From owner-freebsd-geom@FreeBSD.ORG Mon Apr 9 18:34:13 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 42484106582A for ; Mon, 9 Apr 2012 18:34:13 +0000 (UTC) (envelope-from fa-h-2007@hotmail.com) Received: from col0-omc3-s5.col0.hotmail.com (col0-omc3-s5.col0.hotmail.com [65.55.34.143]) by mx1.freebsd.org (Postfix) with ESMTP id 891A48FC0A for ; Mon, 9 Apr 2012 18:34:11 +0000 (UTC) Received: from COL115-W40 ([65.55.34.137]) by col0-omc3-s5.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 9 Apr 2012 11:34:10 -0700 Message-ID: X-Originating-IP: [187.115.25.161] From: Fa bio To: Date: Mon, 9 Apr 2012 18:34:10 +0000 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 09 Apr 2012 18:34:10.0746 (UTC) FILETIME=[5B0711A0:01CD167F] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Automatic Geli? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2012 18:34:13 -0000 Hi! Is it possible to recompile geli/kernel to automatically enter with passwor= d and/or key? I=B4ll explain with an example: If you see a cache system called SpeedR (http://www.speedr.com.br/?locale= =3Den)=2C in their site you can download the ISO and burn it to a CD (http:= //www.speedr.com.br/rc/speedr-0...rc18.2-x64.iso) It=B4s very interesting=2C because all partitions are encrypted with Geli= =2C=20 but there is no passphrase to enter at boot time or key directions in loade= r.conf file. If you mount the partition with another FreeBSD you see only /boot dir. All= files are secure! At boot time you can see this: Timecounters tick every 1.000 msec ipfw2 initialized=2C divert enabled=2C nat enabled=2C rule-based forwarding= enabled=2C default to accept=2C logging disabled load_dn_sched dn_sched FIFO loaded load_dn_sched dn_sched PRIO loaded load_dn_sched dn_sched QFQ loaded load_dn_sched dn_sched RR loaded load_dn_sched dn_sched WF2Q+ loaded usbus0: 12Mbps Full Speed USB v1.0 ad0: 20480MB at ata0-master WDMA2=20 ugen0.1: at usbus0 uhub0: on usb= us0 ad1: 30720MB at ata0-slave WDMA2=20 WARNING: ad0s1 expected rawoffset 0=2C found 63 uhub0: 2 ports with 2 removable=2C self powered GEOM_ELI: Wrong key for ad0s1d. Tries left: 2. ugen0.2: at usbus0 ums0: on usbus0 ums0: 3 buttons and [Z] coordinates ID=3D0 GEOM_ELI: Device ad0s1d.eli created. GEOM_ELI: Encryption: AES-XTS 128 GEOM_ELI: Crypto: software acd0: CDROM at ata1-slave WDMA2=20 SMP: AP CPU #2 Launched! SMP: AP CPU #3 Launched! SMP: AP CPU #1 Launched! GEOM_ELI: Wrong key for ad0s1cd. Tries left: 2. GEOM_ELI: Cannot create device ad0s1cd.eli. Trying to mount root from ufs:ad0s1d.eli GEOM_ELI: Device ad0s1g.eli created. GEOM_ELI: Encryption: AES-XTS 128 GEOM_ELI: Crypto: software GEOM_ELI: Device ad0s1f.eli created. GEOM_ELI: Encryption: AES-XTS 128 GEOM_ELI: Crypto: software GEOM_ELI: Device ad0s1e.eli created. GEOM_ELI: Encryption: AES-XTS 128 GEOM_ELI: Crypto: software How is it possible? Important: I don't want to get inside this system! I just want to=20 understand how it is possible to automatically mount geli partitions=20 without entering any key or passphrase. I saw many tutorials but they all ask to enter a passphrase! Any ideas? Thanks Felix =09 =