Re: How to use serial console to enter GELI password to boot kernel on a GELI encrypted ZFS pool

From: Guido van Rooij <guido_at_gvr.org>
Date: Tue, 16 Aug 2022 09:44:53 UTC
On Mon, Aug 15, 2022 at 02:20:32PM -0600, Warner Losh wrote:
>    On Mon, Aug 15, 2022 at 8:23 AM Guido van Rooij <[1]guido@gvr.org>
>    wrote:
> 
>      Currently I have a system with ZFS on GELI. I use the ability in
>      the EFI loader to enter the GELI password.
>      Is it possible somehow to use a serial console to enter the
>      password?
>      My system does have a COM1 port but it isn't recognised at the early
>      bot stage. There I only see:
>      Â  Â  Consoles: EFI console
>      Â  Â  GELI Passphrase for disk0p4:
>      (Note: this is early in the boot process so there is no access to
>      boot.config (or any other file in the ZFS pool) as it still on
>      encrypted storage at that time).
> 
>    The boot loader.efi will read ESP:/efi/freebsd/loader.env for
>    environment
>    variables. You can use that to set the COM1 port since it appears your
>    EFI system doesn't do console redirection.
>    If you want it to only prompt COM1 for the password, but everything
>    else is
>    on the efi console, that's a lot harder.

Hi Warner,

Thanks, but somehow I still cannot get it to work properly.
Content of /efi/freebsd/loader.env:
boot_multicons="YES"
console="efi comconsole"

The boot prompt still only shows "Consoles: EFI console".

When I boot I get the GELI passphrase prompt at the EFI console only. But when the kernel starts
to run I do get output to the serial console, staring with:
---<<BOOT>>---
Copyright (c) 1992-2021 The FreeBSD Project.

So it seems the loader.env file is read correctly (it didn't output anything to the serial
console before I created efi/freebsd/loader.env). But looking at the source I see in 
efi/loader/main.c:read_loader_env():
        if (fn) {
                printf("    Reading loader env vars from %s\n", fn);
                parse_loader_efi_config(boot_img->DeviceHandle, fn);
        }
I never saw the printf appearing. I do not understand this.

Hope you can help me further!

Regards,
-Guido