geli boot password + aesni

[Peter Toth]

Hi there,

Before filing a bug report (and to confirm my sanity) thought will share
my experiences with AESNI and GELI.
Also, hopefully this will save someone else a couple of days of running
in a circle...
 
I was trying to set up an encrypted root zpool on a laptop (core i7) with
AESNI enabled and boot time password prompt for the encryption key.

All is OK until the boot password prompt comes up. Entering the correct
password will result in password rejection.

Traced down the problem to AESNI(4). If I set up the root disk without
AESNI loaded in the kernel and boot without AESNI everything works as
expected.
As soon as AESNI is loaded during geli init and during boot time, the
password fails no matter what.

Also encountered an other problem: if AESNI is used for geli init, zpool
(data) is not accessible later if AESNI is disabled. geli mounts the
encrypted provider but no data is available on it.

For summary there are 2 problems:

1. GELI boot time password fails no matter what if AESNI is enabled and
AESNI was used during geli init.

2. If AESNI was loaded and used for geli init - disabling AESNI later
will result in inaccessible data on the provider.

Both of these problems are fully reproducible.

The system is FreeBSD 8.2 amd64 running on corei7 with AHCI and zpool v15.

Anyone seen this behavior before or has some ideas what else to check?

Many thanks