GELI Passphrase for disk0p4 on BTX loader - Bad GELI key: -1 with correct passphrase
miguelmclara at gmail.com
Fri May 6 11:39:23 UTC 2016
In recent current build BTX loader now prompts for a geli passphrase, but
typing the correct passphrase always fails.
After the 2 trys I get to the next part where loader.conf is loaded and I
am prompted again for a GELI Passphrase (I have geom_eli_passphrase_prompt
set to "YES") this is the one that's saved to be used later and it does
The main diference seems to be the first one is trying to decrypt disk0p4,
while the other is doing it for "ada0p4" which should mean the same thing
for geli (I think) but they are not.
I've misstyped the passphrase on purpose in the second prompt and let it do
the normal boot until it tries to attach the devices and ask for a
passphrase for ada0p4, should like the "old days" and if I fail here 3
times it then swtichs to "disk0p4" or "DISKIDblahblah" and all of this fail
with a correct passphrase.
I've uses FreeBSD installer with ZFS + GELI to do this and it seems geli
only knows how to decrypt "ada0..." but nothing else, probably due to how
its was created, or maybe its by design...
Anyway for me it works great if I get asked the passphrase when loader.conf
quicks in, and use it later.
But I am curious about the BTX loader prompt... even if it did work for
disk0p4 how will it load the keyfile? I can type the passphrase but it
wouldn't know about the keyfile or be able to access it.
More information about the freebsd-current