geli not recognizing passphrase on boot (was: geli not prompting for password on boot)

Pawel Jakub Dawidek pjd at FreeBSD.org
Sat Apr 8 10:39:53 UTC 2006 

On Fri, Apr 07, 2006 at 05:27:38PM -0500, Adam Wood wrote:
+> Hello,
+> 
+> I have tried a new method using the 6.1-BETA4 ISO images.
+> Unfortunately, I am still not getting it to work properly. I am,
+> however, making slight progress, as it does ask for a passphrase at
+> boot.
+> 
+> It does not seem to recognize my passphrase, though.
+> 
+> Here's what I've done:
+> 
+> 1. Booted with 6.1-BETA4 disc 1.
+> 2. Launched Fixit with livefilesystem on CD.
+> 3. Created symlink /dist/lib to /lib (ln -s /dist/lib /lib) and
+> /dist/boot/kernel to /boot/kernel (ln -s /dist/boot/kernel
+> /boot/kernel).
+> 4. Loaded the geom_eli module (kldload geom_eli).
+> 5. Initiated the geli device (geli init -b -s 4096 -l 256 /dev/ad0).
+> 6. Attached the new geli device (geli attach /dev/ad0 -- works!).
+> 7. Created bsdlabel on new, encrypted disk (bsdlabel -w /dev/ad0).

You should bsdlabel -w /dev/ad0.eli.

+> 15. Edited boot/loader.conf and added geom_eli_load="YES" and
+> kern.geom.eli.debug=1.

Please add kern.geom.eli.visible_passphrase=1 to the loader.conf as
well.

+> 16. Ran mkisofs -b boot/bootcd -t /tmp/bootcd.iso /newdirectory_containingdirs.
+> 17. Burned /tmp/bootcd.iso.
+> 18. Rebooted with the new CD as boot device.
+> 
+> It prompts me for the passphrase for ad0, but when I supply it I just get:
+> 
+> GEOM_ELI[0]: Wrong key for ad0. Tries left: 2.
+> 
+> I know I'm typing it correctly, and if I boot back into the install
+> disc I can attach just fine. Can you think of anything that would be
+> causing this? Does the boot media need /lib? I don't think it does,
+> but perhaps I'm wrong.

It doesn't. Try to enable visible_passphrase tunable and see if it gets
the passphrase you type.

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20060408/bf12fa63/attachment.pgp

More information about the freebsd-geom mailing list