Bug 221526 - GELI passphrase prompt occurs before serial console (FreeBSD 11.1-RELEASE)
Summary: GELI passphrase prompt occurs before serial console (FreeBSD 11.1-RELEASE)
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 11.1-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Allan Jude
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-14 16:43 UTC by jbw
Modified: 2019-03-28 14:03 UTC (History)
3 users (show)

See Also:


Attachments
screenshot of bootloader (79.50 KB, image/png)
2017-08-14 16:43 UTC, jbw
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description jbw 2017-08-14 16:43:28 UTC
Created attachment 185409 [details]
screenshot of bootloader

In FreeBSD 11.1-RELEASE using Encrypted ZFS on root via bsdinstall (no customization), the GELI passphrase prompt occurs before the serial console is initialized, which prevents the system from booting with a serial console.  

The attached screenshot shows the point where the serial console activates, after the passphrase prompt. (at the /boot/config line.)

The following are my settings:


$ cat /boot.config 
-D -S115200


$ cat /boot/loader.conf 
boot_multicons="YES"
boot_serial="YES"
comconsole_speed="115200"
console="comconsole, vidconsole"
aesni_load="YES"
geom_eli_load="YES"
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
vfs.zfs.min_auto_ashift=12
zfs_load="YES"
Comment 1 commit-hook freebsd_committer 2018-06-17 03:19:27 UTC
A commit references this bug:

Author: allanjude
Date: Sun Jun 17 03:18:57 UTC 2018
New revision: 335276
URL: https://svnweb.freebsd.org/changeset/base/335276

Log:
  gptboot, zfsboot, gptzfsboot: Enable the video and serial consoles early

  Normally the serial console is not enabled until /boot.config is read and
  we know how the serial console should be configured.  Initialize the
  consoles early in 'dual' mode (serial & keyboard) with a default serial
  rate of 115200. Then serial is re-initialized once the disk is decrypted
  and the /boot.config file can be read.

  This allows the GELIBoot passphrase to be provided via the serial console.

  PR:		221526
  Requested by:	many
  Reviewed by:	imp
  Sponsored by:	Klara Systems
  Differential Revision:	https://reviews.freebsd.org/D15862

Changes:
  head/stand/i386/gptboot/gptboot.c
  head/stand/i386/zfsboot/zfsboot.c
Comment 2 Allan Jude freebsd_committer 2018-06-17 03:26:13 UTC
This issue should now fixed in FreeBSD 12.0

Can you wait a few days for a snapshot newer than the commit date below, and test this?
Comment 3 commit-hook freebsd_committer 2018-06-20 00:15:17 UTC
A commit references this bug:

Author: allanjude
Date: Wed Jun 20 00:14:54 UTC 2018
New revision: 335398
URL: https://svnweb.freebsd.org/changeset/base/335398

Log:
  Revert r335276

  This was causing issues for people booting.
  I will likely bring this back as an optional feature, similar to
  boot0sio, like gptboot-serial or something.

  PR:		221526
  Reported by:	O. Hartmann <ohartmann@walstatt.org>, Thomas Laus <lausts@acm.org>

Changes:
  head/stand/i386/gptboot/gptboot.c
  head/stand/i386/zfsboot/zfsboot.c