https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193624
I've reworked the patch to apply to 10.1-RELEASE, and am now using it successfully. The proper fix for this issue is most likely a new metadata version to set the md_iterations per-keyslot instead of per-container, but I didn't want to introduce incompatibility without input from the current GELI maintainers; this patch works with the layout as-is. If a GELI container has a keyfile in one slot and a passphrase in the other (to implement automatic boot-time unlock with offline key escrow, for example), the boot-time unlock code will get confused and assume the key and passphrase are to be combined, resulting in a container that cannot be unlocked during boot when its keyfile is preloaded. The included patch attempts to unlock using only the keyfile first. Thanks! -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <[email protected]> Furry Peace! - http://www.fur.com/peace/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "[email protected]"
