kern.geom.eli.boot_passcache doesn't work anymore in 11.2-RELEASE for additional disks

mr44er mr44er at gmail.com
Fri Aug 17 13:52:20 UTC 2018 

I have a geli-encrypted zroot which was created with Auto (ZFS) Guided 
Root-on-ZFS during fresh installation of 11.1-RELEASE. No bootpool 
anymore, Partition scheme GPT (BIOS)

The additional disks were prepared with 'geli init -b' to set only the 
BOOT-flag and the same password as the disks for zroot.

Worked as expected: bootloader asked only one time for password and 
during boot every encrypted disk was attached.

Since upgrading to 11.2-RELEASE geli asks during boot a second time for 
the password when it tries to attach the additional disks. This is like 
the old style, when this line gets lost between other boot-messages. The 
system won't boot further at this point. Typing the password 'blind' and 
geli will attach every additional disk. So far no any other errors.

Being irritated, I did a complete reinstall with a 11.2 image from 
usb-stick, but geli asks still twice for the password.

Some input:

sysctl -a | grep kern.geom.eli
kern.geom.eli.key_cache_misses: 0
kern.geom.eli.key_cache_hits: 0
kern.geom.eli.key_cache_limit: 8192
kern.geom.eli.boot_passcache: 1
kern.geom.eli.batch: 0
kern.geom.eli.threads: 0
kern.geom.eli.overwrites: 5
kern.geom.eli.visible_passphrase: 0
kern.geom.eli.tries: 3
kern.geom.eli.debug: 0
kern.geom.eli.version: 7

zpool status zroot
   pool: zroot
  state: ONLINE
   scan: none requested
config:

     NAME            STATE     READ WRITE CKSUM
     zroot           ONLINE       0     0     0
       mirror-0      ONLINE       0     0     0
         ada0p3.eli  ONLINE       0     0     0
         ada1p3.eli  ONLINE       0     0     0
         ada2p3.eli  ONLINE       0     0     0

errors: No known data errors

geli list ada0p3.eli
Geom name: ada0p3.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT, GELIBOOT
KeysAllocated: 67
KeysTotal: 67
Providers:
1. Name: ada0p3.eli
    Mediasize: 285711790080 (266G)
    Sectorsize: 4096
    Mode: r1w1e1
Consumers:
1. Name: ada0p3
    Mediasize: 285711794176 (266G)
    Sectorsize: 512
    Stripesize: 4096
    Stripeoffset: 0
    Mode: r1w1e1

geli list da0.eli
Geom name: da0.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT
KeysAllocated: 466
KeysTotal: 466
Providers:
1. Name: da0.eli
    Mediasize: 2000398929920 (1.8T)
    Sectorsize: 4096
    Mode: r1w1e2
Consumers:
1. Name: da0
    Mediasize: 2000398934016 (1.8T)
    Sectorsize: 512
    Stripesize: 4096
    Stripeoffset: 0
    Mode: r1w1e1

More information about the freebsd-stable mailing list