Date: Sun, 9 Jan 2022 10:00:51 +0000 From: Taceant Omnes <taceant@gmail.com> To: freebsd-questions@freebsd.org Subject: entering geli passphrase only once at FreeBSD boot Message-ID: <CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am a Linux user and would like to set up a home server with ZFS for backup. Although I could use Linux for that, I want to do it with FreeBSD as I think it is easier to set up and maintain. I already have the hardware, various old discarded bits including a small hard disk of 250 GB and a bigger disk of 4 TB. The plan is to have FreeBSD 13.0 on geli-encrypted ZFS in the small disk and the backup in the big disk, also geli-encrypted. For now I am practising with two virtual disks in VirtualBox. I ran these commands for the backup disk: geli init -s 4096 -l 256 /dev/ada1 geli attach /dev/ada1 zpool create -o ashift=12 zbackup /dev/ada1.eli This simple solution worked and I got my pool. The next step was to make it work after reboot. After a number of tries I found a solution that works: # add to /etc/rc.conf geli_devices="ada1" The next goal was to find a way to enter the passphrase only once at boot (to unlock zroot in ada0 and zbackup in ada1). After a number of tries I found a solution that works: # create file /pass-ada1 with passphrase # add to /etc/rc.conf geli_ada1_flags="-j /pass-ada1" This sort of solution involving storing the passphrase in a file is possible in Linux, however my preferred solution in Linux is not to use such file (I use systemd-boot though perhaps there are other ways). Is there a way to enter the passphrase only once in FreeBSD that does not involve storing it in a file?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKkGsYKyPt5OfYVH5L=83yqzeHvkyMaU6oZH_0WzRFrWRKsXSw>