Geli not working on rPi

[hcp123]

Hi.
I've tried following your guide, and ended up using the premade image for rPi.
However I'm stuck at initializing the geli system for the external disk. Basically it just does not work.

root@knox:~ # geli init -s 4096 -PK /tmp/knox-geli-key /dev/da0

Metadata backup can be found in /var/backups/da0.eli and
can be restored with the following command:

	# geli restore /var/backups/da0.eli /dev/da0

root@knox:~ # geli attach -pk /tmp/knox-geli-key /dev/da0 
geli: Wrong key for da0.

Same thing with a simple passphrase:

> root@knox:~ # geli init  /dev/da0
> Enter new passphrase: 
> Reenter new passphrase: 
> 
> Metadata backup can be found in /var/backups/da0.eli and
> can be restored with the following command:
> 
> 	# geli restore /var/backups/da0.eli /dev/da0
> 
> root@knox:~ # geli attach  /dev/da0
> Enter passphrase: 
> geli: Wrong key for da0.
> 

I found this thread from 2015 about the issue, but no verified solution, just a suggestion to recompile the eli libraries.
I'll try this, but it will probably take some time.

Any other suggestions? And how did you get it working in your system?

Thanks

[hcp123]

Answering my own question here.
I followed this thread (forgot the link abow):
http://freebsd.1045724.x6.nabble.com/quot-geli-Wrong-key-quot-unable-to-attach-in-RPi-ARM-environment-td5987915.html
(Short answer, patch here: http://freebsd.1045724.x6.nabble.com/attachment/5990996/0/g_eli_key.c.patch )
Then recompile the eli shared library:
(This is copy/paste from the thread mentioned above, instructions and patch are from Daisuke Aoyama )

How to use this patch on running system:

---

If you don't have source tree, check out with your kernel version specified by "-r".
# uname -v
FreeBSD 11.0-CURRENT #0 r277169M: Wed Jan 14 22:06:07 JST 2015
[hidden email]:/usr/local/src/crochet-freebsd/work/obj/arm.armv6/usr/src/sys/RPI-B-test22
# svnlite checkout -r 277169 svn://svn.FreeBSD.org/base/head /usr/src

Apply the patch
# cd /usr/src
# patch < /path/to/g_eli_key.c.patch

Build the patched shared library
# cd /usr/src/sbin/geom/class/eli
# make && make install

Now you have patched shared library in /lib/geom/geom_eli.so
geli command use this library.

[hughobrien]

I remember hitting something similar, but I must have forgotten to write it up. As a short term fix, you could init the drives on another system and transfer the key material over to the rpi. Please be aware that the pre-made image is getting a little old at this point, though as it only exposes SSH the attack surface is quite low. Also there has been a ZFS version bump (nothing special). I'm not aware of any SSH issues resolved between the time the image was made and now, but it might be worth scanning the FreeBSD security pages / lists to be sure. I haven't yet build a version with 11 - but if you star the repo it's something I keep meaning to get around to. Thanks for trying it out - I'll add a section to explain your issue. Patches, etc. welcome. All the best, Hugh

…

On 14 May 2017 at 12:43, hcp123 ***@***.***> wrote: Answering my own question here. I followed this thread (forgot the link abow): http://freebsd.1045724.x6.nabble.com/quot-geli-Wrong- key-quot-unable-to-attach-in-RPi-ARM-environment-td5987915.html (Short answer, patch here: http://freebsd.1045724.x6. nabble.com/attachment/5990996/0/g_eli_key.c.patch ) Then recompile the eli shared library: (This is copy/paste from the thread mentioned above, instructions and patch are from Daisuke Aoyama ) How to use this patch on running system: ------------------------------ If you don't have source tree, check out with your kernel version specified by "-r". # uname -v FreeBSD 11.0-CURRENT #0 r277169M: Wed Jan 14 22:06:07 JST 2015 [hidden email]:/usr/local/src/crochet-freebsd/work/obj/arm.armv6/ usr/src/sys/RPI-B-test22 # svnlite checkout -r 277169 svn://svn.FreeBSD.org/base/head /usr/src Apply the patch # cd /usr/src # patch < /path/to/g_eli_key.c.patch Build the patched shared library # cd /usr/src/sbin/geom/class/eli # make && make install Now you have patched shared library in /lib/geom/geom_eli.so geli command use this library. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#6 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADPj8sczM-LqCefzoIsbrWb-9vflY8Iyks5r5ujngaJpZM4NaUaN> .