I have a server with two pools, one unencrypted (boot-pool) and one encrypted with personal data and services that is brought up manually after the system has booted. Part of the encrypted pool is a Samsung EVO 850 SSD as ZIL and L2ARC. This device is locked/unlocked via "camcontrol security".
This has all worked rather well in my previous 10.1 setup. While booting with the locked device there are a lot of errors when probing the device, but no real issue. Unlocking works perfectly well and the device is immediately available.
Now, after upgrading to 10.3 the kernel hangs on detecting the devices. This was particularly tricky to find out, because on a non-verbose boot you cannot see it / the boot hangs at different points depending on periphals. But, when verbose boot is activated it always hangs on
(which is the SSD)
I have also reproduced this with different motherboards. On one of them selecting "safe boot" actually boots the system with no problems. It is then possible to unlock the SSD and reboot in regular mode because the lock-state survives reboots. → this "proves" that it is the locked state that is causing the problem with 10.3
Just selecting the old kernel from the boot-loader makes the system boot normally, which is what I have set it up to do now, but I don't want to stay with the old kernel too much longer for obvious reasons. I just got lucky, that the old kernel still works with the new userland.
Thank you for your help!
Any news on this? Anything I can do to help?
Four years later, and the problem persists. FreeBSD-12.1 and a snapshot of FreeBSD-13 hang at the same location. Possibly related debug output of FreeBSD13 when booting:
uma_zalloc_debug: zone "kenv" with the following non-sleepable locks held:
exclusive sleep mutex CAM device lock (CAM device lock) r = 0(....)
locked @ /usr/src/sys/cam/scsi/scsi_pass.c:674
While ZFS native encryption will allow using unencrypted SLOGs on SSDs in the future, FreeBSD should still be able to boot a computer that contains a locked self-encrypted device (SED). This is definitely a bug and a regression.
My system is currently in a state where it is barely maintainable with no upgrade path. Please let me know if there is anything I can do to help fix this.
Please also tell whether this issue will be acted upon in the near future or whether I should look for different solutions (e.g. Linux with ZFS).