Bug 193624

Summary: [Patch] GELI boot-time unlock fails with separate passphrase and keyfile
Product: Base System Reporter: cyberleo
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Only Me    
Priority: ---    
Version: 10.0-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to modify GELI boot time unlock behaviour
none
Patch to modify GELI boot time unlock behaviour none

Description cyberleo 2014-09-14 03:17:49 UTC
Created attachment 147290 [details]
Patch to modify GELI boot time unlock behaviour

Just realized I never upstreamed this patch. I've been using it for about half a year without issue.

If a container has a keyfile in one slot and a passphrase in the other,
the boot-time unlock code will get confused and assume they are to be
combined, resulting in a container that cannot be unlocked during boot
when its keyfile is preloaded.
Comment 1 cyberleo 2014-11-15 09:20:22 UTC
Created attachment 149432 [details]
Patch to modify GELI boot time unlock behaviour

Patch reworked for 10.1, since the zero-loop has been co-opted for cached passphrase support.