On 11/16/2014 11:29 PM, Pawel Jakub Dawidek wrote: > On Sat, Nov 15, 2014 at 07:04:38PM -0600, CyberLeo Kitsana wrote: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193624 >> >> I've reworked the patch to apply to 10.1-RELEASE, and am now using it >> successfully. >> >> The proper fix for this issue is most likely a new metadata version to >> set the md_iterations per-keyslot instead of per-container, but I didn't >> want to introduce incompatibility without input from the current GELI >> maintainers; this patch works with the layout as-is. >> >> If a GELI container has a keyfile in one slot and a passphrase in the >> other (to implement automatic boot-time unlock with offline key escrow, >> for example), the boot-time unlock code will get confused and assume the >> key and passphrase are to be combined, resulting in a container that >> cannot be unlocked during boot when its keyfile is preloaded. The >> included patch attempts to unlock using only the keyfile first. > > Hi, > > thanks for the patch, but I'd prefer to fix it properly, ie. allow for > each key slot to have its dedicated iterations counter. Do you think > this is something you could work on?
I think so. I'll see what I can do. It might take a bit, though, as, for that, I must familiarize myself with the userland portions as well. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <[email protected]> Furry Peace! - http://www.fur.com/peace/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "[email protected]"
