[Bug 281762] Kernel hangs when booting from geli encrypted rootfs without cryptodev loaded

Sun, 29 Sep 2024 10:04:39 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281762

            Bug ID: 281762
           Summary: Kernel hangs when booting from geli encrypted rootfs
                    without cryptodev loaded
           Product: Base System
           Version: 14.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: b...@freebsd.org
          Reporter: henrichhart...@tuta.io

I was trying to install 14.1-RELEASE on a machine that predates AES-NI (not
sure if it matters). I did a BIOS install.

I first tried the geli init -b method where /boot is unencrypted. This yielded
the same kind of hang. I could enter the password, it'd load a couple modules,
then hang with no error.

I then did geli init -g to include encrypted rootfs. Not sure if this would
impact ZFS or not, but I did it on UFS.

Here's the instructions I followed:

geli(8) encrypted root-on-UFS for BIOS boot only

1. Create partition table

  gpart create -s gpt ada0

2. Create FreeBSD boot code partition, add boot code

  gpart add -t freebsd-boot -s 512k -l gptboot0 ada0
  gpart bootcode -b /boot/pmbr  -p /boot/gptboot -i 1 ada0

3. Create root partition for geli(8) provider

  gpart add -t freebsd-ufs -a 1m -l ufsroot0 ada0

4. Initialize root file system geli(8) provider, attach provider

  geli init -g -l 128 -e AES-CBC -s 4096 ada0p2
  geli attach ada0p2

5. Construct UFS2 (softupdates, TRIM, no journaling) file system on geli(8)
provider

   newfs -t ada0p2.eli

   Note: -U is default since 14.1

6. Install system distribution files

   mount /dev/ada0p2.eli  /mnt
   cd /usr/freebsd-dist

   tar xfC base.txz  /mnt
   tar xfC kernel.txz  /mnt

7. Configure system bootstrap information

   vi /mnt/boot/loader.conf

       geom_eli_load="YES"


   vi /mnt/etc/fstab

       /dev/ada0p2.eli      /       ufs     rw      1       1

   exit

8. Reboot system, configure system

I ended up with the same hang, this time after starting devd. I simply added ' 
     cryptodev_load="YES"' to /boot/loader.conf and the system came up fine
without hanging.

This is using AES-CBC without AES-NI, not sure if it matters.

Thank you!

Related forum thread:
https://forums.freebsd.org/threads/freebsd-14-1-hanging-with-encrypted-rootfs-ufs-geli-bios.95138/

Thanks to T-Daemon for help/information about the geli init -g method working
with BIOS booting.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to