GELI doesn't ask passphrase on boot

Pawel Jakub Dawidek pjd at FreeBSD.org
Tue Nov 22 03:12:37 PST 2005 

On Mon, Nov 14, 2005 at 04:46:37PM +0200, Alexey Luckyanchikov wrote:
+> On Sun, 13 Nov 2005, Pawel Jakub Dawidek wrote:
+> 
+> PJD> +> After boot "dmesg -a | fgrep -i eli" show:
+> PJD> +> GEOM_ELI[1]: Start tasting.
+> PJD> +> g_modevent(ELI, LOAD)
+> PJD> +> g_load_class(ELI)
+> PJD> +> g_eli_taste(ELI, ad0)
+> PJD> +> GEOM_ELI[3]: Tasting ad0.
+> PJD> +> g_destroy_geom(0xc1257300(eli:taste))
+> PJD> +> g_eli_taste(ELI, ad0s1)
+> PJD> +> GEOM_ELI[3]: Tasting ad0s1.
+> PJD> +> g_destroy_geom(0xc1256e80(eli:taste))
+> PJD> +> GEOM_ELI[1]: Tasting no more.
+> PJD> +> g_eli_taste(ELI, ad0s1a)
+> PJD> +> g_eli_taste(ELI, ad0s1b)
+> PJD> +> g_eli_taste(ELI, ad0s1c)
+> PJD> +> g_eli_taste(ELI, ad1)
+> PJD> +> g_eli_taste(ELI, ad1s1)
+> PJD> +> g_eli_taste(ELI, ad1s1a)
+> PJD> +> g_eli_taste(ELI, ad1s1c)
+> PJD> +> g_eli_taste(ELI, ad0s1a)
+> PJD> +> 
+> PJD> +> It seems that problem is in g_eli.c, line 1092:
+> PJD> +> SYSINIT(geli_boot_end, SI_SUB_RUN_SCHEDULER, SI_ORDER_ANY, g_eli_on_boot_end, NULL)
+> PJD> +> geli_boot_end() called before GELI finish tasting.
+> PJD> 
+> PJD> Use this feature only for encrypting root file system.
+> PJD> In case of other file systems, check out /etc/defaults/rc.conf for
+> PJD> examples of geli configuration on boot.
+> 
+> It was just an experiment, actually I want to encrypt root partition.
+> Let us assume that ad0 contain only unencrypted /boot and /etc/fstab
+> with:
+> /dev/ad1s1a.eli		/	ufs	rw	1	1
+> AIUI GELI doesn't ask passphrase on boot for /dev/ad1s1a.eli.
+> 
+> Could you explain "right way" to create encrypted root partition?

You are right, something is wrong here.

Hard to say how it can be fixed easly... There is root_mount() KPI for
delying root file system mount, but you have to know that there is a
reason to delay it.

Maybe root_mount() KPI should be used in GEOM itself, to delay root
mount if there are provider for taste...

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20051122/bba873ac/attachment.bin

More information about the freebsd-geom mailing list