From owner-freebsd-geom@FreeBSD.ORG  Sun Dec 23 21:02:26 2012
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 164B2EDD
 for <freebsd-geom@freebsd.org>; Sun, 23 Dec 2012 21:02:26 +0000 (UTC)
 (envelope-from pawel@dawidek.net)
Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72])
 by mx1.freebsd.org (Postfix) with ESMTP id C9C4A8FC14
 for <freebsd-geom@freebsd.org>; Sun, 23 Dec 2012 21:02:25 +0000 (UTC)
Received: from localhost (static254.debica228.tnp.pl [87.116.228.254])
 by mail.dawidek.net (Postfix) with ESMTPSA id 71B21217;
 Sun, 23 Dec 2012 22:00:12 +0100 (CET)
Date: Sun, 23 Dec 2012 22:02:22 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: =?utf-8?B?0JHQu9C+0LPQtdGA?= <bloger@ngs.ru>
Subject: Re: keyfile on another HDD.
Message-ID: <20121223210221.GB1436@garage.freebsd.pl>
References: <VYf743db33az97Qyp04k05A8@ngs.ru>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="8P1HSweYDcXXzwPJ"
Content-Disposition: inline
In-Reply-To: <VYf743db33az97Qyp04k05A8@ngs.ru>
X-OS: FreeBSD 10.0-CURRENT amd64
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-geom@freebsd.org
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Dec 2012 21:02:26 -0000


--8P1HSweYDcXXzwPJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 22, 2012 at 02:40:28PM +0300, =D0=91=D0=BB=D0=BE=D0=B3=D0=B5=D1=
=80 wrote:
> Is it possible to read key file from another HDD with FAT16 during
> system boot?

I assume you are asking for GELI disk encryption?

It depends which stage in the boot process we are talking about. If you
would like to read key from a file for partition, which holds root file
system (so you need the key after the kernel is loaded, but before root
file system is mounted) then no, it is not currently possible. Key can
be read only from the file system the kernel was loaded and I don't
believe we can boot FreeBSD from FAT16.

If you would like to read key after root is mounted, then it should be
possible. Your FAT16 file system just needs to be mounted before
/etc/rc.d/geli script is executed.

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://tupytaj.pl

--8P1HSweYDcXXzwPJ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlDXcV0ACgkQForvXbEpPzR0tgCfScWhdO8zh+A5xtMCrUyJu0OE
uNIAoOem/ZDE8TJxlS0yMn3g8c6k479H
=0D8N
-----END PGP SIGNATURE-----

--8P1HSweYDcXXzwPJ--