From owner-freebsd-current@FreeBSD.ORG Thu Jan 21 17:06:26 2010 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 316691065670 for ; Thu, 21 Jan 2010 17:06:26 +0000 (UTC) (envelope-from michael.gusek@web.de) Received: from fmmailgate02.web.de (fmmailgate02.web.de [217.72.192.227]) by mx1.freebsd.org (Postfix) with ESMTP id A48E08FC17 for ; Thu, 21 Jan 2010 17:06:25 +0000 (UTC) Received: from smtp08.web.de (fmsmtp08.dlan.cinetic.de [172.20.5.216]) by fmmailgate02.web.de (Postfix) with ESMTP id 650E214C4ADEC for ; Thu, 21 Jan 2010 17:39:02 +0100 (CET) Received: from [82.144.33.34] (helo=kerkyra.vanguard.de) by smtp08.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.110 #314) id 1NY03i-0000IA-00 for current@FreeBSD.org; Thu, 21 Jan 2010 17:39:02 +0100 Message-ID: <4B588325.40009@web.de> Date: Thu, 21 Jan 2010 17:39:01 +0100 From: Michael Gusek User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.1.5) Gecko/20100105 Thunderbird/3.0 MIME-Version: 1.0 To: current@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Sender: michael.gusek@web.de X-Sender: michael.gusek@web.de X-Provags-ID: V01U2FsdGVkX18yIC8kjsG3ckWVnAhhqIsED9smzDkRfHJTsZSL GKnZ+f7/XK8b9LwweAXZ/Bs829K9vLZsQvZW68sio95OJ9hT3H gI2sZ30k5VSj0WLpomvA== Cc: Subject: USB pen encryption at boot-time X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 17:06:26 -0000 Hi, i'm trying to decrypt an usb pen at boot. For this, i encrypt a slice on a pen: geli init -b -P -K da0.key /dev/da0s1a On my pc, the pen should encrypt on boot, so i have this in loader.conf: geom_eli_load="YES" geli_da0s1a_keyfile0_load="YES" geli_da0s1a_keyfile0_type="da0s1a:geli_keyfile0" geli_da0s1a_keyfile0_name="/boot/keys/da0.key" But it isn't encrypt on boot. I'm running 8.0-RELEASE on a Soekris 5501. If i encrypt another partition of my hard-disk (ad0s1b), this will be encrypt on boot time. So i think, this is a problem with the usb-stack ? In dmesg you can see geli is trying to find a key for ad0s1b, but not for /dev/da0s1a which is my encrypted slice on the usb pen. Yes, i can manually 'geli attach -p -k /boot/keys/da0.key /dev/da0s1a' after login. Hier is my dmesg: Copyright (c) 1992-2009 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.0-RELEASE #2 r200252: Thu Jan 21 16:08:33 CET 2010 micha@kerkyra.vanguard.de:/usr/obj/usr/src/sys/ZSVA Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Geode(TM) Integrated Processor by AMD PCS (433.25-MHz 586-class CPU) Origin = "AuthenticAMD" Id = 0x5a2 Stepping = 2 Features=0x88a93d AMD Features=0xc0400000 real memory = 268435456 (256 MB) avail memory = 252272640 (240 MB) kbd1 at kbdmux0 K6-family MTRR support enabled (2 registers) ACPI Error: A valid RSDP was not found 20090521 tbxfroot-309 ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: on motherboard pcib0: pcibus 0 on motherboard pci0: on pcib0 Geode LX: Soekris net5501 comBIOS ver. 1.33 20070103 Copyright (C) 2000-2007 glxsb0: mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on pci0 vr0: port 0xe100-0xe1ff mem 0xa0004000-0xa00040ff irq 11 at device 6.0 on pci0 vr0: Quirks: 0x2 vr0: Revision: 0x96 miibus0: on vr0 ukphy0: PHY 1 on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto vr0: Ethernet address: 00:00:24:cb:5d:e0 vr0: [ITHREAD] vr1: port 0xe200-0xe2ff mem 0xa0004100-0xa00041ff irq 5 at device 7.0 on pci0 vr1: Quirks: 0x2 vr1: Revision: 0x96 miibus1: on vr1 ukphy1: PHY 1 on miibus1 ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto vr1: Ethernet address: 00:00:24:cb:5d:e1 vr1: [ITHREAD] vr2: port 0xe300-0xe3ff mem 0xa0004200-0xa00042ff irq 9 at device 8.0 on pci0 vr2: Quirks: 0x2 vr2: Revision: 0x96 miibus2: on vr2 ukphy2: PHY 1 on miibus2 ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, autoad0s1b vr2: Ethernet address: 00:00:24:cb:5d:e2 vr2: [ITHREAD] vr3: port 0xe400-0xe4ff mem 0xa0004300-0xa00043ff irq 12 at device 9.0 on pci0 vr3: Quirks: 0x2 vr3: Revision: 0x96 miibus3: on vr3 ukphy3: PHY 1 on miibus3 ukphy3: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto vr3: Ethernet address: 00:00:24:cb:5d:e3 vr3: [ITHREAD] pci0: at device 17.0 (no driver attached) isab0: at device 20.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 20.2 on pci0 ata0: on atapci0 ata0: [ITHREAD] ata1: on atapci0 ata1: [ITHREAD] ohci0: mem 0xa0010000-0xa0010fff irq 7 at device 21.0 on pci0 ohci0: [ITHREAD] usbus0: on ohci0 ehci0: mem 0xa0011000-0xa0011fff irq 7 at device 21.1 on pci0 ehci0: [ITHREAD] usbus1: EHCI version 1.0 usbus1: on ehci0 cpu0 on motherboard pmtimer0 on isa0 orm0: at iomem 0xc8000-0xd27ff pnpid ORM0000 on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] atkbd0: [ITHREAD] atrtc0: at port 0x70 irq 8 on isa0 uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 uart0: [FILTER] uart0: console (19200,n,8,1) uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0 uart1: [FILTER] Timecounter "TSC" frequency 433250443 Hz quality 800 Timecounters tick every 1.000 msec usbus0: 12Mbps Full Speed USB v1.0 usbus1: 480Mbps High Speed USB v2.0 ad0: 1953MB at ata0-master WDMA2 ugen0.1: at usbus0 uhub0: on usbus0 ugen1.1: at usbus1 uhub1: on usbus1 GEOM: ad0s1: geometry does not match label (255h,63s != 16h,63s). GEOM_ELI: Found no key files in loader.conf for ad0s1b. Root mount waiting for: usbus1 usbus0 uhub0: 4 ports with 4 removable, self powered Root mount waiting for: usbus1 uhub1: 4 ports with 4 removable, self powered Root mount waiting for: usbus1 ugen1.2: at usbus1 umass0: on usbus1 umass0: SCSI over Bulk-Only; quirks = 0x0100 Root mount waiting for: usbus1 umass0:0:0:-1: Attached to scbus0 Trying to mount root from ufs:/dev/label/root(probe0:umass-sim0:0:0:0): TEST UNIT READY. CDB: 0 0 0 0 0 0 (probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error (probe0:umass-sim0:0:0:0): SCSI Status: Check Condition (probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0 (probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have changed (probe0:umass-sim0:0:0:0): Retrying Command (per Sense Data) da0 at umass-sim0 bus 0 target 0 lun 0 da0: Removable Direct Access SCSI-2 device da0: 40.000MB/s transfers da0: 1925MB (3944446 512 byte sectors: 255H 63S/T 245C) Thanks for help, Michael