11.3: GELI attach: Wrong key despite correct passphrase
Marco Steinbach
coco at executive-computing.de
Sun Aug 18 13:46:16 UTC 2019
Hi.
I have two bootable SSDs, both installed using a GELI encrypted root on
ZFS.
Both use the same passphrase, both boot, if I enter that passphrase at
GELIs prompt.
One contains a GELI encrypted ZFS on root installed using
the 11.1-RELEASE installer, which was source upgraded to 12
(without upgrading the zpools).
The other also contains a GELI encrypted ZFS on root, but installed
using the 11.3-RELEASE installer. This one was source upgraded to
11.3-STABLE r350677.
I'd like to copy over data from the 12 to the 11.3 drive, so I put the
12 one into an external USB enclosure.
root at bsdbuch:~ # uname -a
FreeBSD bsdbuch.c0c0.intra 11.3-STABLE FreeBSD 11.3-STABLE #0 r350677:
Sun Aug 18 04:43:08 CEST 2019
root at bsdbuch.c0c0.intra:/usr/obj/usr/src/sys/GENERIC amd64
Internal 11.3
root at bsdbuch:~ # gpart show ada0
=> 40 1953525088 ada0 GPT (932G)
40 1024 1 freebsd-boot (512K)
1064 984 - free - (492K)
2048 16777216 2 freebsd-swap (8.0G)
16779264 1936744448 3 freebsd-zfs (924G)
1953523712 1416 - free - (708K)
External 12 USB
root at bsdbuch:~ # gpart show da0
=> 40 1953525088 da0 GPT (932G)
40 409600 1 efi (200M)
409640 1024 2 freebsd-boot (512K)
410664 984 - free - (492K)
411648 4194304 3 freebsd-zfs (2.0G)
4605952 33554432 4 freebsd-swap (16G)
38160384 1915363328 5 freebsd-zfs (913G)
1953523712 1416 - free - (708K)
root at bsdbuch:~ # geli attach /dev/da0p5
Enter passphrase:
geli: Wrong key for da0p5.
I've then imported the bootpool from da0, and mounted it, so I can try
using the key in boot/
root at bsdbuch:~ # geli attach -k /bootpool/boot/ada0p5.eli /dev/da0p5
Enter passphrase:
geli: Wrong key for da0p5.
If I put the 11.3 drive into the external enclosure, and boot from the
12 drive, I can attach the 11.3 GELI provider without error using the
exact same passphrase (and without using a key)
Am I missing something ?
MfG CoCo
More information about the freebsd-geom
mailing list