Date: Tue, 1 Feb 2022 20:06:06 +0100 From: Georg Bege <georg@bege.email> To: freebsd-amd64@FreeBSD.org Subject: geli keyfile arguments / gpt partitions Message-ID: <54f1aaaa-d4ed-1273-df9d-27cae3c1dc5f@bege.email>
next in thread | raw e-mail | index | archive | help
Hello mailing list, Im trying to realize a specific encrypted setup on my FreeBSD machine at home. For now I've a raidz2 pool, which did contain root - however it doesnt boot anylonger. I have a dedicated SATA disk with UEFI boot code and /boot data, so this works and I can bootup. What I wanted to do now is now encrypt the devices of the pool, which should work in general because I can boot the kernel and thus the kernel should be able to decrypt the required disk devices. My issue is now that if I find anything on google etc, all examples want me to put the keyfile on /boot and then provide it as an argument like: geli_<device>_keyfile0_name="/boot/encrypted.key" This is something I dont want to do, instead I'd prefer that I put the keyfile data on a single gpt partition of an usb stick of my choice - I can reach this device whenever I boot up... however it seems I can not provide a /dev/... device just like this as an argument. I dont even know if the kernel is able to read raw data from a gpt partition... but well why not? It should be possible? Has anyone a clue how to archive this or which arguments I need to provide? regards, Georg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54f1aaaa-d4ed-1273-df9d-27cae3c1dc5f>