geli decrypt only one partition

Sun Jul 1 13:27:51 UTC 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Fabian and all,

Sorry, i no had enough time for this geli problem.
I work with a testsystem.
When start booting in verbose mode the system found the keypaths.

Preloaded ada0p4:geli_keyfile0 "/root/keys/ada0p4.key" at 0xc14bf540.
Preloaded ada1p4:geli_keyfile1 "/root/keys/ada1p4.key" at 0xc14bf598.

loader.conf
geom_eli_load="YES"

geli_ada0p4_keyfile0_load="YES"
geli_ada0p4_keyfile0_type="ada0p4:geli_keyfile0"
geli_ada0p4_keyfile0_name="/root/keys/ada0p4.key"

geli_ada1p4_keyfile1_load="YES"
geli_ada1p4_keyfile1_type="ada1p4:geli_keyfile1"
geli_ada1p4_keyfile1_name="/root/keys/ada1p4.key"

zfs_load="YES"
vfs.root.mountfrom="zfs:zroot"

on boottime i can decrypt ada0p4.
for ada1p4 ... wrong key.

i can decrypt ada1p4 later by hand with the keyfile like loader.conf.
same situation.
ada0p4 and ada1p4 are a zfs mirror.

On the attachement the dmesg file direct after login.

Thanks for help.

Suri

Am 21.06.12 12:21, schrieb Fabian Keil:
> joerg_surmann at snafu.de wrote:
> 
>> the keyfile in loader.conf is correct.
> 
> Did you verify that you get the boot message I quoted in the
> previous mail for both keyfiles? This would surprise me.
> 
>> when i decrypt ada1p3 via geli attach -k /priv/keys/ada1p3
>> /dev/ada1p3 ........ ada1p3.eli created
>> 
>> in loader.conf is the same path specified.
>> 
>> geli_ada1p3_keyfile1_load="YES" 
>> geli_ada1p3_keyfile1_type="ada1p3:geli_keyfile1" 
>> geli_ada1p3_keyfile1_name="/priv/keys/ada1p3.key"
>> 
>> only ada0p3 (keyfile0 in loader.conf) will decrypt on boottime. 
>> for ada1p3 comes wrong key.
>> 
>> any suggestions.
> 
> I suspect the problem is that you named the first keyfile for 
> ada1p3 keyfile1 instead of keyfile0. The keyfile numeration 
> restarts for each provider and the kernel will not load keyfile1 if
> keyfile0 doesn't exist.
> 
> Fabian
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP8FBNAAoJEDyDkpKh+9pTZAkQALKW325XIRae9P+5Rgx6ib+T
tqxQBm+ndwaMMroiF33D8dao6o9YSWB4z1bMNVRLgluG0jEHvjc2JufhHgIot8Rf
lZLQSC2b3qo+AvFtvkyn7pvEPqPNLhGvZZx9buihvAuZTGRVVCya6txFJ0u0VRq0
FDHYqFlL9bxnbhn/2jem8EdFHwlEmyvYzdyF4dGzrqCOeBlXBDvSQqtrlK3FuNYe
VOnIFZ+MdU1TdjyglalWSoFPCCZcFsc7uEUwwvOBXM48oqsAiZVKu+lMHr3cF2Fp
3gHK6GD1jzu5tQ7Zt+FUn93YM6T8Vm0+7um25uvVmdU+GHY6g1gh1YNLRv/yU9uk
c6JHi0Nxr2339aZAwAxYp5YINFksl2yxr1RZXPQb5g5xEl/V7hM72oBoWGx9oE7Z
GVLEJYRk1Bvy5wIxrUMdqM5U7KhcA/OmP7psJkP0ov6+JQOzXHSjZDn4Ng6cUnQb
6vHyYvNvPlHw5ng3NjiGv/ZGUDozR+E9qiIYaLBztsMZCIdo3nd1iN1NtLvh+jQU
xGERHXKaQglOW4VJQVJLhQpD3omuHRBBzfh9tBBMAmxSSdAMcUp+hARkWnFQu8sE
tKihHeKpOXPIyyUFT+q1HthVfE5RCMK6JZlNpvyCaXkPqaHtdqq5GVXr8J9ciZri
cBpWjKQa5CCzB+MA8QU+
=aOdj
-----END PGP SIGNATURE-----