Bug 193624
| Summary: | GELI boot-time unlock fails with separate passphrase and keyfile | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | cyberleo | ||||||
| Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||||
| Status: | Open --- | ||||||||
| Severity: | Affects Only Me | CC: | grahamperrin | ||||||
| Priority: | --- | ||||||||
| Version: | 10.0-RELEASE | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
Created attachment 149432 [details]
Patch to modify GELI boot time unlock behaviour
Patch reworked for 10.1, since the zero-loop has been co-opted for cached passphrase support.
Keyword:
patch
or patch-ready
– in lieu of summary line prefix:
[patch]
* bulk change for the keyword
* summary lines may be edited manually (not in bulk).
Keyword descriptions and search interface:
<https://bugs.freebsd.org/bugzilla/describekeywords.cgi>
|
Created attachment 147290 [details] Patch to modify GELI boot time unlock behaviour Just realized I never upstreamed this patch. I've been using it for about half a year without issue. If a container has a keyfile in one slot and a passphrase in the other, the boot-time unlock code will get confused and assume they are to be combined, resulting in a container that cannot be unlocked during boot when its keyfile is preloaded.