hi

would be nice if someone could help me with the following problem: I have set up a raid with gmirror (gm0) and encrypted it afterwards with geli (gm0.eli). Booting from an usb device (with key) and mounting the encrypted filesystems (gm0.elia, ...) works as expected.

BUT: When I am prompted to enter the password during boot I have to press every key several times (1 to 3 times) before it reckognizes the letter. So I had to make the password prompt visible and appear in dmesg - that's not what I want! I even updated from 7.0 to RELENG 7.1 but it didn't help.

I have already disabled kbdmux in device.hints. This lowered the numer of neccesary keypresses to reckognize a letter from above ten to max 3. But the problem still remains and really annoys me. It seems that the keyboard (atkbd) works before I boot (I can use the loader prompt without any keyboard problem), logging in is also no problem.

Here's the output of my dmesg...

...
FreeBSD 7.1-RELEASE #1: Wed Jan 7 21:51:41 CET 2009
xxxx@xxxx:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: VIA C7 Processor 1500MHz (1500.02-MHz 686-class CPU)
Origin = "CentaurHauls" Id = 0x6d0 Stepping = 0
Features=0xa7c9baff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,C MOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE>
Features2=0x4181<SSE3,EST,TM2,xTPR>
VIA Padlock Features=0xffcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA>
real memory = 1005453312 (958 MB)
avail memory = 970108928 (925 MB)
ACPI APIC Table: <CN700 AWRDACPI>
ioapic0 <Version 0.3> irqs 0-23 on motherboard
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cryptosoft0: <software crypto> on motherboard
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
acpi0: <CN700 AWRDACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, 3bde0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
vgapci0: <VGA-compatible display> mem 0xf4000000-0xf7ffffff,0xfb000000-0xfbffffff irq 16 at device 0.0 on pci1
fwohci0: <VIA Fire II (VT6306)> port 0xff00-0xff7f mem 0xfdfff000-0xfdfff7ff irq 19 at device 10.0 on pci0
fwohci0: [FILTER]
fwohci0: OHCI version 1.10 (ROM=1)
fwohci0: No. of Isochronous channels is 4.
fwohci0: EUI64 00:30:18:00:00:a1:37:d7
fwohci0: Phy 1394a available S400, 2 ports.
fwohci0: Link S400, max_rec 2048 bytes.
firewire0: <IEEE1394(FireWire) bus> on fwohci0
fwe0: <Ethernet over FireWire> on firewire0
if_fwe0: Fake Ethernet address: 02:30:18:a1:37:d7
fwe0: Ethernet address: 02:30:18:a1:37:d7
fwip0: <IP over FireWire> on firewire0
fwip0: Firewire address: 00:30:18:00:00:a1:37:d7 @ 0xfffe00000000, S400, maxrec 2048
sbp0: <SBP-2/SCSI over FireWire> on firewire0
dcons_crom0: <dcons configuration ROM> on firewire0
dcons_crom0: bus_addr 0x1378000
fwohci0: Initiate bus reset
fwohci0: BUS reset
fwohci0: node_id=0xc800ffc0, gen=1, CYCLEMASTER mode
atapci0: <VIA 6420 SATA150 controller> port 0xfe00-0xfe07,0xfd00-0xfd03,0xfc00-0xfc07,0xfb00-0xfb03,0xfa00-0xfa0f,0xf200-0xf2ff irq 20 at device 15.0 on pci0
atapci0: [ITHREAD]
ata2: <ATA channel 0> on atapci0
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci0
ata3: [ITHREAD]
atapci1: <VIA 8237 UDMA133 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf900-0xf90f at device 15.1 on pci0
ata0: <ATA channel 0> on atapci1
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci1
ata1: [ITHREAD]
uhci0: <VIA 83C572 USB controller> port 0xf800-0xf81f irq 21 at device 16.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <VIA 83C572 USB controller> port 0xf700-0xf71f irq 21 at device 16.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <VIA 83C572 USB controller> on uhci1
usb1: USB revision 1.0
uhub1: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <VIA 83C572 USB controller> port 0xf600-0xf61f irq 21 at device 16.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <VIA 83C572 USB controller> on uhci2
usb2: USB revision 1.0
uhub2: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
uhci3: <VIA 83C572 USB controller> port 0xf500-0xf51f irq 21 at device 16.3 on pci0
uhci3: [GIANT-LOCKED]
uhci3: [ITHREAD]
usb3: <VIA 83C572 USB controller> on uhci3
usb3: USB revision 1.0
uhub3: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
uhub3: 2 ports with 2 removable, self powered
ehci0: <VIA VT6202 USB 2.0 controller> mem 0xfdffe000-0xfdffe0ff irq 21 at device 16.4 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb4: EHCI version 1.0
usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
usb4: <VIA VT6202 USB 2.0 controller> on ehci0
usb4: USB revision 2.0
uhub4: <VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
uhub4: 8 ports with 8 removable, self powered
umass0: <<USB MF> <USB PRODUCT>, class 0/0, rev 2.00/10.01, addr 2> on uhub4
isab0: <PCI-ISA bridge> at device 17.0 on pci0
isa0: <ISA bus> on isab0
pci0: <multimedia, audio> at device 17.5 (no driver attached)
vr0: <VIA VT6102 Rhine II 10/100BaseTX> port 0xee00-0xeeff mem 0xfdffd000-0xfdffd0ff irq 23 at device 18.0 on pci0
vr0: Quirks: 0x0
vr0: Revision: 0x78
miibus0: <MII bus> on vr0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr0: Ethernet address: 00:30:18:ae:77:c4
vr0: [ITHREAD]
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
cpu0: <ACPI CPU> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc0000-0xcffff pnpid ORM0000 on isa0
ppc0: parallel port not found.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 8250 or not responding
sio0: [FILTER]
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1500015525 Hz quality 800
Timecounters tick every 1.000 msec
firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
firewire0: bus manager 0 (me)
ad4: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata2-master SATA150
ad6: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata3-master SATA150
GEOM_MIRROR: Device mirror/gm0 launched (2/2).
Enter passphrase for mirror/gm0: Why doesnt this work correctly
GEOM_ELI: Device mirror/gm0.eli created.
GEOM_ELI: Encryption: AES-CBC 256
GEOM_ELI: Crypto: hardware
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <SigmaTel MSCN 0100> Removable Direct Access SCSI-4 device
da0: 40.000MB/s transfers
da0: 996MB (2041344 512 byte sectors: 64H 32S/T 996C)
Trying to mount root from ufs:/dev/mirror/gm0.elia


