From owner-freebsd-questions@freebsd.org Tue Jun 19 14:18:04 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5005B101C875 for ; Tue, 19 Jun 2018 14:18:04 +0000 (UTC) (envelope-from thor@irk.ru) Received: from mail.irk.ru (mail.irk.ru [195.206.40.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C973C82FE7 for ; Tue, 19 Jun 2018 14:18:03 +0000 (UTC) (envelope-from thor@irk.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=irk.ru; s=dkim; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version: Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=j8Ila7z8CjTrmMj8IWHF81VVCY9iNNhNWkoHTKi4qZI=; b=aFlvgcyoJvJAjTekDllmyqS6N5 xy+7el4aleX4GaO+/2k01U+r878u5qRHCeyzM/KvQ5jARCnDnFOM11pHZD4DTwcH04kue02l32Fry 8Qy0i445+7r9IQ/bvAgpAGHtd68iaUUZXOglhGF+0RzaTY25A+uD8RIXMEVuuOQ3frSY=; Received: from [194.176.114.54] (helo=[192.168.1.130]) by mail.irk.ru with esmtpa (Exim 4.89 (FreeBSD)) (envelope-from ) id 1fVHKh-000A1j-UP for freebsd-questions@freebsd.org; Tue, 19 Jun 2018 22:10:07 +0800 Subject: Re: How to disable GELI selectively? To: freebsd-questions@freebsd.org References: <07733d85-d212-8866-b3eb-56ee42340294@irk.ru> <20180619095059.7e3ef341.freebsd.ed.lists@sumeritec.com> <089a5476-0fb5-53ec-8713-033916e556c3@irk.ru> <20180619122434.4384c781.freebsd.ed.lists@sumeritec.com> <16158446-3c89-befe-7b99-644b1002699f@irk.ru> <20180619214341.46a49211.freebsd.ed.lists@sumeritec.com> From: thor Message-ID: <56706cc1-39c1-c657-5eaf-ef1d97145481@irk.ru> Date: Tue, 19 Jun 2018 22:18:03 +0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180619214341.46a49211.freebsd.ed.lists@sumeritec.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2018 14:18:04 -0000 Already tried. No effect. On 06/19/18 21:43, Erich Dollansky wrote: > Hi, > > On Tue, 19 Jun 2018 18:35:29 +0800 > thor wrote: > >>  % cat /boot/loader.conf >> geom_eli_load="YES" >> geli_ada0p3_keyfile0_load="YES" >> geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0" >> geli_ada0p3_keyfile0_name="/boot/key" > I do not understand this ether. It should attach only the partition > mentioned above. > > Can you try the following for the partitions not to attach: > > geli_adaXp3_keyfile0_load="NO" > > replacing the X with the real number. > > Erich > > >> vfs.root.mountfrom="ufs:ada0p3.eli" >> >> kern.vty="sc" >> aesni_load="YES" >> nvidia_load="YES" >> linux_load="YES" >> >> >> >> >> On 06/19/18 12:24, Erich Dollansky wrote: >>> Hi, >>> >>> On Tue, 19 Jun 2018 11:39:24 +0800 >>> thor wrote: >>> >>>> The other partitions are NOT in fstab. They are mounted manually >>>> with explicit mount and geli attach commands. Moreover, it occurs >>>> during a boot well before init gets control and spawns the mount >>>> process. >>> what is then in your /boot/loader.conf? >>> >>> Erich >>> >>> >>>> On 06/19/18 09:50, Erich Dollansky wrote: >>>>> Hi, >>>>> >>>>> On Tue, 19 Jun 2018 00:19:01 +0800 >>>>> thor wrote: >>>>> >>>>>> Hello! >>>>>> >>>>>> Here I have a computer with 2 HDDs partitioned identically with >>>>>> GELI encrypted root as in >>>>>> https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/ >>>>>> >>>>>> When I boot the computer it properly asks the passphrase >>>>>> for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root. >>>>>> >>>>>> Then, it asks "Enter passphrase for gptid...." which I don't want >>>>>> since the second HDD should be attached manually when needed ONLY >>>>>> and all other time it should be unmounted. I am to press enter >>>>>> enough times to make me mad. >>>>>> >>>>>> What should I do? >>>>>> >>>>> just take all other partitions / slices out of /etc/fstab. >>>>> >>>>> Erich >>>>> _______________________________________________ >>>>> freebsd-questions@freebsd.org mailing list >>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>> To unsubscribe, send any mail to >>>>> "freebsd-questions-unsubscribe@freebsd.org" >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to >>>> "freebsd-questions-unsubscribe@freebsd.org" >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"