Summary: | Can't decrypt disks on ZFS+Geli installation after order of devices changed | ||
---|---|---|---|
Product: | Base System | Reporter: | florian.ermisch |
Component: | bin | Assignee: | freebsd-fs (Nobody) <fs> |
Status: | New --- | ||
Severity: | Affects Only Me | CC: | allanjude, fk |
Priority: | --- | ||
Version: | 10.2-RELEASE | ||
Hardware: | Any | ||
OS: | Any |
Description
florian.ermisch
2016-01-23 13:54:48 UTC
PS: Would affect other people if they manage to change to order in which FreeBSD enumerates their disks. If I don't misinterpret the code, bsdinstall puts the plain disk name into loader.conf when specifying the keyfile. Updating the keyfile entry/entries should solve the problem. To prevent the issue in the first place, bsdinstall could use GPT labels. The ElectroBSD installer cloudiatr does this and reordering disks doesn't seem to cause any problems. Example: geli_gpt_rpool-ada0_keyfile0_load="YES" geli_gpt_rpool-ada0_keyfile0_type="gpt/rpool-ada0:geli_keyfile0" geli_gpt_rpool-ada0_keyfile0_name="/boot/rpool.key" [...] geli_gpt_rpool-ada3_keyfile0_load="YES" geli_gpt_rpool-ada3_keyfile0_type="gpt/rpool-ada3:geli_keyfile0" geli_gpt_rpool-ada3_keyfile0_name="/boot/rpool.key" Putting the original disk name into the label is a bit confusing when the disk name changes, though, so I'm considering using generic names like disk1, disk2 etc. in the future. CC'in Alan who worked on the relevant bsdinstall code in the past. (In reply to Fabian Keil from comment #2) The bit of this related to the GELIBoot commit, was meant to quickly be followed by a patch to the installer to create a single encrypted pool, without using key files (because they are not supported by GELIBoot yet) This change was delayed due to problems encountered, and my personal lack of time to fix them. I hope to have a patch for the installer soon that will not use key files if the configuration allows a GELIBoot style install (GPT, ZFS, single pool) The reason GPT labels were not used was: A) support for MBR B) GPT labels disappear if the disk_ident label is used first (this caused issues when GPT labels were used for swap in previous versions) |