Re: How to use serial console to enter GELI password to boot kernel on a GELI encrypted ZFS pool

Reply: Guido van Rooij : "Re: How to use serial console to enter GELI password to boot kernel on a GELI encrypted ZFS pool"
In reply to: Guido van Rooij : "How to use serial console to enter GELI password to boot kernel on a GELI encrypted ZFS pool"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Warner Losh <imp_at_bsdimp.com>
Date: Mon, 15 Aug 2022 20:20:32 UTC

On Mon, Aug 15, 2022 at 8:23 AM Guido van Rooij <guido@gvr.org> wrote:

> Currently I have a system with ZFS on GELI. I use the ability in
> the EFI loader to enter the GELI password.
>
> Is it possible somehow to use a serial console to enter the password?
> My system does have a COM1 port but it isn't recognised at the early
> bot stage. There I only see:
>
>     Consoles: EFI console
>     GELI Passphrase for disk0p4:
>
> (Note: this is early in the boot process so there is no access to
> boot.config (or any other file in the ZFS pool) as it still on
> encrypted storage at that time).
>

The boot loader.efi will read ESP:/efi/freebsd/loader.env for environment
variables. You can use that to set the COM1 port since it appears your
EFI system doesn't do console redirection.

If you want it to only prompt COM1 for the password, but everything else is
on the efi console, that's a lot harder.

Warner