Maybe someone expected the same problem or has the ability to help me.

Thank you very much
snurgel

That doesn't sound normal....
I had no problems with that.

Can you plz show command line how did you create geli encryption

I encrypted the gmirror with the command
geli init -b -K /boot/keys/gm0.key -s 4096 -l 256 /dev/mirror/gm0

If I enter the password with a lot of patience, pressing every key several times everything works as expected. Filesystems get mounted, etc.

I've never tried this on raids. Do you have a spare disk?
You could try same thing on disk and see how that works [also disable raid (unplug power if necessary)]

I have same problem, i Think it's somehow connected with letters in password. (Shift+something don't work right with both my computers)
So i've created 2 keys: one with special chars, another w/o. Second works fine.

try using caps-lock instead of shift
or try different keyboard.... [seams keyb issue]

Sorry, i meant special chars like !@#$%^&*()_+

PS. I've tried different ones, but only USB ones

I always use them in my password without any problems

My password only consists of small aflags nd uppercase letters and numbers.
I've tried different ps2 keyboards. I think before christmas I also tried it with a usb one. So that's seems not to be the issue. Maybe it's my Jetway board.I also tried different for atkdb in device.hints, but...

Sorry, I dragged some text accidently. What I wanted to say was:
My password only consists of small and uppercase letters and numbers.
I tried different ps2 keyboards. I think before christmas I also tried it with a usb one. Maybe it's my Jetway board. I also tried different flags for atkdb in device.hints (found in man atkbd), but nothing works...

i see you have cryptographic card (GEOM_ELI: Crypto: hardware), or is it build in VIA cpu
if you have card try taking it out, or try disabling this cpu feature....

have you compiled anything with custom cflags?


---
off-topic
btw: how much did you pay for crypto card? I want one

The Via c7 cpu I use wasn't detected correctly by 7.0 RELEASE I installed first. So the build in encryption acceleration (called Padlock) wasn't activated. The password problem already existed at this point.
Afterwards I tweaked the kernel source and got Padlock working. When I updated to 7.1 (WITHOUT_IP6), CPU and so also Padlock got detected out of the box.
Tried it now without loading padlock module, nothing changes.

I have now put kern.geom.debugflags=1 and kern.geom.eli.debug=1 in loader.conf. A higher debuglevel for geli messes the buffer with all disk writes and reads, so I can't see the messages at the beginning in dmesg.
I have also tried a USB-keyboard now but then I can't even enter a single letter.
So if anyone is able to use the debug output...


FreeBSD 7.1-RELEASE #1: Wed Jan 7 21:51:41 CET 2009
xxxxxxx@xxxxxx:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: VIA C7 Processor 1500MHz (1500.01-MHz 686-class CPU)
Origin = "CentaurHauls" Id = 0x6d0 Stepping = 0
Features=0xa7c9baff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,C MOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE>
Features2=0x4181<SSE3,EST,TM2,xTPR>
VIA Padlock Features=0xffcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA>
real memory = 1005453312 (958 MB)
avail memory = 970108928 (925 MB)
ACPI APIC Table: <CN700 AWRDACPI>
ioapic0 <Version 0.3> irqs 0-23 on motherboard
g_ignition
g_modevent(DEV, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3e0, 2, 0)
g_modevent(DISK, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3d0, 2, 0)
g_modevent(MIRROR, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3c0, 2, 0)
g_modevent(MBREXT, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3b0, 2, 0)
g_modevent(MBR, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3a0, 2, 0)
g_modevent(VFS, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b390, 2, 0)
g_modevent(LABEL, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b380, 2, 0)
g_modevent(SWAP, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b370, 2, 0)
g_modevent(MD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b360, 2, 0)
g_modevent(ELI, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b330, 2, 0)
g_modevent(PART, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b320, 2, 0)
g_modevent(BSD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b310, 2, 0)
g_modevent(ACD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b1e0, 2, 0)
g_modevent(FD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b7a0, 2, 0)
g_post_event_x(0xc073bcf0, 0xc3ef13f0, 2, 0)
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cryptosoft0: <software crypto> on motherboard
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
acpi0: <CN700 AWRDACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, 3bde0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
acpi_button0: <Power Button> on acpi0
...
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
cpu0: <ACPI CPU> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
pmtimer0 on isa0
...
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1500009855 Hz quality 800
Timecounters tick every 1.000 msec
firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
firewire0: bus manager 0 (me)
g_load_class(DEV)
g_load_class(DISK)
g_load_class(MIRROR)
g_load_class(MBREXT)
g_load_class(MBR)
g_load_class(VFS)
g_load_class(LABEL)
g_load_class(SWAP)
g_load_class(MD)
g_load_class(ELI)
g_load_class(PART)
g_load_class(BSD)
g_load_class(ACD)
g_load_class(FD)
g_retaste(PART)
ad4: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata2-master SATA150
g_post_event_x(0xc0735dd0, 0xc41e0c00, 2, 0)
ref 0xc41e0c00
g_post_event_x(0xc073abf0, 0xc41b1580, 2, 0)
ref 0xc41b1580
ref 0xc41b1600
bsd_taste(BSD,ad4)
g_slice_spoiled(0xc4087ac0/ad4)
g_wither_geom(0xc41b1480(ad4))
g_part_taste(PART,ad4)
g_wither_geom(0xc41b1400(ad4))
g_eli_taste(ELI, ad4)
g_detach(0xc4087a40)
g_destroy_consumer(0xc4087a40)
g_destroy_geom(0xc41b1380(eli:taste))
g_label_taste(LABEL, ad4)
ad6: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata3-master SATA150
g_post_event_x(0xc0735dd0, 0xc4074e00, 2, 0)
ref 0xc4074e00
g_detach(0xc4087a00)
g_destroy_consumer(0xc4087a00)
g_destroy_geom(0xc41b1300(label:taste))
mbr_taste(MBR,ad4)
g_slice_spoiled(0xc4087640/ad4)
g_wither_geom(0xc41b1100(ad4))
g_mbrext_taste(MBREXT,ad4)
g_mirror_taste(MIRROR, ad4)
g_detach(0xc4087600)
g_destroy_consumer(0xc4087600)
g_destroy_geom(0xc41b1000(mirror:taste))
g_post_event_x(0xc073adf0, 0xc41b1580, 2, 0)
ref 0xc41b1580
dev_taste(DEV,ad4)
g_post_event_x(0xc073abf0, 0xc409db80, 2, 0)
ref 0xc409db80
ref 0xc409dc00
g_slice_spoiled(0xc4087640/ad4)
g_wither_geom(0xc41b1100(ad4))
g_part_spoiled(ad4)
g_wither_geom(0xc41b1400(ad4))
g_slice_spoiled(0xc4087ac0/ad4)
g_wither_geom(0xc41b1480(ad4))
bsd_taste(BSD,ad6)
g_slice_spoiled(0xc4087500/ad6)
g_wither_geom(0xc409dd00(ad6))
g_part_taste(PART,ad6)
g_wither_geom(0xc41b1200(ad6))
g_eli_taste(ELI, ad6)
g_detach(0xc4087480)
g_destroy_consumer(0xc4087480)
g_destroy_geom(0xc41b1500(eli:taste))
g_label_taste(LABEL, ad6)
g_detach(0xc4087440)
g_destroy_consumer(0xc4087440)
g_destroy_geom(0xc41b1000(label:taste))
mbr_taste(MBR,ad6)
g_slice_spoiled(0xc4087600/ad6)
g_wither_geom(0xc3e0a900(ad6))
g_mbrext_taste(MBREXT,ad6)
g_mirror_taste(MIRROR, ad6)
g_detach(0xc4087a00)
g_destroy_consumer(0xc4087a00)
g_destroy_geom(0xc3e0ab00(mirror:taste))
g_post_event_x(0xc073adf0, 0xc409db80, 2, 0)
ref 0xc409db80
g_post_event_x(0xc073abf0, 0xc3e0ac80, 2, 0)
ref 0xc3e0ac80
ref 0xc409de80
GEOM_MIRROR: Device mirror/gm0 launched (2/2).
dev_taste(DEV,ad6)
g_slice_spoiled(0xc4087600/ad6)
g_wither_geom(0xc3e0a900(ad6))
g_part_spoiled(ad6)
g_wither_geom(0xc41b1200(ad6))
g_slice_spoiled(0xc4087500/ad6)
g_wither_geom(0xc409dd00(ad6))
bsd_taste(BSD,mirror/gm0)
g_slice_spoiled(0xc407ae80/mirror/gm0)
g_wither_geom(0xc3e0ae00(mirror/gm0))
g_part_taste(PART,mirror/gm0)
g_wither_geom(0xc3e0ae80(mirror/gm0))
g_eli_taste(ELI, mirror/gm0)
g_detach(0xc4091e00)
g_destroy_consumer(0xc4091e00)
g_destroy_geom(0xc3e4b000(eli:taste))
GEOM_ELI[1]: Loaded keyfile /boot/keys/gm0.key for mirror/gm0 (type: mirror/gm0:geli_keyfile0).
Enter passphrase for mirror/gm0: ItShouldWork
GEOM_ELI[1]: Using Master Key 0 for mirror/gm0.
GEOM_ELI[1]: Creating device mirror/gm0.eli.
g_post_event_x(0xc073adf0, 0xc3e0ac80, 2, 0)
ref 0xc3e0ac80
g_post_event_x(0xc073abf0, 0xc3e0a280, 2, 0)
ref 0xc3e0a280
ref 0xc3e0a680
GEOM_ELI[0]: Device mirror/gm0.eli created.
GEOM_ELI[0]: Encryption: AES-CBC 256
GEOM_ELI[0]: Crypto: hardware
g_label_taste(LABEL, mirror/gm0)
g_post_event_x(0xc0735dd0, 0xc4221400, 2, 0)
ref 0xc4221400
GEOM_ELI[1]: Thread g_eli[0] mirror/gm0 started.
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <SigmaTel MSCN 0100> Removable Direct Access SCSI-4 device
da0: 40.000MB/s transfers
da0: 996MB (2041344 512 byte sectors: 64H 32S/T 996C)
g_detach(0xc4092380)
g_destroy_consumer(0xc4092380)
g_destroy_geom(0xc41b1380(label:taste))
mbr_taste(MBR,mirror/gm0)
g_slice_spoiled(0xc4087340/mirror/gm0)
...
lines and lines of GEOM output
...

To use the USB-keyboard I had FreeBSD to disable the atkbd, because the password can only be entered with the first activated keyboard.
To do this I set hint.atkbd.0.disabled="1" in /boot/device.hints or set it in the loader prompt.

It works now! :)

plz post kernel config, /etc/make.conf, device.hints and rc.conf

I think I will just leave it and buy an usb-keyboard and do it this way. My configuration is in no way special, but here it is..

kernel is GENERIC
make.conf:
WITHOUT_IP6=
rc.conf
hostname="xxxxxxx"
geli_autodetach="YES"
sshd_enable="YES"
ifconfig_vr0="inet 192.168.0.5 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
device.hints
... (GENERIC)
# deactivate atkbd to enable usb keyboard
hint.atkbd.0.disabled="1"
in rc.shutdown I added
/sbin/geli detach -l mirror/gm0

to detach on last write, otherwise gmirror would rebuild one of the disks every reboot

It's a known problem (as you might know), without a solution or generic workaround, unfortunately.

See here:
kern/105368
kern/120090

I use GELI on a couple of completely different systems since 6.0-RELEASE. Disabling kbdmux helps in some but not all cases. Thats why I enabled kern.geom.eli.visible_passphrase="1" to use GELI which prevents me from using my computer in conferences or whenever someone else sits next to me :(

We need help from developers here.

cheers,
Honk

Got bitten by the same bug, fortunately for me, disabling kbdmux does the trick.

I have the same problem on my Thinkpad T61.
It's rather odd, this installation is a dump/restore of my desktop system, which works fine.
It also worked OK with my previous T61, which had mostly the same hardware ...

Disabling kbdmux fixed it ...

I think I will just leave it and buy an usb-keyboard and do it this way. My configuration is in no way special, but here it is..
[LIST]
kernel is GENERIC
make.conf:
WITHOUT_IP6=

Just a side note:
this should be:
WITHOUT_IPV6=YES

Receiving the similar problem on 7.2-RELEASE.

geli over gmirror.
When booted from livecd - encrypted provider attaches/deattaches without any problem with the supplied passphrase.
But during boot from bootcd/usbstick the passphrase doesnt work.
The error message is the same "wrong key for mirror/gm0" either I type correct passphrase or no.
The keyboard seems to be working correctly.

I suppose my loader.conf to be wrong:

geli_gm0_keyfile0_load="YES"
geli_gm0_keyfile0_type="gm0:geli_keyfile0"
geli_gm0_keyfile0_name="/boot/keys/gm0.key"
kern.geom.eli.visible_passphrase=1


Should I replace gm0 with something like mirror/gm0 ?
Maybe some other suggestions?

I suppose my loader.conf to be wrong:

geli_gm0_keyfile0_load="YES"
geli_gm0_keyfile0_type="gm0:geli_keyfile0"
geli_gm0_keyfile0_name="/boot/keys/gm0.key"
kern.geom.eli.visible_passphrase=1


Should I replace gm0 with something like mirror/gm0 ?
Maybe some other suggestions?

Ok I suddenly got a solution by trying different combinations:

geli_mirror_gm0_keyfile0_load="YES"
geli_mirror_gm0_keyfile0_type="mirror/gm0:geli_keyfile0"
geli_mirror_gm0_keyfile0_name="/boot/keys/gm0.key"


Works like a charm.

I've been having the same issue (password not accepted from keyboard on boot) when trying to setup the geli data in /boot/loader.conf. I tried all the suggestions in this thread to no avail. However, because I'm not encrypting root, I realized I could put the config in /etc/rc.conf.

So instead of putting this in /boot/loader.conf:
geli_ad0s1e_keyfile0_load="YES"
geli_ad0s1e_keyfile0_type="ad0s1e:geli_keyfile0"
geli_ad0s1e_keyfile0_name="/boot/keys/ad0s1e.key"

I put this in /etc/rc.conf:
geli_devices="ad0s1e"
geli_ad0s1e_flags="-k /boot/keys/ad0s1e.key"

I get prompted for the password in the exact same (apparent) place in boot, but now it accepts my password. *shrug* No, I don't really know why, but it works and that's good enough for the moment.

FIY: With 8.0-RELEASE it seems that the problem is fixed?! I don't have problems anymore and I did not have to disable kbdmux etc.

:)

Update:
The Release Notes (http://www.freebsd.org/releases/8.0R/relnotes-detailed.html) state:

[7.2R] The atkbd(4) driver now disables the interrupt handler which is called from the keyboard callback function when polled mode is enabled. This fixes the problem of duplicated/missing characters at the mountroot prompt on multi CPU systems while kbdmux is enabled.

No, the problem is not fixed in FreeBSD 8.0. Everything went fine until I set up an encrypted partition. After that my USB keyboard seemed unresponsive. I did some troubleshooting and took atkbd out of my kernel CONFIG file. That allowed me to enter my password, but once I hit enter the console acted like the enter key was stuck. The only way I could regain control of the computer was to either hard boot or through an ssh session. My solution was to remove GEOM_ELI crypto from my kernel CONFIG file.

-JJ

Thats why I enabled kern.geom.eli.visible_passphrase="1" to use GELI which prevents me from using my computer in conferences or whenever someone else sits next to me :(


The solution may be quite simple and I wonder why geli developer didn't include it from the beginning as I suppose that implementations of crypted FS in other systems have always visible but starred password, and that can be achieved easily with just few lines listed below. I use kernel patched that way and it seems nothing else is broken.


--- sys/libkern/gets.c.orig 2011-04-14 22:04:25.234478722 +0200
+++ sys/libkern/gets.c 2011-04-14 22:04:32.606479912 +0200
@@ -54 +54,3 @@
- if (visible)
+ if (visible > 1)
+ printf("* \b");
+ else if (visible == 1)
@@ -63 +65,3 @@
- if (visible)
+ if (visible > 1)
+ printf("*");
+ else if (visible == 1)


Now in /boot/loader.conf
kern.geom.eli.visible_passphrase=2
(or any value greater than 1) to get starred password. Now it's easier to control which letters are really typed and which need to be retyped as no star is printed.