USB pen encryption at boot-time

From: Michael Gusek <michael.gusek_at_web.de>
Date: Thu, 21 Jan 2010 17:39:01 +0100
Hi,

i'm trying to decrypt an usb pen at boot. For this, i encrypt a slice on 
a pen:

geli init -b -P -K da0.key /dev/da0s1a

On my pc, the pen should encrypt on boot, so i have this in loader.conf:

geom_eli_load="YES"
geli_da0s1a_keyfile0_load="YES"
geli_da0s1a_keyfile0_type="da0s1a:geli_keyfile0"
geli_da0s1a_keyfile0_name="/boot/keys/da0.key"

But it isn't encrypt on boot. I'm running 8.0-RELEASE on a Soekris 5501. 
If i encrypt another partition of my hard-disk (ad0s1b), this will be 
encrypt on boot time. So i think, this is a problem with the usb-stack ? 
In dmesg you can see geli is trying to find a key for ad0s1b, but not for
/dev/da0s1a which is my encrypted slice on the usb pen. Yes, i can 
manually 'geli attach -p -k /boot/keys/da0.key /dev/da0s1a' after login. 
Hier is my dmesg:

Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
     The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.0-RELEASE #2 r200252: Thu Jan 21 16:08:33 CET 2010
     micha_at_kerkyra.vanguard.de:/usr/obj/usr/src/sys/ZSVA
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Geode(TM) Integrated Processor by AMD PCS (433.25-MHz 586-class CPU)
   Origin = "AuthenticAMD"  Id = 0x5a2  Stepping = 2
   Features=0x88a93d<FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CLFLUSH,MMX>
   AMD Features=0xc0400000<MMX+,3DNow!+,3DNow!>
real memory  = 268435456 (256 MB)
avail memory = 252272640 (240 MB)
kbd1 at kbdmux0
K6-family MTRR support enabled (2 registers)
ACPI Error: A valid RSDP was not found 20090521 tbxfroot-309
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: <software crypto> on motherboard
pcib0: <Host to PCI bridge> pcibus 0 on motherboard
pci0: <PCI bus> on pcib0
Geode LX: Soekris net5501 comBIOS ver. 1.33 20070103 Copyright (C) 2000-2007
glxsb0: <AMD Geode LX Security Block (AES-128-CBC, RNG)> mem 
0xa0000000-0xa0003fff irq 10 at device 1.2 on pci0
vr0: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe100-0xe1ff mem 
0xa0004000-0xa00040ff irq 11 at device 6.0 on pci0
vr0: Quirks: 0x2
vr0: Revision: 0x96
miibus0: <MII bus> on vr0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr0: Ethernet address: 00:00:24:cb:5d:e0
vr0: [ITHREAD]
vr1: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe200-0xe2ff mem 
0xa0004100-0xa00041ff irq 5 at device 7.0 on pci0
vr1: Quirks: 0x2
vr1: Revision: 0x96
miibus1: <MII bus> on vr1
ukphy1: <Generic IEEE 802.3u media interface> PHY 1 on miibus1
ukphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr1: Ethernet address: 00:00:24:cb:5d:e1
vr1: [ITHREAD]
vr2: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe300-0xe3ff mem 
0xa0004200-0xa00042ff irq 9 at device 8.0 on pci0
vr2: Quirks: 0x2
vr2: Revision: 0x96
miibus2: <MII bus> on vr2
ukphy2: <Generic IEEE 802.3u media interface> PHY 1 on miibus2
ukphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, autoad0s1b
vr2: Ethernet address: 00:00:24:cb:5d:e2
vr2: [ITHREAD]
vr3: <VIA VT6105M Rhine III 10/100BaseTX> port 0xe400-0xe4ff mem 
0xa0004300-0xa00043ff irq 12 at device 9.0 on pci0
vr3: Quirks: 0x2
vr3: Revision: 0x96
miibus3: <MII bus> on vr3
ukphy3: <Generic IEEE 802.3u media interface> PHY 1 on miibus3
ukphy3:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
vr3: Ethernet address: 00:00:24:cb:5d:e3
vr3: [ITHREAD]
pci0: <processor> at device 17.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 20.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <AMD CS5536 UDMA100 controller> port 
0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 20.2 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
ohci0: <OHCI (generic) USB controller> mem 0xa0010000-0xa0010fff irq 7 
at device 21.0 on pci0
ohci0: [ITHREAD]
usbus0: <OHCI (generic) USB controller> on ohci0
ehci0: <AMD CS5536 (Geode) USB 2.0 controller> mem 0xa0011000-0xa0011fff 
irq 7 at device 21.1 on pci0
ehci0: [ITHREAD]
usbus1: EHCI version 1.0
usbus1: <AMD CS5536 (Geode) USB 2.0 controller> on ehci0
cpu0 on motherboard
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc8000-0xd27ff pnpid ORM0000 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
atrtc0: <AT Real Time Clock> at port 0x70 irq 8 on isa0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: [FILTER]
uart0: console (19200,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
uart1: [FILTER]
Timecounter "TSC" frequency 433250443 Hz quality 800
Timecounters tick every 1.000 msec
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 480Mbps High Speed USB v2.0
ad0: 1953MB <SanDisk SDCFX3-2048 HDX 4.32> at ata0-master WDMA2
ugen0.1: <AMD> at usbus0
uhub0: <AMD OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <AMD> at usbus1
uhub1: <AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
GEOM: ad0s1: geometry does not match label (255h,63s != 16h,63s).
GEOM_ELI: Found no key files in loader.conf for ad0s1b.
Root mount waiting for: usbus1 usbus0
uhub0: 4 ports with 4 removable, self powered
Root mount waiting for: usbus1
uhub1: 4 ports with 4 removable, self powered
Root mount waiting for: usbus1
ugen1.2: <JetFlash> at usbus1
umass0: <JetFlash Mass Storage Device, class 0/0, rev 2.00/1.00, addr 2> 
on usbus1
umass0:  SCSI over Bulk-Only; quirks = 0x0100
Root mount waiting for: usbus1
umass0:0:0:-1: Attached to scbus0
Trying to mount root from ufs:/dev/label/root(probe0:umass-sim0:0:0:0): 
TEST UNIT READY. CDB: 0 0 0 0 0 0
(probe0:umass-sim0:0:0:0): CAM Status: SCSI Status Error
(probe0:umass-sim0:0:0:0): SCSI Status: Check Condition
(probe0:umass-sim0:0:0:0): UNIT ATTENTION asc:28,0
(probe0:umass-sim0:0:0:0): Not ready to ready change, medium may have 
changed
(probe0:umass-sim0:0:0:0): Retrying Command (per Sense Data)

da0 at umass-sim0 bus 0 target 0 lun 0
da0: <JetFlash Transcend 2GB 8.07> Removable Direct Access SCSI-2 device
da0: 40.000MB/s transfers
da0: 1925MB (3944446 512 byte sectors: 255H 63S/T 245C)

Thanks for help,

Michael
Received on Thu Jan 21 2010 - 16:06:26 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:00 UTC