From owner-freebsd-questions@FreeBSD.ORG Mon Feb 4 18:29:42 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D6AEF559 for ; Mon, 4 Feb 2013 18:29:42 +0000 (UTC) (envelope-from mhca12@gmail.com) Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by mx1.freebsd.org (Postfix) with ESMTP id A7784210 for ; Mon, 4 Feb 2013 18:29:42 +0000 (UTC) Received: by mail-oa0-f44.google.com with SMTP id h1so4368859oag.31 for ; Mon, 04 Feb 2013 10:29:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=Gw69KP4PgTZuEDVXWMZ/ETBs9M4TkoOhkGlMkkI3t9A=; b=tr76l796OwMtHwosacMH6bYskLPpi2fMLTbnS0I3/WAGvtTRZAYJ1+RerOGqZi6TLX u6MdOcJaZPnmucHmp6VHBAZH+ZxxYjzKIih9jXNFgeOrwuGDFY2jzGaf8u3AZnPm73/O NXcp9up3vdHh3HnL5oF3nm7EidNjm58FjNRD0KfP4Kf0OmtFXK4ebSvxf0o5/H3G+SoG 5sIu+HM6MvFLRn4FZE1E5ZHVlShLyn1NXLWkaANNbEimuVkn84hfSd0dNcjsFiIfiCyZ kepv0kVQsK679xlrN5us5Gdk9mhV/BrHmEvukD1W5f4iEti3R1Pt6TVJ2DeEn+bFBloK i70Q== MIME-Version: 1.0 X-Received: by 10.182.8.70 with SMTP id p6mr15891596oba.90.1360002576661; Mon, 04 Feb 2013 10:29:36 -0800 (PST) Received: by 10.76.34.73 with HTTP; Mon, 4 Feb 2013 10:29:36 -0800 (PST) In-Reply-To: <20130204182303.59c9ac72@fabiankeil.de> References: <20130204130635.3a66d412@fabiankeil.de> <20130204182303.59c9ac72@fabiankeil.de> Date: Mon, 4 Feb 2013 19:29:36 +0100 Message-ID: Subject: Re: vfs.root.mountfrom with geli From: mhca12 To: Fabian Keil Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 18:29:42 -0000 On Mon, Feb 4, 2013 at 6:23 PM, Fabian Keil wrote: > mhca12 wrote: > >> On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: >> > mhca12 wrote: >> > >> >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 >> >> but I get always stuck because the kernel doesn't ask me for the >> >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the >> >> label I gave to the root partition. I also tried with /dev/ada0p3.eli >> >> without success. >> >> >> >> Tried the following two /boot/loader.config variations: >> >> 1: >> >> geom_eli_load=3D"YES" >> >> vfs.root.mountfrom=3D=94ufs:/dev/gpt/enc.eli=94 >> >> 2: >> >> geom_eli_load=3D"YES" >> >> vfs.root.mountfrom=3D=94ufs:/dev/ada0p3.eli=94 >> >> >> >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from >> >> the livecd. >> >> >> >> Can you advise me what I might have done wrong or what I >> >> should try? >> >> >> >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd= -9-x-well-almost/ >> > >> > This guide doesn't seem to match your configuration. >> > It uses ada0p3.eli for swapping and additionally uses keyfiles. >> > >> > Without knowing your actual configuration it's impossible to >> > give proper advice. You could check with "geli list ada0p3" if >> > the boot flag is set, but that's obviously just a wild guess ... >> >> Forgot to list my simpler setup: >> ada0p1 freebsd-boot >> ada0p2 freebsd-ufs label boot /boot >> ada0p3 geli freebsd-ufs label enc / >> >> Do I have to set the boot flag for any of them? > > The geli passphrase is only requested at boot time for providers that > have the geli boot flag set (for details see geli(8)). If it isn't set > on ada0p3 it would explain the described behaviour. Fabian thanks a lot. Maybe I forgot -b during geli init but a geli configure -b /dev/ada0p3.eli fixed it. FreeBSD is so well structured and logical in this regard and hopefully in many others as I heard. In vfs.root.mountfrom only =94ufs:/dev/ada0p3.eli=94 works and the /dev/gpt/enc.eli doesn't. Is it supposed to?