From owner-freebsd-bugs@freebsd.org Mon Oct 26 18:25:58 2020 Return-Path: Delivered-To: freebsd-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A785144B83B for ; Mon, 26 Oct 2020 18:25:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4CKjvV42TKz4ZRK for ; Mon, 26 Oct 2020 18:25:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 88AE444BA14; Mon, 26 Oct 2020 18:25:58 +0000 (UTC) Delivered-To: bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8874744B576 for ; Mon, 26 Oct 2020 18:25:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CKjvV33NCz4ZCj for ; Mon, 26 Oct 2020 18:25:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 481391E87C for ; Mon, 26 Oct 2020 18:25:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 09QIPw4s056186 for ; Mon, 26 Oct 2020 18:25:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 09QIPw39056185 for bugs@FreeBSD.org; Mon, 26 Oct 2020 18:25:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 250644] Prompting for geli passphrases without geli loaded Date: Mon, 26 Oct 2020 18:25:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: phryk-ports@wzff.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2020 18:25:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250644 Bug ID: 250644 Summary: Prompting for geli passphrases without geli loaded Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: phryk-ports@wzff.de Even without `geom_eli_load=3D"YES"` in /boot/loader.conf (or without any loader.conf), you are still prompted for the passphrase to any geli device with the boot flag. This means you can't boot a FreeBSD image to repair your install if you don't have physical, serial or kvm access to just press enter until all the passphrase prompts are gone and the system actually boots up and is reachable via network. I'm currently facing this issue at Hetzner and, at least for me, it represents a major hurdle for setting up and maintaining encrypted dedicated machines remotely. If geli isn't loaded (and it shouldn't be by default, right?) these prompts should just be skipped to allow rescue systems to actually boot. I'm on 12.1-RELEASE but I'm pretty sure this behavior is true for all FreeBSD versions I have come into contact with in the last decade. PS: Very unsure of what the right component to select was, feel free to re-assign it to whatever fits best. --=20 You are receiving this mail because: You are the assignee for the bug.=