geli keyfile not loading at boot
Francesco Toscan
f.toscan at hotmail.it
Thu Aug 21 14:55:30 UTC 2014
On Wed, Aug 20, 2014 at 11:05:57AM -0400, Michael W. Lucas wrote:
> Hi,
>
> I have a default FreeBSD 10.0/amd64 install.
>
> I'm trying to make a GELI device attach at boot. I initialized the
> partition with -b, and am prompted at boot. When I try to enter the
Hi,
I have a slightly different setup: a keyfile-only based geli partition
sitting on gmirror, loading keyfile from external usb device on boot.
I run FreeBSD 9.1-RELEASE/amd64.
> My initial root partition is da0p2. The key is /boot/da1p1.key. The
> GELI partition is da1p1. Here's my loader.conf:
>
> geom_eli_load=YES
> geli_da1p1_keyfile0_load="YES"
> geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0"
> geli_da1p1_keyfile0_name="/boot/da1p1.key"
> kern.geom.eli.debug=3
Hit and miss here, but I think
geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0 should be:
geli_da1p1_keyfile0_type="da1p1:geli_keyfile0
as geli_$dev_keyfile0_type="$dev:geli_keyfile0.
$dev should read "the whole path to the device to crypt minus /dev".
Here's my loader.conf, system is running 9.1-RELEASE:
# GEOM MIRROR is /dev/mirror/system
# GELI partition is /dev/mirror/system.eli
# / is in /dev/mirror/system.elip1
# disk0 is BIOS' idea of USB device
geom_mirror_load="YES"
geom_eli_load="YES"
vfs.root.mountfrom="ufs:/dev/mirror/system.elip1"
geli_mirror_system_keyfile0_load="YES"
geli_mirror_system_keyfile0_type="mirror/system:geli_keyfile0"
geli_mirror_system_keyfile0_name="disk0:/server.key"
I hope this could be useful.
--
f.
"Corruptissima re publica, plurimae leges"
-- Publius Cornelius Tacitus
More information about the freebsd-questions
mailing list