envelope-from krassi@bulinfo.net)
Received: from mx.bulinfo.net (mx.bulinfo.net [193.194.156.1])
 by mx1.freebsd.org (Postfix) with ESMTP id 2354280989
 for <freebsd-current@freebsd.org>; Wed, 21 Feb 2018 15:13:09 +0000 (UTC)
 (envelope-from krassi@bulinfo.net)
Received: from clamav.bulinfo.net (unknown [193.194.156.41])
 by mx.bulinfo.net (Postfix) with ESMTP id 094005C4DA
 for <freebsd-current@freebsd.org>; Wed, 21 Feb 2018 17:04:35 +0200 (EET)
Authentication-Results: mx.bulinfo.net;
 dkim=pass (1024-bit key) header.d=bulinfo.net header.i=@bulinfo.net
 header.b=OdKGz7+t
X-Virus-Scanned: amavisd-new at bulinfo.net
Received: from mx.bulinfo.net ([193.194.156.1])
 by clamav.bulinfo.net (clamav.bulinfo.net [10.0.0.32]) (amavisd-new,
 port 10024)
 with ESMTP id tQ5UT__ZOmfc for <freebsd-current@freebsd.org>;
 Wed, 21 Feb 2018 17:04:24 +0200 (EET)
Received: from [192.168.1.42] (strainer.bulinfo.net [193.194.156.5])
 by mx.bulinfo.net (Postfix) with ESMTP id 26EFF5C42D
 for <freebsd-current@freebsd.org>; Wed, 21 Feb 2018 17:04:24 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bulinfo.net; s=sign;
 t=1519225464; bh=IxZCjmzs36D0wPH4yLf1HGfMrrU83UJ83Ep67vYh4vU=;
 h=From:Subject:To:Date;
 b=OdKGz7+tIsjV67lFH0iiSeEazGXLie8J4xrsHXUX6711uvLv1d0Mrqw/jCdGUCqRr
 uKUAaFfNLi0PcPwBojhmURMyDPVdfowoBUhLaJdq1fiHKKavDblcdxbmapyiq5x4qs
 R0Wkn6UF9DM/gK+i3BPVGINnPV1/py6ZrdlW+ECQ=
From: Krassimir Slavchev <krassi@bulinfo.net>
Subject: GELI changes?
To: Current FreeBSD <freebsd-current@freebsd.org>
Message-ID: <927f7364-e600-ab6b-c1ca-5966d87cabf2@bulinfo.net>
Date: Wed, 21 Feb 2018 17:04:24 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 15:13:10 -0000

Hi All,

On FreeBSD 8 & 9 I was able to use GELI on preloaded image providing
keys either via loader.conf or via custom usb driver.
On FreeBSD 11 & CURRENT I can not make usb drivers to load before GELI
(e.g. MODULE_DEPEND(g_eli, my_usb_device, 1, 1, 1) in g_eli.c). Also,
loading keys from loader.conf is not working (Cannot decrypt Master Key)
which may be related to current EFI changes. On CURRENT loading keys
from loader.conf produces kernel panic because cryptosoft is not
initialized (opencrypto/crypto.c:497, CRYPTO_DRIVER_LOCK() spin mutex
(null)).

So, could we load USB layer before GELI?
Is there a way to re-taste a GEOM provider a bit later but before root
mount?

Best regards,

-- 
Krassimir Slavchev           Bulinfo Ltd.
krassi@bulinfo.net           (+359 2) 9699 166
http://www.bulinfo.net       (+359 2) 9699 160