221526 – GELI passphrase prompt occurs before serial console (FreeBSD 11.1-RELEASE)

Bug 221526 - GELI passphrase prompt occurs before serial console (FreeBSD 11.1-RELEASE)

Summary: GELI passphrase prompt occurs before serial console (FreeBSD 11.1-RELEASE)

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	11.1-RELEASE
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	Allan Jude

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-14 16:43 UTC by jbw
Modified:	2024-01-20 22:32 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
screenshot of bootloader (79.50 KB, image/png) 2017-08-14 16:43 UTC, jbw	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jbw 2017-08-14 16:43:28 UTC

Created attachment 185409 [details]
screenshot of bootloader

In FreeBSD 11.1-RELEASE using Encrypted ZFS on root via bsdinstall (no customization), the GELI passphrase prompt occurs before the serial console is initialized, which prevents the system from booting with a serial console.  

The attached screenshot shows the point where the serial console activates, after the passphrase prompt. (at the /boot/config line.)

The following are my settings:


$ cat /boot.config 
-D -S115200


$ cat /boot/loader.conf 
boot_multicons="YES"
boot_serial="YES"
comconsole_speed="115200"
console="comconsole, vidconsole"
aesni_load="YES"
geom_eli_load="YES"
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
vfs.zfs.min_auto_ashift=12
zfs_load="YES"

Comment 1 commit-hook freebsd_committer

2018-06-17 03:19:27 UTC

A commit references this bug:

Author: allanjude
Date: Sun Jun 17 03:18:57 UTC 2018
New revision: 335276
URL: https://svnweb.freebsd.org/changeset/base/335276

Log:
  gptboot, zfsboot, gptzfsboot: Enable the video and serial consoles early

  Normally the serial console is not enabled until /boot.config is read and
  we know how the serial console should be configured.  Initialize the
  consoles early in 'dual' mode (serial & keyboard) with a default serial
  rate of 115200. Then serial is re-initialized once the disk is decrypted
  and the /boot.config file can be read.

  This allows the GELIBoot passphrase to be provided via the serial console.

  PR:		221526
  Requested by:	many
  Reviewed by:	imp
  Sponsored by:	Klara Systems
  Differential Revision:	https://reviews.freebsd.org/D15862

Changes:
  head/stand/i386/gptboot/gptboot.c
  head/stand/i386/zfsboot/zfsboot.c

Comment 2 Allan Jude freebsd_committer

2018-06-17 03:26:13 UTC

This issue should now fixed in FreeBSD 12.0

Can you wait a few days for a snapshot newer than the commit date below, and test this?

Comment 3 commit-hook freebsd_committer

2018-06-20 00:15:17 UTC

A commit references this bug:

Author: allanjude
Date: Wed Jun 20 00:14:54 UTC 2018
New revision: 335398
URL: https://svnweb.freebsd.org/changeset/base/335398

Log:
  Revert r335276

  This was causing issues for people booting.
  I will likely bring this back as an optional feature, similar to
  boot0sio, like gptboot-serial or something.

  PR:		221526
  Reported by:	O. Hartmann <ohartmann@walstatt.org>, Thomas Laus <lausts@acm.org>

Changes:
  head/stand/i386/gptboot/gptboot.c
  head/stand/i386/zfsboot/zfsboot.c

Comment 4 Mark Linimon freebsd_committer

2024-01-20 22:32:30 UTC

^Triage: committed back in 2018.