Problem reports for g...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- Open|237269 | panic in glabel (g_label_destroy) stop after resi Open|238814 | geom: topology lock being dropped in dumpconf of Open|242747 | geli: AMD Epyc+GELI not using Hardware AES 3 problems total for which you should take action.
geli boot- never attempts to decrypt, fails at mountroot
loader.conf aesni_load="YES" kern.racct.enable=1 geom_eli_load="YES" kern.geom.label.disk_ident.enable="0" kern.geom.label.gptid.enable="0" zfs_load="YES" vfs.zfs.arc_max=128M geli_vtbd0p4_keyfile_load="YES" geli_vtbd0p4_keyfile_type="vtbd0p4:geli_keyfile0" geli_vtbd0p4_keyfile_name="/boot/zroot.key" vfs.root.mountfrom="zfs:zroot/ROOT/default" GPT partition layout on vtbd0 with 4 partitions 1 freebsd-boot 2 freebsd-ufs 1G partition with /boot 3 freebsd-swap 4 freebsd-zfs, geli encrypted with 256-bit zroot.key that's on vtbd0p2 this same setup works successfully on different machines; the only differences are the following - identifiers- zpool name, filename of key, etc (loader.conf is identical otherwise, as far as i can tell from visual inspection) - actual number of partitions (some hosts don't have swap, some hosts have additional partitions) - amount of memory, size of disk, etc (this host has only 512MB memory) - actual hypervisor being provided by my hosting provider (don't see how that would matter though) among the systems, the kernels, /boot/loader binary, /boot/kernel/geom_eli.ko binary, are all identical as confirmed by md5 other notes - the problem host in question doesn't display any messages about geli during boot, other than the loader noting that it has loaded the key and the specified modules - it just arrives at mountroot, which fails (since the provider hasn't been decrypted) - booting from a CD, i can geli attach without issues, using the key in vtbd0p2 - default options on geli except keysize 256 wondering what further steps i can take to diagnose this issue thanks
Re: geli boot- never attempts to decrypt, fails at mountroot
in a stunning display, stepped away from the computer for a few minutes and thought i should check for the BOOT flag, whether i had somehow missed setting the flag during initialisation... sure enough the BOOT flag was missing (as checked with geli dump vtbd0p4, flags were 0x0). after manually attaching it i ran geli configure -bd vtbd0p4 it now prompts for password on boot as expected sorry for the noise, should have been obvious but this will serve for anyone who searches this same issue, i guess. --- Original Message --- On Sunday, November 27th, 2022 at 11:10 PM, jmblqe wrote: > loader.conf > > aesni_load="YES" > kern.racct.enable=1 > geom_eli_load="YES" > kern.geom.label.disk_ident.enable="0" > kern.geom.label.gptid.enable="0" > zfs_load="YES" > vfs.zfs.arc_max=128M > > geli_vtbd0p4_keyfile_load="YES" > geli_vtbd0p4_keyfile_type="vtbd0p4:geli_keyfile0" > geli_vtbd0p4_keyfile_name="/boot/zroot.key" > vfs.root.mountfrom="zfs:zroot/ROOT/default" > > GPT partition layout on vtbd0 with 4 partitions > 1 freebsd-boot > 2 freebsd-ufs 1G partition with /boot > 3 freebsd-swap > 4 freebsd-zfs, geli encrypted with 256-bit zroot.key that's on vtbd0p2 > > this same setup works successfully on different machines; the only > differences are the following > > - identifiers- zpool name, filename of key, etc (loader.conf is identical > otherwise, as far as i can tell from visual inspection) > - actual number of partitions (some hosts don't have swap, some hosts have > additional partitions) > - amount of memory, size of disk, etc (this host has only 512MB memory) > - actual hypervisor being provided by my hosting provider (don't see how that > would matter though) > > among the systems, the kernels, /boot/loader binary, /boot/kernel/geom_eli.ko > binary, are all identical as confirmed by md5 > > other notes > > - the problem host in question doesn't display any messages about geli during > boot, other than the loader noting that it has loaded the key and the > specified modules > - it just arrives at mountroot, which fails (since the provider hasn't been > decrypted) > - booting from a CD, i can geli attach without issues, using the key in > vtbd0p2 > - default options on geli except keysize 256 > > wondering what further steps i can take to diagnose this issue > thanks
