On Mon, 19 Aug 2019 06:27:34 +0800 Ben Woods <woods...@gmail.com> wrote:
> On Mon, 19 Aug 2019 at 3:05 am, Marco Steinbach > <c...@executive-computing.de> wrote: > > > On Sun, 18 Aug 2019 10:20:51 -0500 > > CyberLeo Kitsana <cyber...@cyberleo.net> wrote: > > > > > On 8/18/19 8:46 AM, Marco Steinbach wrote: > > > > Hi. > > > > > > > > I have two bootable SSDs, both installed using a GELI encrypted > > > > root on ZFS. > > > > > > <snip> > > > > > > > I've then imported the bootpool from da0, and mounted it, so I > > > > can try using the key in boot/ > > > > > > > > root@bsdbuch:~ # geli attach > > > > -k /bootpool/boot/ada0p5.eli /dev/da0p5 Enter passphrase: > > > > geli: Wrong key for da0p5. > > > > > > Did you intend on combining both a keyfile AND a passphrase here? > > > If not, include the -p option to instruct geli to avoid asking > > > for a passphrase to mix in. > > > > > > It might also help to include the output of 'geli dump' for both > > > of the affected providers. You can obscure the 'Salt' and 'Master > > > Key' portions if you so desire. > > > > > > > I think there's a misunderstanding. > > > > I merely want to attach the GELI created by the 11.1 installer to a > > newly installed 11.3 system. > > > > MfG CoCo > > > Indeed, but what secrets do you need to provide to decrypt the geli > providers (passphrase, passfile, keyfile)? The command above will use > both a keyfile and prompt for a passphrase - was this your intention? > > The “attach” section of this manpage has more details if required: > > https://man.freebsd.org/geli > What secrets do I need to provide, if I installed a root on ZFS on top of GELI using the FreeBSD installer (no manual intervention, really just what the installer offered) on the 11.1-RELEASE memstick, if I want to attach that provider to an 11.3-RELEASE system ? As I wrote, I have two SSDs both installed using the FreeBSD installer using root on ZFS on top of GELI. One was installed using the 11.1-RELEASE memstick, the other was installed using the 11.3-RELEASE memstick. I can attach the 11.3-RELEASE from the 11.1-RELEASE (just doing 'geli attach /dev/da0p5), but not vice versa. Both use the same passphrase, and both boot using this same passphrase. Since GELI on the 11.3-RELEASE system told me 'geli: wrong key for da0p5' when trying to attach the 11.1-RELEASE GELI provider, I tried using the keyfile generated by the 11.1-RELEASE installer in conjunction with the passphrase. That also failed. MfG CoCo _______________________________________________ freebsd-geom@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom-unsubscr...@freebsd.org"
