Re: Troubleshooting FDE with SD Card Reader

2019-03-31 Thread Stuart Henderson 
On 2019-03-31, Normen Wohner  wrote:
>
>
>> On Mar 31, 2019, at 12:56, Stefan Sperling  wrote:
>> 
>>> On Sat, Mar 30, 2019 at 04:49:59PM -0600, Theo de Raadt wrote:
>>> Normen Wohner  wrote:
 No you do not,
 even the Installer sees my SD reader
 out of the box as a standard umass
 device.
 Since I can setup the FDE with the
 SD during install it should be trivial
>>> 
>>> Some BIOS can see SD cards, especially if they are USB.  But not all
>>> systems.  Also some BIOS have a different problem, that the moment you
>>> choose a root device the other devices don't quite work.  I think this
>>> can be rather disruptive towards forming a raid.
>> 
>> To see a list of disks detected by the BIOS, type 'machine disk' 
>> the boot> promp. Keydisks will only work during boot if they show
>> up in this list.
>> Other keydisks will only work once the kernel has already booted up.
>> 
>> Perhaps this should be thrown into the FAQ, this question keeps coming up...
>
> As suspected nothing from the internal reader.
> Thanks for all the help!
>
>

Sometimes it depends on BIOS settings.

Re: Troubleshooting FDE with SD Card Reader

2019-03-31 Thread Normen Wohner 



> On Mar 31, 2019, at 12:56, Stefan Sperling  wrote:
> 
>> On Sat, Mar 30, 2019 at 04:49:59PM -0600, Theo de Raadt wrote:
>> Normen Wohner  wrote:
>>> No you do not,
>>> even the Installer sees my SD reader
>>> out of the box as a standard umass
>>> device.
>>> Since I can setup the FDE with the
>>> SD during install it should be trivial
>> 
>> Some BIOS can see SD cards, especially if they are USB.  But not all
>> systems.  Also some BIOS have a different problem, that the moment you
>> choose a root device the other devices don't quite work.  I think this
>> can be rather disruptive towards forming a raid.
> 
> To see a list of disks detected by the BIOS, type 'machine disk' 
> the boot> promp. Keydisks will only work during boot if they show
> up in this list.
> Other keydisks will only work once the kernel has already booted up.
> 
> Perhaps this should be thrown into the FAQ, this question keeps coming up...

As suspected nothing from the internal reader.
Thanks for all the help!

Re: Troubleshooting FDE with SD Card Reader

2019-03-31 Thread Stefan Sperling 
On Sat, Mar 30, 2019 at 04:49:59PM -0600, Theo de Raadt wrote:
> Normen Wohner  wrote:
> > No you do not,
> > even the Installer sees my SD reader
> > out of the box as a standard umass
> > device.
> > Since I can setup the FDE with the
> > SD during install it should be trivial
> 
> Some BIOS can see SD cards, especially if they are USB.  But not all
> systems.  Also some BIOS have a different problem, that the moment you
> choose a root device the other devices don't quite work.  I think this
> can be rather disruptive towards forming a raid.

To see a list of disks detected by the BIOS, type 'machine disk' 
the boot> promp. Keydisks will only work during boot if they show
up in this list.
Other keydisks will only work once the kernel has already booted up.

Perhaps this should be thrown into the FAQ, this question keeps coming up...

Re: Troubleshooting FDE with SD Card Reader

2019-03-30 Thread Theo de Raadt 
Normen Wohner  wrote:

> > On Mar 30, 2019, at 20:21, Maurice McCarthy  wrote:
> > 
> > Forgive me if I'm being silly but just because the kernel recognizes
> > the SD card it does not follow that the software to read it is built
> > into _base_. I hardly ever use an SD card but from what I remember you
> > have install pcsc-tools from ports to use one. If this is so then you
> > will _never_ be able to boot with a keydisk on the SD card. You must
> > use the USB.
> > 
> > Good Luck
> 
> No you do not,
> even the Installer sees my SD reader
> out of the box as a standard umass
> device.
> Since I can setup the FDE with the
> SD during install it should be trivial

Some BIOS can see SD cards, especially if they are USB.  But not all
systems.  Also some BIOS have a different problem, that the moment you
choose a root device the other devices don't quite work.  I think this
can be rather disruptive towards forming a raid.

