Re: geli encryption on server
- In reply to: Jean-Christophe : "geli encryption on server"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 Mar 2023 07:46:06 UTC
On dg., març 12 2023, Jean-Christophe wrote:
> hi,
> how can I add passphrase at boot process for don´t ask it after
> all reboot ?
> regard,
> jean-christophe
As others pointed out, beware that depending on what you are
doing, it might render your encryption pretty much useless.
I use it to unlock other geli-encrypted drives providing just one
password, it's a decent compromise for me.
Answering your question with those caveats: you can do this with
the options:
geli_devices and geli_${PROVIDER}_flags
This is documented in rc.conf(5) and /etc/rc.d/geli, AFAICT
geli_${PROVIDER}_flags is not documented on rc.conf(5), if this
saved you time please look into adding a patch fixing that.
It can look something like in /etc/rc.conf:
geli_devices="gpt/home"
geil_gpt_home_flags="-pk '/secret/location/keyfile.secret'"
Note that the '/' gets replaced with a '_' when you need to
provide the flags.
Cheers,
--
Evilham