From owner-freebsd-questions@FreeBSD.ORG  Thu Sep  7 12:31:09 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5621716A52D;
	Thu,  7 Sep 2006 12:31:09 +0000 (UTC)
	(envelope-from steinex@nognu.de)
Received: from shodan.nognu.de (shodan.nognu.de [85.14.216.230])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D4FBA43E1B;
	Thu,  7 Sep 2006 12:29:20 +0000 (GMT)
	(envelope-from steinex@nognu.de)
Received: by shodan.nognu.de (Postfix, from userid 1002)
	id 6205EB82C; Thu,  7 Sep 2006 14:29:01 +0200 (CEST)
Date: Thu, 7 Sep 2006 14:29:01 +0200
From: Frank Steinborn <steinex@nognu.de>
To: Nikos Vassiliadis <nvass@teledomenet.gr>
Mail-Followup-To: Nikos Vassiliadis <nvass@teledomenet.gr>,
	freebsd-questions@freebsd.org, freebsd-security@freebsd.org
References: <20060906210021.C2428B82C@shodan.nognu.de>
	<200609071019.46529.nvass@teledomenet.gr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200609071019.46529.nvass@teledomenet.gr>
User-Agent: mutt-ng/devel-r804 (FreeBSD)
Message-Id: <20060907122901.6205EB82C@shodan.nognu.de>
Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org
Subject: Re: Getting GELI Keys from Floppy
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2006 12:31:09 -0000

Nikos Vassiliadis wrote:
> Are you sure you want to trust a floppy disk for your keys??
> It's not the most safe medium these days...

I'll backup the keys on CD. It's just that I don't want to waste a
CD-ROM drive in this server.
 
> >
> > There is a problem here, because GELI initializes _before_ mounting
> > the disks from /etc/fstab (for obvious reasons, of course). So GELI is
> > not able to get the keys from the floppy and fails.
> >
> > So, any hints how I could get the floppy mounted _before_ GELI tries
> > to initialize?
> 
> Why don't you use the plain device(/dev/fd0) instead of using a file on a 
> filesystem on the floppy? I think there are examples in the manual page.

I could use /dev/fd0 directly but then I had to use the same key for
all 6 HDD's in the server. I got a solution by hacking /etc/rc.d/geli
- I'm just mounting the floppy there before it tries to read the key.

Thanks for all the people giving suggestions!

Frank