> to make it readable, since the
> bootloader is basically the Installer.

Look, that is incorrect.  The bootloader is a 512 byte program which
load a 82K program, which loads the kernel.  If the kernel is bsd.rd, it
has a shells script inside it which is the installer/upgrader.
You are mislabelling the parts.

(This vague back and forth without facts is pretty annoying)

Re: Troubleshooting FDE with SD Card Reader

2019-03-30 Thread Normen Wohner 



> On Mar 30, 2019, at 18:39, "tfrohw...@fastmail.com"  
> wrote:
> 
> That makes sense - I missed the part in your initial email about it being the 
> keydisk. Unfortunately I'm not familiar with how bootloader/bioctl access a 
> keydisk. Does the SD card reader work otherwise?
> 
> It's a hardware question, so your chances for someone recognizing a solution 
> still increase dramatically if you share a dmesg...

Frankly: good call,
I should have included it in the initial email,
but since mail wasn't set up I said fuck it

Will copy it as soon as 
I'm back at the machine.

Re: Troubleshooting FDE with SD Card Reader

2019-03-30 Thread Normen Wohner 



> On Mar 30, 2019, at 20:21, Maurice McCarthy  wrote:
> 
> Forgive me if I'm being silly but just because the kernel recognizes
> the SD card it does not follow that the software to read it is built
> into _base_. I hardly ever use an SD card but from what I remember you
> have install pcsc-tools from ports to use one. If this is so then you
> will _never_ be able to boot with a keydisk on the SD card. You must
> use the USB.
> 
> Good Luck

No you do not,
even the Installer sees my SD reader
out of the box as a standard umass
device.
Since I can setup the FDE with the
SD during install it should be trivial
to make it readable, since the
bootloader is basically the Installer.
You will notice that if you ever
switch from release to -current or
just make an OS update from there.

Re: Troubleshooting FDE with SD Card Reader

2019-03-30 Thread Maurice McCarthy 
Forgive me if I'm being silly but just because the kernel recognizes
the SD card it does not follow that the software to read it is built
into _base_. I hardly ever use an SD card but from what I remember you
have install pcsc-tools from ports to use one. If this is so then you
will _never_ be able to boot with a keydisk on the SD card. You must
use the USB.

Good Luck

Re: Troubleshooting FDE with SD Card Reader

2019-03-30 Thread tfrohw...@fastmail.com 
On March 30, 2019 3:58:34 PM UTC, Normen Wohner  wrote:
>No I have the Full Disk Encryption on the internal Harddrive.
>Keydisk is on an SD card.
>When I try to boot with it being in the 
>internal reader it says keydrive not found.
>I can boot with the same SD inside a USB Adapter.
>That MAKEDEV solution would not be permanent,
>maybe I should try to see what devices the
>System has when nothing is inserted.
>
>> On Mar 30, 2019, at 16:19, "tfrohw...@fastmail.com"
> wrote:
>> 
>>> On March 29, 2019 9:42:44 PM UTC, Normen Wohner 
>wrote:
>>> I cannot use my SD Reader for keydisk purposes.
>>> It does show up in dmesg and should be there on boot.
>>> Since my SD reader is bundled with a 
>>> Sony MemoryStick reader I see them both coming up
>>> when I plug in the SD Card.
>>> The MS umass shows first on sd0 even if empty so the
>>> SD gets pushed to sd1.
>>> Should I somehow MAKEDEV sd1?
>>> I presumed it to be there?
>>> Is this maybe a different issue all together?
>>> Thanks for all the help!
>>> 
>> 
>> I'm not sure about the exact problem that you are trying to solve.
>Are you trying to boot the SD card with FDE on it? Do you get to the
>first boot prompt? Some output would be helpful to get a better
>understanding, ideally a dmesg. In my eperience, the bootloader can
>communicate with sd1 and higher numbers, and the install should come
>with device files for /dev/sd1 and a little higher.
>> 
>> If additional device entries are needed, just do:
>> 
>> # cd /dev && sh MAKEDEV 
>> 
>> ... but I doubt that's your problem.
>> 

That makes sense - I missed the part in your initial email about it being the 
keydisk. Unfortunately I'm not familiar with how bootloader/bioctl access a 
keydisk. Does the SD card reader work otherwise?

