From owner-freebsd-questions@FreeBSD.ORG Mon Feb 4 17:25:28 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 1CF08C7E for ; Mon, 4 Feb 2013 17:25:28 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.104]) by mx1.freebsd.org (Postfix) with ESMTP id A7EFFCC4 for ; Mon, 4 Feb 2013 17:25:27 +0000 (UTC) Received: from [78.35.156.109] (helo=fabiankeil.de) by smtprelay06.ispgateway.de with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1U2PnE-0007Rh-2X; Mon, 04 Feb 2013 18:25:20 +0100 Date: Mon, 4 Feb 2013 18:23:03 +0100 From: Fabian Keil To: mhca12 Subject: Re: vfs.root.mountfrom with geli Message-ID: <20130204182303.59c9ac72@fabiankeil.de> In-Reply-To: References: <20130204130635.3a66d412@fabiankeil.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/JO4oX.lbv/XvZoDQXUi3vUr"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 17:25:28 -0000 --Sig_/JO4oX.lbv/XvZoDQXUi3vUr Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable mhca12 wrote: > On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: > > mhca12 wrote: > > > >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 > >> but I get always stuck because the kernel doesn't ask me for the > >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the > >> label I gave to the root partition. I also tried with /dev/ada0p3.eli > >> without success. > >> > >> Tried the following two /boot/loader.config variations: > >> 1: > >> geom_eli_load=3D"YES" > >> vfs.root.mountfrom=3D=E2=80=9Dufs:/dev/gpt/enc.eli=E2=80=9D > >> 2: > >> geom_eli_load=3D"YES" > >> vfs.root.mountfrom=3D=E2=80=9Dufs:/dev/ada0p3.eli=E2=80=9D > >> > >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from > >> the livecd. > >> > >> Can you advise me what I might have done wrong or what I > >> should try? > >> > >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-= 9-x-well-almost/ > > > > This guide doesn't seem to match your configuration. > > It uses ada0p3.eli for swapping and additionally uses keyfiles. > > > > Without knowing your actual configuration it's impossible to > > give proper advice. You could check with "geli list ada0p3" if > > the boot flag is set, but that's obviously just a wild guess ... >=20 > Forgot to list my simpler setup: > ada0p1 freebsd-boot > ada0p2 freebsd-ufs label boot /boot > ada0p3 geli freebsd-ufs label enc / >=20 > Do I have to set the boot flag for any of them? The geli passphrase is only requested at boot time for providers that have the geli boot flag set (for details see geli(8)). If it isn't set on ada0p3 it would explain the described behaviour. Fabian --Sig_/JO4oX.lbv/XvZoDQXUi3vUr Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEP7pIACgkQBYqIVf93VJ3clwCglJMPbIBX1IMN3vbUmBcPS6CX S8sAoMw1GHLIZtiHgCiMFZeg04j/sC69 =SsGs -----END PGP SIGNATURE----- --Sig_/JO4oX.lbv/XvZoDQXUi3vUr--