kern.geom.eli.boot_passcache doesn't work anymore in 11.2-RELEASE for additional disks

Fri, 17 Aug 2018 06:55:06 -0700

I have a geli-encrypted zroot which was created with Auto (ZFS) Guided Root-on-ZFS during fresh installation of 11.1-RELEASE. No bootpool anymore, Partition scheme GPT (BIOS)
The additional disks were prepared with 'geli init -b' to set only the BOOT-flag and the same password as the disks for zroot. 


Worked as expected: bootloader asked only one time for password and 
during boot every encrypted disk was attached.



Since upgrading to 11.2-RELEASE geli asks during boot a second time for 
the password when it tries to attach the additional disks. This is like 
the old style, when this line gets lost between other boot-messages. The 
system won't boot further at this point. Typing the password 'blind' and 
geli will attach every additional disk. So far no any other errors.



Being irritated, I did a complete reinstall with a 11.2 image from 
usb-stick, but geli asks still twice for the password.


Some input:

sysctl -a | grep kern.geom.eli
kern.geom.eli.key_cache_misses: 0
kern.geom.eli.key_cache_hits: 0
kern.geom.eli.key_cache_limit: 8192
kern.geom.eli.boot_passcache: 1
kern.geom.eli.batch: 0
kern.geom.eli.threads: 0
kern.geom.eli.overwrites: 5
kern.geom.eli.visible_passphrase: 0
kern.geom.eli.tries: 3
kern.geom.eli.debug: 0
kern.geom.eli.version: 7

zpool status zroot
  pool: zroot
 state: ONLINE
  scan: none requested
config:

    NAME            STATE     READ WRITE CKSUM
    zroot           ONLINE       0     0     0
      mirror-0      ONLINE       0     0     0
        ada0p3.eli  ONLINE       0     0     0
        ada1p3.eli  ONLINE       0     0     0
        ada2p3.eli  ONLINE       0     0     0

errors: No known data errors

geli list ada0p3.eli
Geom name: ada0p3.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT, GELIBOOT
KeysAllocated: 67
KeysTotal: 67
Providers:
1. Name: ada0p3.eli
   Mediasize: 285711790080 (266G)
   Sectorsize: 4096
   Mode: r1w1e1
Consumers:
1. Name: ada0p3
   Mediasize: 285711794176 (266G)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1

geli list da0.eli
Geom name: da0.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT
KeysAllocated: 466
KeysTotal: 466
Providers:
1. Name: da0.eli
   Mediasize: 2000398929920 (1.8T)
   Sectorsize: 4096
   Mode: r1w1e2
Consumers:
1. Name: da0
   Mediasize: 2000398934016 (1.8T)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1


_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"














    











					Reply via email to