Bug 157863

Summary: [geli] kbdmux prevents geli passwords from being entered properly on boot
Product: Base System Reporter: rsimmons0
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me    
Priority: Normal    
Version: 8.2-RELEASE   
Hardware: Any   
OS: Any   

Description rsimmons0 2011-06-14 05:00:20 UTC 
If you initialize a geli encrypted provider using the "-b" flag to have it ask for the password during boot and you have kbdmux enabled as it is by default there is a conflict and the correct password is not accepted.

Fix: 

The workaround is to add the following line to /boot/device.hints
hint.kbdmux.0.disabled="1"

You can confirm that you are entering the correct password by adding the following line to /boot/loader.conf
kern.geom.eli.visible_passphrase=1
How-To-Repeat: Initialize a geli encrypted provider with the "-b" option.
Add it to fstab so it is mounted at boot.
Reboot.
Notice that the correct password is rejected.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2011-06-14 08:09:10 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-geom

affects geli
Comment 2 Thomas Steen Rasmussen / Tykling 2012-06-13 13:19:40 UTC 
Hello,

Just to let everyone know that this is still an issue.

I am trying to install FreeBSD 9.0 amd64 on a Lenovo X121e and I
can't get it to accept the geli passphrase during boot. I've confirmed
using kern.geom.eli.visible_passphrase=1 that the passphrase is
correct, and the same passphrase is accepted when the system is
booted up.

I've tried disabling kbdmux in /boot/device.hints like the PR said,
but that didn't help. I also tried disabling atkbd and atkbdc without
any luck, infact I couldn't type anything at all when disabling those.

Any hints or suggestions to what I might try ? I have another 9-stable
laptop that mounts a geli volume at boot, no idea why that one works
and this new one doesn't.


Thanks in advance,

/Thomas Steen Rasmussen
Comment 3 Fabian Keil 2012-06-13 14:01:57 UTC 
Thomas Steen Rasmussen <thomas@gibfest.dk> wrote:

> Just to let everyone know that this is still an issue.
> 
> I am trying to install FreeBSD 9.0 amd64 on a Lenovo X121e and I
> can't get it to accept the geli passphrase during boot. I've confirmed
> using kern.geom.eli.visible_passphrase=1 that the passphrase is
> correct, and the same passphrase is accepted when the system is
> booted up.
> 
> I've tried disabling kbdmux in /boot/device.hints like the PR said,
> but that didn't help. I also tried disabling atkbd and atkbdc without
> any luck, infact I couldn't type anything at all when disabling those.


If disabling kbdmux doesn't help, it sounds like a different issue to me.

> Any hints or suggestions to what I might try ? I have another 9-stable
> laptop that mounts a geli volume at boot, no idea why that one works
> and this new one doesn't.


Are you using the password together with a keyfile?

I've misconfigured the keyfile in loader.conf in the past,
which results in the valid password not being accepted.

Obviously the setup then magically works later on when the
keyfile is specified correctly on the command line.

If you aren't using keyfiles, you could try setting up an USB
stick with geli, to confirm that the same media works on one
laptop, but doesn't on the other.

Fabian
Comment 4 Thomas Steen Rasmussen / Tykling 2012-06-13 14:20:26 UTC 
On 13-06-2012 15:01, Fabian Keil wrote:
> Thomas Steen Rasmussen <thomas@gibfest.dk> wrote:
>
>> Just to let everyone know that this is still an issue.
>>
>> I am trying to install FreeBSD 9.0 amd64 on a Lenovo X121e and I
>> can't get it to accept the geli passphrase during boot. I've confirmed
>> using kern.geom.eli.visible_passphrase=1 that the passphrase is
>> correct, and the same passphrase is accepted when the system is
>> booted up.
>>
>> I've tried disabling kbdmux in /boot/device.hints like the PR said,
>> but that didn't help. I also tried disabling atkbd and atkbdc without
>> any luck, infact I couldn't type anything at all when disabling those.
>
> If disabling kbdmux doesn't help, it sounds like a different issue to me.

You are right, shame on me for polluting an innocent PR with
unrelated stuff. More info below.

>
>> Any hints or suggestions to what I might try ? I have another 9-stable
>> laptop that mounts a geli volume at boot, no idea why that one works
>> and this new one doesn't.
>
> Are you using the password together with a keyfile?

Yes I am.

> I've misconfigured the keyfile in loader.conf in the past,
> which results in the valid password not being accepted.
>
> Obviously the setup then magically works later on when the
> keyfile is specified correctly on the command line.

This (a small typo in keyfile in loader.conf) was the
problem, and I need to get my eyes examined :-)

geli could be better at explaining the problem though.

Thank you Fabian! Just what I needed.


Apologies for the noise,
Thomas Steen Rasmussen
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:11 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped