problems entering geli password during boot

S

snurgel

hi

would be nice if someone could help me with the following problem: I have set up a raid with gmirror (gm0) and encrypted it afterwards with geli (gm0.eli). Booting from an usb device (with key) and mounting the encrypted filesystems (gm0.elia, ...) works as expected.

BUT: When I am prompted to enter the password during boot I have to press every key several times (1 to 3 times) before it reckognizes the letter. So I had to make the password prompt visible and appear in dmesg - that's not what I want! I even updated from 7.0 to RELENG 7.1 but it didn't help.

I have already disabled kbdmux in device.hints. This lowered the numer of neccesary keypresses to reckognize a letter from above ten to max 3. But the problem still remains and really annoys me. It seems that the keyboard (atkbd) works before I boot (I can use the loader prompt without any keyboard problem), logging in is also no problem.

Here's the output of my dmesg...
Code: 
 ...
FreeBSD 7.1-RELEASE #1: Wed Jan  7 21:51:41 CET 2009
    xxxx@xxxx:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: VIA C7 Processor 1500MHz (1500.02-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x6d0  Stepping = 0
  Features=0xa7c9baff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE>
  Features2=0x4181<SSE3,EST,TM2,xTPR>
  VIA Padlock Features=0xffcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA>
real memory  = 1005453312 (958 MB)
avail memory = 970108928 (925 MB)
ACPI APIC Table: <CN700  AWRDACPI>
ioapic0 <Version 0.3> irqs 0-23 on motherboard
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cryptosoft0: <software crypto> on motherboard
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
acpi0: <CN700 AWRDACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, 3bde0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
vgapci0: <VGA-compatible display> mem 0xf4000000-0xf7ffffff,0xfb000000-0xfbffffff irq 16 at device 0.0 on pci1
fwohci0: <VIA Fire II (VT6306)> port 0xff00-0xff7f mem 0xfdfff000-0xfdfff7ff irq 19 at device 10.0 on pci0
fwohci0: [FILTER]
fwohci0: OHCI version 1.10 (ROM=1)
fwohci0: No. of Isochronous channels is 4.
fwohci0: EUI64 00:30:18:00:00:a1:37:d7
fwohci0: Phy 1394a available S400, 2 ports.
fwohci0: Link S400, max_rec 2048 bytes.
firewire0: <IEEE1394(FireWire) bus> on fwohci0
fwe0: <Ethernet over FireWire> on firewire0
if_fwe0: Fake Ethernet address: 02:30:18:a1:37:d7
fwe0: Ethernet address: 02:30:18:a1:37:d7
fwip0: <IP over FireWire> on firewire0
fwip0: Firewire address: 00:30:18:00:00:a1:37:d7 @ 0xfffe00000000, S400, maxrec 2048
sbp0: <SBP-2/SCSI over FireWire> on firewire0
dcons_crom0: <dcons configuration ROM> on firewire0
dcons_crom0: bus_addr 0x1378000
fwohci0: Initiate bus reset
fwohci0: BUS reset
fwohci0: node_id=0xc800ffc0, gen=1, CYCLEMASTER mode
atapci0: <VIA 6420 SATA150 controller> port 0xfe00-0xfe07,0xfd00-0xfd03,0xfc00-0xfc07,0xfb00-0xfb03,0xfa00-0xfa0f,0xf200-0xf2ff irq 20 at device 15.0 on pci0
atapci0: [ITHREAD]
ata2: <ATA channel 0> on atapci0
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci0
ata3: [ITHREAD]
atapci1: <VIA 8237 UDMA133 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf900-0xf90f at device 15.1 on pci0
ata0: <ATA channel 0> on atapci1
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci1
ata1: [ITHREAD]
uhci0: <VIA 83C572 USB controller> port 0xf800-0xf81f irq 21 at device 16.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <VIA 83C572 USB controller> port 0xf700-0xf71f irq 21 at device 16.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <VIA 83C572 USB controller> on uhci1
usb1: USB revision 1.0
uhub1: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <VIA 83C572 USB controller> port 0xf600-0xf61f irq 21 at device 16.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <VIA 83C572 USB controller> on uhci2
usb2: USB revision 1.0
uhub2: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
uhci3: <VIA 83C572 USB controller> port 0xf500-0xf51f irq 21 at device 16.3 on pci0
uhci3: [GIANT-LOCKED]
uhci3: [ITHREAD]
usb3: <VIA 83C572 USB controller> on uhci3
usb3: USB revision 1.0
uhub3: <VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
uhub3: 2 ports with 2 removable, self powered
ehci0: <VIA VT6202 USB 2.0 controller> mem 0xfdffe000-0xfdffe0ff irq 21 at device 16.4 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb4: EHCI version 1.0
usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
usb4: <VIA VT6202 USB 2.0 controller> on ehci0
usb4: USB revision 2.0
uhub4: <VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
uhub4: 8 ports with 8 removable, self powered
umass0: <<USB MF> <USB PRODUCT>, class 0/0, rev 2.00/10.01, addr 2> on uhub4
isab0: <PCI-ISA bridge> at device 17.0 on pci0
isa0: <ISA bus> on isab0
pci0: <multimedia, audio> at device 17.5 (no driver attached)
vr0: <VIA VT6102 Rhine II 10/100BaseTX> port 0xee00-0xeeff mem 0xfdffd000-0xfdffd0ff irq 23 at device 18.0 on pci0
vr0: Quirks: 0x0
vr0: Revision: 0x78
miibus0: <MII bus> on vr0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr0: Ethernet address: 00:30:18:ae:77:c4
vr0: [ITHREAD]
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
cpu0: <ACPI CPU> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc0000-0xcffff pnpid ORM0000 on isa0
ppc0: parallel port not found.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 8250 or not responding
sio0: [FILTER]
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1500015525 Hz quality 800
Timecounters tick every 1.000 msec
firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
firewire0: bus manager 0 (me)
ad4: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata2-master SATA150
ad6: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata3-master SATA150
GEOM_MIRROR: Device mirror/gm0 launched (2/2).
Enter passphrase for mirror/gm0: Why doesnt this work correctly
GEOM_ELI: Device mirror/gm0.eli created.
GEOM_ELI: Encryption: AES-CBC 256
GEOM_ELI:     Crypto: hardware
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <SigmaTel MSCN 0100> Removable Direct Access SCSI-4 device 
da0: 40.000MB/s transfers
da0: 996MB (2041344 512 byte sectors: 64H 32S/T 996C)
Trying to mount root from ufs:/dev/mirror/gm0.elia

Maybe someone expected the same problem or has the ability to help me.

Thank you very much
snurgel
 
That doesn't sound normal....
I had no problems with that.

Can you plz show command line how did you create geli encryption
 
I encrypted the gmirror with the command
Code: 
geli init -b -K /boot/keys/gm0.key -s 4096 -l 256 /dev/mirror/gm0

If I enter the password with a lot of patience, pressing every key several times everything works as expected. Filesystems get mounted, etc.
 
I've never tried this on raids. Do you have a spare disk?
You could try same thing on disk and see how that works [also disable raid (unplug power if necessary)]
 
I have same problem, i Think it's somehow connected with letters in password. (Shift+something don't work right with both my computers)
So i've created 2 keys: one with special chars, another w/o. Second works fine.
 
My password only consists of small aflags nd uppercase letters and numbers.
I've tried different ps2 keyboards. I think before christmas I also tried it with a usb one. So that's seems not to be the issue. Maybe it's my Jetway board.I also tried different for atkdb in device.hints, but...
 
Sorry, I dragged some text accidently. What I wanted to say was:
My password only consists of small and uppercase letters and numbers.
I tried different ps2 keyboards. I think before christmas I also tried it with a usb one. Maybe it's my Jetway board. I also tried different flags for atkdb in device.hints (found in man atkbd), but nothing works...
 
i see you have cryptographic card (GEOM_ELI: Crypto: hardware), or is it build in VIA cpu
if you have card try taking it out, or try disabling this cpu feature....

have you compiled anything with custom cflags?


---
off-topic
btw: how much did you pay for crypto card? I want one
 
The Via c7 cpu I use wasn't detected correctly by 7.0 RELEASE I installed first. So the build in encryption acceleration (called Padlock) wasn't activated. The password problem already existed at this point.
Afterwards I tweaked the kernel source and got Padlock working. When I updated to 7.1 (WITHOUT_IP6), CPU and so also Padlock got detected out of the box.
Tried it now without loading padlock module, nothing changes.
 
I have now put kern.geom.debugflags=1 and kern.geom.eli.debug=1 in loader.conf. A higher debuglevel for geli messes the buffer with all disk writes and reads, so I can't see the messages at the beginning in dmesg.
I have also tried a USB-keyboard now but then I can't even enter a single letter.
So if anyone is able to use the debug output...

Code: 
FreeBSD 7.1-RELEASE #1: Wed Jan  7 21:51:41 CET 2009
   xxxxxxx@xxxxxx:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: VIA C7 Processor 1500MHz (1500.01-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x6d0  Stepping = 0
  Features=0xa7c9baff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE>
  Features2=0x4181<SSE3,EST,TM2,xTPR>
  VIA Padlock Features=0xffcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA>
real memory  = 1005453312 (958 MB)
avail memory = 970108928 (925 MB)
ACPI APIC Table: <CN700  AWRDACPI>
ioapic0 <Version 0.3> irqs 0-23 on motherboard
g_ignition
g_modevent(DEV, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3e0, 2, 0)
g_modevent(DISK, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3d0, 2, 0)
g_modevent(MIRROR, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3c0, 2, 0)
g_modevent(MBREXT, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3b0, 2, 0)
g_modevent(MBR, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b3a0, 2, 0)
g_modevent(VFS, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b390, 2, 0)
g_modevent(LABEL, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b380, 2, 0)
g_modevent(SWAP, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b370, 2, 0)
g_modevent(MD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b360, 2, 0)
g_modevent(ELI, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b330, 2, 0)
g_modevent(PART, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b320, 2, 0)
g_modevent(BSD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b310, 2, 0)
g_modevent(ACD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b1e0, 2, 0)
g_modevent(FD, LOAD)
g_post_event_x(0xc073bec0, 0xc3e0b7a0, 2, 0)
g_post_event_x(0xc073bcf0, 0xc3ef13f0, 2, 0)
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cryptosoft0: <software crypto> on motherboard
padlock0: <AES-CBC,SHA1,SHA256> on motherboard
acpi0: <CN700 AWRDACPI> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, 3bde0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
acpi_button0: <Power Button> on acpi0
    ...
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
cpu0: <ACPI CPU> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
acpi_hpet0: <High Precision Event Timer> iomem 0xfe800000-0xfe8003ff on acpi0
device_attach: acpi_hpet0 attach returned 12
pmtimer0 on isa0
   ...
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1500009855 Hz quality 800
Timecounters tick every 1.000 msec
firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
firewire0: bus manager 0 (me)
g_load_class(DEV)
g_load_class(DISK)
g_load_class(MIRROR)
g_load_class(MBREXT)
g_load_class(MBR)
g_load_class(VFS)
g_load_class(LABEL)
g_load_class(SWAP)
g_load_class(MD)
g_load_class(ELI)
g_load_class(PART)
g_load_class(BSD)
g_load_class(ACD)
g_load_class(FD)
g_retaste(PART)
ad4: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata2-master SATA150
g_post_event_x(0xc0735dd0, 0xc41e0c00, 2, 0)
  ref 0xc41e0c00
g_post_event_x(0xc073abf0, 0xc41b1580, 2, 0)
  ref 0xc41b1580
  ref 0xc41b1600
bsd_taste(BSD,ad4)
g_slice_spoiled(0xc4087ac0/ad4)
g_wither_geom(0xc41b1480(ad4))
g_part_taste(PART,ad4)
g_wither_geom(0xc41b1400(ad4))
g_eli_taste(ELI, ad4)
g_detach(0xc4087a40)
g_destroy_consumer(0xc4087a40)
g_destroy_geom(0xc41b1380(eli:taste))
g_label_taste(LABEL, ad4)
ad6: 476940MB <WDC WD5000AACS-00G8B1 05.04C05> at ata3-master SATA150
g_post_event_x(0xc0735dd0, 0xc4074e00, 2, 0)
  ref 0xc4074e00
g_detach(0xc4087a00)
g_destroy_consumer(0xc4087a00)
g_destroy_geom(0xc41b1300(label:taste))
mbr_taste(MBR,ad4)
g_slice_spoiled(0xc4087640/ad4)
g_wither_geom(0xc41b1100(ad4))
g_mbrext_taste(MBREXT,ad4)
g_mirror_taste(MIRROR, ad4)
g_detach(0xc4087600)
g_destroy_consumer(0xc4087600)
g_destroy_geom(0xc41b1000(mirror:taste))
g_post_event_x(0xc073adf0, 0xc41b1580, 2, 0)
  ref 0xc41b1580
dev_taste(DEV,ad4)
g_post_event_x(0xc073abf0, 0xc409db80, 2, 0)
  ref 0xc409db80
  ref 0xc409dc00
g_slice_spoiled(0xc4087640/ad4)
g_wither_geom(0xc41b1100(ad4))
g_part_spoiled(ad4)
g_wither_geom(0xc41b1400(ad4))
g_slice_spoiled(0xc4087ac0/ad4)
g_wither_geom(0xc41b1480(ad4))
bsd_taste(BSD,ad6)
g_slice_spoiled(0xc4087500/ad6)
g_wither_geom(0xc409dd00(ad6))
g_part_taste(PART,ad6)
g_wither_geom(0xc41b1200(ad6))
g_eli_taste(ELI, ad6)
g_detach(0xc4087480)
g_destroy_consumer(0xc4087480)
g_destroy_geom(0xc41b1500(eli:taste))
g_label_taste(LABEL, ad6)
g_detach(0xc4087440)
g_destroy_consumer(0xc4087440)
g_destroy_geom(0xc41b1000(label:taste))
mbr_taste(MBR,ad6)
g_slice_spoiled(0xc4087600/ad6)
g_wither_geom(0xc3e0a900(ad6))
g_mbrext_taste(MBREXT,ad6)
g_mirror_taste(MIRROR, ad6)
g_detach(0xc4087a00)
g_destroy_consumer(0xc4087a00)
g_destroy_geom(0xc3e0ab00(mirror:taste))
g_post_event_x(0xc073adf0, 0xc409db80, 2, 0)
  ref 0xc409db80
g_post_event_x(0xc073abf0, 0xc3e0ac80, 2, 0)
  ref 0xc3e0ac80
  ref 0xc409de80
GEOM_MIRROR: Device mirror/gm0 launched (2/2).
dev_taste(DEV,ad6)
g_slice_spoiled(0xc4087600/ad6)
g_wither_geom(0xc3e0a900(ad6))
g_part_spoiled(ad6)
g_wither_geom(0xc41b1200(ad6))
g_slice_spoiled(0xc4087500/ad6)
g_wither_geom(0xc409dd00(ad6))
bsd_taste(BSD,mirror/gm0)
g_slice_spoiled(0xc407ae80/mirror/gm0)
g_wither_geom(0xc3e0ae00(mirror/gm0))
g_part_taste(PART,mirror/gm0)
g_wither_geom(0xc3e0ae80(mirror/gm0))
g_eli_taste(ELI, mirror/gm0)
g_detach(0xc4091e00)
g_destroy_consumer(0xc4091e00)
g_destroy_geom(0xc3e4b000(eli:taste))
GEOM_ELI[1]: Loaded keyfile /boot/keys/gm0.key for mirror/gm0 (type: mirror/gm0:geli_keyfile0).
Enter passphrase for mirror/gm0: ItShouldWork
GEOM_ELI[1]: Using Master Key 0 for mirror/gm0.
GEOM_ELI[1]: Creating device mirror/gm0.eli.
g_post_event_x(0xc073adf0, 0xc3e0ac80, 2, 0)
  ref 0xc3e0ac80
g_post_event_x(0xc073abf0, 0xc3e0a280, 2, 0)
  ref 0xc3e0a280
  ref 0xc3e0a680
GEOM_ELI[0]: Device mirror/gm0.eli created.
GEOM_ELI[0]: Encryption: AES-CBC 256
GEOM_ELI[0]:     Crypto: hardware
g_label_taste(LABEL, mirror/gm0)
g_post_event_x(0xc0735dd0, 0xc4221400, 2, 0)
  ref 0xc4221400
GEOM_ELI[1]: Thread g_eli[0] mirror/gm0 started.
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <SigmaTel MSCN 0100> Removable Direct Access SCSI-4 device 
da0: 40.000MB/s transfers
da0: 996MB (2041344 512 byte sectors: 64H 32S/T 996C)
g_detach(0xc4092380)
g_destroy_consumer(0xc4092380)
g_destroy_geom(0xc41b1380(label:taste))
mbr_taste(MBR,mirror/gm0)
g_slice_spoiled(0xc4087340/mirror/gm0)
  ... 
lines and lines of GEOM output
  ...
 
