Summary: | GELI boot-time unlock fails with separate passphrase and keyfile | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | cyberleo | ||||||
Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||||
Status: | Open --- | ||||||||
Severity: | Affects Only Me | CC: | grahamperrin | ||||||
Priority: | --- | ||||||||
Version: | 10.0-RELEASE | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Created attachment 149432 [details]
Patch to modify GELI boot time unlock behaviour
Patch reworked for 10.1, since the zero-loop has been co-opted for cached passphrase support.
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi> |
Created attachment 147290 [details] Patch to modify GELI boot time unlock behaviour Just realized I never upstreamed this patch. I've been using it for about half a year without issue. If a container has a keyfile in one slot and a passphrase in the other, the boot-time unlock code will get confused and assume they are to be combined, resulting in a container that cannot be unlocked during boot when its keyfile is preloaded.