It's a hardware question, so your chances for someone recognizing a solution 
still increase dramatically if you share a dmesg...

Re: Troubleshooting FDE with SD Card Reader

2019-03-30 Thread Normen Wohner 
No I have the Full Disk Encryption on the internal Harddrive.
Keydisk is on an SD card.
When I try to boot with it being in the 
internal reader it says keydrive not found.
I can boot with the same SD inside a USB Adapter.
That MAKEDEV solution would not be permanent,
maybe I should try to see what devices the
System has when nothing is inserted.

> On Mar 30, 2019, at 16:19, "tfrohw...@fastmail.com"  
> wrote:
> 
>> On March 29, 2019 9:42:44 PM UTC, Normen Wohner  wrote:
>> I cannot use my SD Reader for keydisk purposes.
>> It does show up in dmesg and should be there on boot.
>> Since my SD reader is bundled with a 
>> Sony MemoryStick reader I see them both coming up
>> when I plug in the SD Card.
>> The MS umass shows first on sd0 even if empty so the
>> SD gets pushed to sd1.
>> Should I somehow MAKEDEV sd1?
>> I presumed it to be there?
>> Is this maybe a different issue all together?
>> Thanks for all the help!
>> 
> 
> I'm not sure about the exact problem that you are trying to solve. Are you 
> trying to boot the SD card with FDE on it? Do you get to the first boot 
> prompt? Some output would be helpful to get a better understanding, ideally a 
> dmesg. In my eperience, the bootloader can communicate with sd1 and higher 
> numbers, and the install should come with device files for /dev/sd1 and a 
> little higher.
> 
> If additional device entries are needed, just do:
> 
> # cd /dev && sh MAKEDEV 
> 
> ... but I doubt that's your problem.
>

Re: Troubleshooting FDE with SD Card Reader

2019-03-30 Thread tfrohw...@fastmail.com 
On March 29, 2019 9:42:44 PM UTC, Normen Wohner  wrote:
>I cannot use my SD Reader for keydisk purposes.
>It does show up in dmesg and should be there on boot.
>Since my SD reader is bundled with a 
>Sony MemoryStick reader I see them both coming up
>when I plug in the SD Card.
>The MS umass shows first on sd0 even if empty so the
>SD gets pushed to sd1.
>Should I somehow MAKEDEV sd1?
>I presumed it to be there?
>Is this maybe a different issue all together?
>Thanks for all the help!
> 

I'm not sure about the exact problem that you are trying to solve. Are you 
trying to boot the SD card with FDE on it? Do you get to the first boot prompt? 
Some output would be helpful to get a better understanding, ideally a dmesg. In 
my eperience, the bootloader can communicate with sd1 and higher numbers, and 
the install should come with device files for /dev/sd1 and a little higher.

If additional device entries are needed, just do:

# cd /dev && sh MAKEDEV 

... but I doubt that's your problem.

Troubleshooting FDE with SD Card Reader

2019-03-29 Thread Normen Wohner 
I cannot use my SD Reader for keydisk purposes.
It does show up in dmesg and should be there on boot.
Since my SD reader is bundled with a 
Sony MemoryStick reader I see them both coming up
when I plug in the SD Card.
The MS umass shows first on sd0 even if empty so the
SD gets pushed to sd1.
Should I somehow MAKEDEV sd1?
I presumed it to be there?
Is this maybe a different issue all together?
Thanks for all the help!