Bug 193624 - [Patch] GELI boot-time unlock fails with separate passphrase and keyfile
Summary: [Patch] GELI boot-time unlock fails with separate passphrase and keyfile
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.0-RELEASE
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-14 03:17 UTC by cyberleo
Modified: 2014-11-15 09:20 UTC (History)
0 users

See Also:


Attachments
Patch to modify GELI boot time unlock behaviour (2.23 KB, patch)
2014-09-14 03:17 UTC, cyberleo
no flags Details | Diff
Patch to modify GELI boot time unlock behaviour (2.02 KB, patch)
2014-11-15 09:20 UTC, cyberleo
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description cyberleo 2014-09-14 03:17:49 UTC
Created attachment 147290 [details]
Patch to modify GELI boot time unlock behaviour

Just realized I never upstreamed this patch. I've been using it for about half a year without issue.

If a container has a keyfile in one slot and a passphrase in the other,
the boot-time unlock code will get confused and assume they are to be
combined, resulting in a container that cannot be unlocked during boot
when its keyfile is preloaded.
Comment 1 cyberleo 2014-11-15 09:20:22 UTC
Created attachment 149432 [details]
Patch to modify GELI boot time unlock behaviour

Patch reworked for 10.1, since the zero-loop has been co-opted for cached passphrase support.