ELI passphrase on boot with USB keyboard

[Reid Linnemann]

Written by Rolf G Nielsen on 07/27/07 16:37>>
> Reid Linnemann wrote:
>> Written by Reid Linnemann on 07/27/07 15:49>>
>>> Written by Rolf G Nielsen on 07/27/07 15:21>>
>>>> Hi,
>>>>
>>>> I recently purchased a new USB keyboard, since my old PS/2 one has 
>>>> seen its best days. This has caused me annoying problems with my ELI 
>>>> disks, though.
>>>>
>>>> I have four SATA harddrives, all of which are encrypted using ELI 
>>>> encryption. I've encrypted the raw disks, ad0, ad1, ad2 and ad3. The 
>>>> resulting devices ad0.eli, ad1.eli, ad2.eli and ad3.eli, I've 
>>>> concatenated into a large device, cc0, on which I have several 
>>>> partitions. To get this working, I of course need to boot from a 
>>>> separate device, and for that I use an SD card, which holds a boot 
>>>> directory. With my old PS/2 keyboard, this worked like a charm, but 
>>>> it seems to me, the ukbd driver isnt activated until after the ELI 
>>>> encryption, which means I'm unable to enter the passphrases for the 
>>>> disks, thus I can't get the computer passed the first passphrase 
>>>> prompt.
>>>>
>>>> Currently I have both the old keyboard and the new USB one 
>>>> connected. I use the PS/2 one to enter the passphrases, then I put 
>>>> it on the floor under my desk and use the USB keyboard. As you may 
>>>> very well understand, this is quite annoying. Is there a way to get 
>>>> the USB keyboard to work at the point where I enter the passphrases?
>>>>
>>>> I've tried to change the keys for the disks to not use a passphrase, 
>>>> but only keyfiles and load them from loader.conf, just as described 
>>>> in the GELI man page (yes I did set the -P option), but that simply 
>>>> will not work (and to be honest, it's not a solution I'd favour); if 
>>>> I set the -b option (ask for passphrase on boot), it still asks for 
>>>> the passphrase, though there is none, and if I set the -B option 
>>>> (don't ask for passphrase on boot), the computer ends up at the 
>>>> "mountroot>" prompt.
>>>>
>>>> I'd appreciate any help.
>>>>
>>>> Sincerly,
>>>>
>>>> Rolf Nielsen
>>>>
>>>
>>> Try setting hints.atkbd0.disabled to 1 in the loader, or in the 
>>> device.hints file. Your usb keyboard may work in early stages with 
>>> that device hint.
>>
>> Erm, set the hint in the loader _first_, and then only put it in 
>> device.hints if it works!
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to 
>> "freebsd-questions-unsubscribe at freebsd.org"
>>
>>
>>
> Moreover, the usb keyboard works upto and including the boot menu (I 
> guess the hardware is strictly under BIOS control then, and the kernel 
> doesnt really know if the keboard is usb or ps/2). Then, as soon as the 
> kernel starts probing devices, it stops working. It comes back when 
> daemons have been started. Does usbd have to be running for a usb 
> keyboard to work? If so, could it be worked around?
> 
> 

That I don't know. It seems to me that the USB keyboard operates in one 
of two modes - through the bios or through a device driver. When the 
system is yet to come up, the PC BIOS is able to talk with the USB 
keyboard, else you wouldn't be able to type commands in the loader. At 
some point, I guess the OS aborts talking to the USB keyboard through 
the BIOS until a driver is loaded. However, I'm not a kernel hacker, so 
this is only a guess and someone more knowledgeable should respond to 
the thread at this point.