[Bug 283043] gptboot fails to read the encrypted rootfs if geli authentication (geli -a) is used

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 283043] gptboot fails to read the encrypted rootfs if geli authentication (geli -a) is used"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 16 Apr 2025 01:41:07 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283043

--- Comment #5 from John Baldwin <jhb@FreeBSD.org> ---
My patch was incorrect.  The key is actually ok I think, the bigger problem is
that the data layout on disk is very different when auth is enabled.  A logical
4k sector is striped across multiple underlying sectors each of which contains
a MAC along with a payload (typically for 512 byte sectors you get 480 bytes of
data).  This needs a much larger change to the data path in geliboot to handle.
 In the kernel this is the difference between g_eli_integrity.c vs
g_eli_privacy.c.  This is a non-trivial amount of work unfortunately.

-- 
You are receiving this mail because:
You are the assignee for the bug.