Hi,
boot(8) displays "unknown KDF type 2" if the keydisk is missing...
>> OpenBSD/amd64 BOOT 3.33
unknown KDF type 2
open(sr0a:/etc/boot.conf): Operation not permitted
boot>
The following diff makes boot(8) display slightly better information...
>> OpenBSD/amd64 BOOT 3.33
missing keydisk
open(sr0a:/etc/boot.conf): Operation not permitted
boot>
Index: softraid.c
===================================================================
RCS file: /cvs/src/sys/lib/libsa/softraid.c,v
retrieving revision 1.2
diff -u -p -r1.2 softraid.c
--- softraid.c 18 Sep 2016 16:34:59 -0000 1.2
+++ softraid.c 10 Nov 2017 07:20:34 -0000
@@ -151,6 +151,9 @@ sr_crypto_decrypt_keys(struct sr_boot_vo
}
if (kd) {
bcopy(&kd->kd_key, &kdfinfo.maskkey, sizeof(kdfinfo.maskkey));
+ } else if (kdfhint->generic.type == SR_CRYPTOKDFT_KEYDISK) {
+ printf("missing keydisk\n");
+ goto done;
} else {
if (kdfhint->generic.type != SR_CRYPTOKDFT_PKCS5_PBKDF2 &&
kdfhint->generic.type != SR_CRYPTOKDFT_BCRYPT_PBKDF) {
