From nobody Sun Jan 9 11:25:18 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 393A019478E8 for ; Sun, 9 Jan 2022 11:25:30 +0000 (UTC) (envelope-from taceant@gmail.com) Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JWvlG003rz4hW7 for ; Sun, 9 Jan 2022 11:25:29 +0000 (UTC) (envelope-from taceant@gmail.com) Received: by mail-ed1-x529.google.com with SMTP id a18so40876268edj.7 for ; Sun, 09 Jan 2022 03:25:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=m47poi/QtkY+OtXdccBjkeCRZQusN9ke0VIINFRy6fw=; b=jy7Eh7IcGTS1atoI+k/9dbnOinFnaCxfQCFbac2BhF2vrywa2sE2FgFD/umi6GI+9K 8qqSucQHChxOVc+bMZkIxe1CHlcRqFYZ2qbDr+fWzEZPHBvKe9RrGoNHabIG0p/oUUbn ZA0jZVHe+hsGYgRI162w+eMZdWPi0jhP38/lSi7WPD87+/SKkMNaKtDbhySFv4KEHAtT evdXuJSV2ZdMaw/6uS+ykBbhqnQFMODZ1vWOSKSgKfqdVF44elOESux9oo3InnjnP0/h 8DE61qRKEfDNxvNZc7baOm3NiFyTfWho1Rwn69fuB5o1gwNd+wfXEa8E2ZkK8Vh8t164 +i5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=m47poi/QtkY+OtXdccBjkeCRZQusN9ke0VIINFRy6fw=; b=VURzRDIs066VTl2WexcC9YcSzZL51w4WPgX5nV/zYJCVEUJU/1JWubmTl7x7ElG8u9 aAA6krHPMb9Cxcj3fiUKEga9q9GAY550w+mNZmBMRJjXGpjHYyVqBsMoTC9Aa5FmP1Kk 6wtdnE8IFBNmaANLuuODlXrksWd4ZV66D05dNJgijPq7xSDILxieFV1nqcBz0EtYGN/e jtNMBS1lsUyDfjT8/xokUR3j4AeNDhy6RU5EJzjkYFQ6/SeIpPDPv4f8un16b6htxcjU Ffsf5cdhzbS6ordUz50UnrbTOpBsL5EDjzTcppr15S10CuSYj/Ac33BD2oXSuA00wJ8o ZDAA== X-Gm-Message-State: AOAM530oauFNzlUTxlDbj7sROgi1sjFLooebMLCV4GlqQCzzzVsRt4sN uJCQ8icE1UhJXluT1ds5GYKz1l+9kmZEiy3qrKPieHqr X-Google-Smtp-Source: ABdhPJzE5zUP3A8T5Rz+iFyMYo+WOYG+as932gXSDBW2IUq5auL3xEWMEQGXGGtWYQ8cjCzzUIuzhBbs9z4CfL0JmKs= X-Received: by 2002:a17:907:c29:: with SMTP id ga41mr57265357ejc.676.1641727528981; Sun, 09 Jan 2022 03:25:28 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> In-Reply-To: <20220109102339.45932ef6cf6f42daa3a1871d@sohara.org> From: Taceant Omnes Date: Sun, 9 Jan 2022 11:25:18 +0000 Message-ID: Subject: Re: entering geli passphrase only once at FreeBSD boot To: "Steve O'Hara-Smith" Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4JWvlG003rz4hW7 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On Sun, 9 Jan 2022 at 10:23, Steve O'Hara-Smith wrote: > My solution was to log in after boot and run a script - less than > elegant but possible to do remotely if I was away during a power outage > (happened once). I've since given up on using encrypted drives, after a > scare when one drive became inaccessible after an outage due to geli errors. Steve, thanks for the ideas. Diverging a bit from the original topic, I don't have UPS and of course I am not keen on not loosing data. Although power outages are rare where I live, over the years I have had to reset or power cycle my Linux machine lots of times due to issues in the kernel, X, graphics driver or whatever. Luckily I never lost data. I was planning to use geli instead of ZFS native encryption because the former encrypts everything whereas the latter does not encrypt some meta data. But maybe it is better to use the latter to avoid losing data? What do you think?