solved. it works with an usb keyboard

To use the USB-keyboard I had FreeBSD to disable the atkbd, because the password can only be entered with the first activated keyboard.
To do this I set hint.atkbd.0.disabled="1" in /boot/device.hints or set it in the loader prompt.

It works now! :)
 
I think I will just leave it and buy an usb-keyboard and do it this way. My configuration is in no way special, but here it is..
  • kernel is GENERIC
  • make.conf:
    WITHOUT_IP6=​
  • rc.conf
    hostname="xxxxxxx"
    geli_autodetach="YES"
    sshd_enable="YES"
    ifconfig_vr0="inet 192.168.0.5 netmask 255.255.255.0"
    defaultrouter="192.168.0.1"​
  • device.hints
    ... (GENERIC)
    # deactivate atkbd to enable usb keyboard
    hint.atkbd.0.disabled="1"​
  • in rc.shutdown I added
    /sbin/geli detach -l mirror/gm0
    to detach on last write, otherwise gmirror would rebuild one of the disks every reboot
 
It's a known problem (as you might know), without a solution or generic workaround, unfortunately.

See here:
kern/105368
kern/120090

I use GELI on a couple of completely different systems since 6.0-RELEASE. Disabling kbdmux helps in some but not all cases. Thats why I enabled kern.geom.eli.visible_passphrase="1" to use GELI which prevents me from using my computer in conferences or whenever someone else sits next to me :(

We need help from developers here.

cheers,
Honk
 
I have the same problem on my Thinkpad T61.
It's rather odd, this installation is a dump/restore of my desktop system, which works fine.
It also worked OK with my previous T61, which had mostly the same hardware ...

Disabling kbdmux fixed it ...
 
snurgel said:
I think I will just leave it and buy an usb-keyboard and do it this way. My configuration is in no way special, but here it is..
  • kernel is GENERIC
  • make.conf:
    WITHOUT_IP6=​
Click to expand...

  • Just a side note:
    this should be:
    Code: 
    WITHOUT_IPV6=YES
 
Receiving the similar problem on 7.2-RELEASE.

geli over gmirror.
When booted from livecd - encrypted provider attaches/deattaches without any problem with the supplied passphrase.
But during boot from bootcd/usbstick the passphrase doesnt work.
The error message is the same "wrong key for mirror/gm0" either I type correct passphrase or no.
The keyboard seems to be working correctly.

I suppose my loader.conf to be wrong:
Code: 
geli_gm0_keyfile0_load="YES"
geli_gm0_keyfile0_type="gm0:geli_keyfile0"
geli_gm0_keyfile0_name="/boot/keys/gm0.key"
kern.geom.eli.visible_passphrase=1

Should I replace gm0 with something like mirror/gm0 ?
Maybe some other suggestions?
 
Gorthaur said:
I suppose my loader.conf to be wrong:
Code: 
geli_gm0_keyfile0_load="YES"
geli_gm0_keyfile0_type="gm0:geli_keyfile0"
geli_gm0_keyfile0_name="/boot/keys/gm0.key"
kern.geom.eli.visible_passphrase=1

Should I replace gm0 with something like mirror/gm0 ?
Maybe some other suggestions?
Click to expand...

Ok I suddenly got a solution by trying different combinations:
Code: 
geli_mirror_gm0_keyfile0_load="YES"
geli_mirror_gm0_keyfile0_type="mirror/gm0:geli_keyfile0"
geli_mirror_gm0_keyfile0_name="/boot/keys/gm0.key"

Works like a charm.
 
I've been having the same issue (password not accepted from keyboard on boot) when trying to setup the geli data in /boot/loader.conf. I tried all the suggestions in this thread to no avail. However, because I'm not encrypting root, I realized I could put the config in /etc/rc.conf.

So instead of putting this in /boot/loader.conf:
Code: 
geli_ad0s1e_keyfile0_load="YES"
geli_ad0s1e_keyfile0_type="ad0s1e:geli_keyfile0"
geli_ad0s1e_keyfile0_name="/boot/keys/ad0s1e.key"

I put this in /etc/rc.conf:
Code: 
geli_devices="ad0s1e"
geli_ad0s1e_flags="-k /boot/keys/ad0s1e.key"

I get prompted for the password in the exact same (apparent) place in boot, but now it accepts my password. *shrug* No, I don't really know why, but it works and that's good enough for the moment.
 
FIY: With 8.0-RELEASE it seems that the problem is fixed?! I don't have problems anymore and I did not have to disable kbdmux etc.

:)

Update:
The Release Notes state:

[7.2R] The atkbd(4) driver now disables the interrupt handler which is called from the keyboard callback function when polled mode is enabled. This fixes the problem of duplicated/missing characters at the mountroot prompt on multi CPU systems while kbdmux is enabled.
Click to expand...
 
geli encryption and USB keyboard do not work.

No, the problem is not fixed in FreeBSD 8.0. Everything went fine until I set up an encrypted partition. After that my USB keyboard seemed unresponsive. I did some troubleshooting and took atkbd out of my kernel CONFIG file. That allowed me to enter my password, but once I hit enter the console acted like the enter key was stuck. The only way I could regain control of the computer was to either hard boot or through an ssh session. My solution was to remove GEOM_ELI crypto from my kernel CONFIG file.

-JJ
 
You must log in or register to reply here.
Back
Top