kern/134113: Problem setting secondary GELI key
Terje Elde
terje at elde.net
Thu Apr 30 13:40:04 UTC 2009
>Number: 134113
>Category: kern
>Synopsis: Problem setting secondary GELI key
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 30 13:40:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Terje Elde
>Release: 7.2-PRERELEASE
>Organization:
>Environment:
FreeBSD 42-gw.keepquiet.net 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Mon Apr 27 22:48:43 CEST 2009 tld at 42-gw.keepquiet.net:/usr/obj/usr/src/sys/42 i386
>Description:
Created a GELI-setup using only a keyfile, partition to be mounted at boot.
When trying to set the secondary-key (key 1) using a passphrase incase the keyfile is lost, the following happens:
------------------------------------------------
42-gw# geli setkey -v -n 1 /dev/mirror/world
Enter new passphrase:
Reenter new passphrase:
Calculating number of iterations...
Done, using 138302 iterations.
geli: Only already defined key can be changed when '-i' option is used.
------------------------------------------------
Note that the provider was attached at the time.
>How-To-Repeat:
Create a GELI slice with only a keyfile, no password, to be mounted on boot, then try to set secondary key while the provider is attached.
>Fix:
Workaround:
Setting the first key (key 0) that was used for attaching the provider with a keyfile, works:
------------------------------------------------
42-gw# geli setkey -v -n 0 /dev/mirror/world
Enter new passphrase:
Reenter new passphrase:
Calculating number of iterations...
Done, using 80194 iterations.
Done.
------------------------------------------------
After that, setting the secondary key also works:
------------------------------------------------
42-gw# geli setkey -v -n 1 /dev/mirror/world
Enter new passphrase:
Reenter new passphrase:
Done.
42-gw#
------------------------------------------------
After that, I can set the primary key back to the keyfile.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list