Using /etc/rc.d/geli with labeled devices on 6.3
Raphael Becker
rabe at uugrn.org
Tue Mar 18 08:29:16 PDT 2008
Hi,
given that /dev/ad12 is a geli encryptet device, you might set up
/etc/rc.conf like
geli_enable="YES"
geli_devices="ad12"
geli_ad12_flags="-k /root/keys/geli.ad12.key"
I don't like absolute device names (they might change) so I label them
e.g. FOOcrypt so it show up like /dev/label/FOOcrypt
Attaching the FOOcrypt manually works like
# geli attach -k /root/geli.FOO.key /dev/label/FOOcrypt
Enter passphrase:
The UFS on /dev/label/FOOcrypt.eli is labeled FOO[1] so
it will be available on /dev/ufs/FOO and can be mounted:
# mount /dev/ufs/FOO
How should I set up /etc/rc.conf to get this by /etc/rc.d/geli on boot?
geli_enable="YES"
geli_devices="label/FOOcrypt"
geli_label/FOOcrypt_flags="-k /root/keys/geli.FOO.key"
^^^^^^^^^^^^^^
This won't work. How?
TIA.
Regards
Raphael Becker
[1] newfs -L FOO ... /dev/label/FOOcrypt.eli --> /dev/ufs/FOO
--
Raphael Becker <rabe at uugrn.org> http://rabe.uugrn.org/
GnuPG: E7B2 1D66 3AF2 EDC7 9828 6D7A 9CDA 3E7B 10CA 9F2D
.........|.........|.........|.........|.........|.........|.........|..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080318/40bc51a6/attachment.pgp
More information about the freebsd-stable
mailing list