From owner-freebsd-bugs@FreeBSD.ORG Thu Apr 30 13:40:03 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7BAF106567A for ; Thu, 30 Apr 2009 13:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 93DCF8FC2E for ; Thu, 30 Apr 2009 13:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n3UDe31G044317 for ; Thu, 30 Apr 2009 13:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n3UDe31H044316; Thu, 30 Apr 2009 13:40:03 GMT (envelope-from gnats) Resent-Date: Thu, 30 Apr 2009 13:40:03 GMT Resent-Message-Id: <200904301340.n3UDe31H044316@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Terje Elde Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A8EC106564A for ; Thu, 30 Apr 2009 13:38:03 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id EDD328FC12 for ; Thu, 30 Apr 2009 13:38:02 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n3UDc2rm056121 for ; Thu, 30 Apr 2009 13:38:02 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n3UDc2vx056120; Thu, 30 Apr 2009 13:38:02 GMT (envelope-from nobody) Message-Id: <200904301338.n3UDc2vx056120@www.freebsd.org> Date: Thu, 30 Apr 2009 13:38:02 GMT From: Terje Elde To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/134113: Problem setting secondary GELI key X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2009 13:40:04 -0000 >Number: 134113 >Category: kern >Synopsis: Problem setting secondary GELI key >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 30 13:40:03 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Terje Elde >Release: 7.2-PRERELEASE >Organization: >Environment: FreeBSD 42-gw.keepquiet.net 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Mon Apr 27 22:48:43 CEST 2009 tld@42-gw.keepquiet.net:/usr/obj/usr/src/sys/42 i386 >Description: Created a GELI-setup using only a keyfile, partition to be mounted at boot. When trying to set the secondary-key (key 1) using a passphrase incase the keyfile is lost, the following happens: ------------------------------------------------ 42-gw# geli setkey -v -n 1 /dev/mirror/world Enter new passphrase: Reenter new passphrase: Calculating number of iterations... Done, using 138302 iterations. geli: Only already defined key can be changed when '-i' option is used. ------------------------------------------------ Note that the provider was attached at the time. >How-To-Repeat: Create a GELI slice with only a keyfile, no password, to be mounted on boot, then try to set secondary key while the provider is attached. >Fix: Workaround: Setting the first key (key 0) that was used for attaching the provider with a keyfile, works: ------------------------------------------------ 42-gw# geli setkey -v -n 0 /dev/mirror/world Enter new passphrase: Reenter new passphrase: Calculating number of iterations... Done, using 80194 iterations. Done. ------------------------------------------------ After that, setting the secondary key also works: ------------------------------------------------ 42-gw# geli setkey -v -n 1 /dev/mirror/world Enter new passphrase: Reenter new passphrase: Done. 42-gw# ------------------------------------------------ After that, I can set the primary key back to the keyfile. >Release-Note: >Audit-Trail: >Unformatted: