Date: Sun, 20 Jan 2008 19:41:00 +0100 From: Roland Smith <rsmith@xs4all.nl> To: Rakhesh Sasidharan <rakhesh@rakhesh.com> Cc: freebsd-questions@freebsd.org Subject: Re: GELI key from a USB disk Message-ID: <20080120184100.GA15880@slackbox.xs4all.nl> In-Reply-To: <20080120212048.J91357@dogmatix.home.rakhesh.com> References: <20080120212048.J91357@dogmatix.home.rakhesh.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 20, 2008 at 09:25:36PM +0400, Rakhesh Sasidharan wrote: > I thought this should be easy but its not working ... :( >=20 > I have a USB disk /dev/da0. That's got a GELI key. I also have an externa= l=20 > hard-disk with partitions /dev/da1s1[a-f]. All GELI encrypted. >=20 > What I want is that while booting up these encrypted partitions are loade= d.=20 > And their key taken from the da0 USB disk. >=20 > I tried the obvious like mounting the USB disk in /etc/fstab and giving i= t=20 > a lower pass no. than the encrypted partitions. But turns out that doesn'= t=20 > work. The pass number in /etc/fstab only affects the fsck order. > FreeBSD tries to attach the GELI partitions before mounting local=20 > filesystems! Any way to delay this step till after the USB disk is mounte= d=20 > and the key available? Or any other suggestions? It _must_ do so in case any local partitions are encrypted (like e.g my /home). What you can do is set the noauto flag for those filesystems, and mount them be hand, or write a script for it. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHk5W8EnfvsMMhpyURAr3wAJwKlygay7QgCVbzPf976uAzmDCz8wCfXCOm r7fEhXSqDmfr49tlrkjEkXc= =qW4t -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080120184100.GA15880>