FreeBSD Mail Archives

Date:      Tue, 18 Mar 2008 16:04:52 +0100
From:      Raphael Becker <rabe@uugrn.org>
To:        freebsd-stable@freebsd.org
Subject:   Using /etc/rc.d/geli with labeled devices on 6.3
Message-ID:  <20080318150452.GA1561@ma.sigsys.de>

next in thread | raw e-mail | index | archive | help


[-- Attachment #1 --]
Hi,

given that /dev/ad12 is a geli encryptet device, you might set up
/etc/rc.conf like

geli_enable="YES"
geli_devices="ad12"
geli_ad12_flags="-k /root/keys/geli.ad12.key"

I don't like absolute device names (they might change) so I label them
e.g. FOOcrypt so it show up like /dev/label/FOOcrypt

Attaching the FOOcrypt manually works like

# geli attach -k /root/geli.FOO.key /dev/label/FOOcrypt 
Enter passphrase:

The UFS on /dev/label/FOOcrypt.eli is labeled FOO[1]  so 
it will be available on /dev/ufs/FOO and can be mounted:

# mount /dev/ufs/FOO

How should I set up /etc/rc.conf to get this by /etc/rc.d/geli on boot?

geli_enable="YES"
geli_devices="label/FOOcrypt"
geli_label/FOOcrypt_flags="-k /root/keys/geli.FOO.key"
     ^^^^^^^^^^^^^^ 
This won't work. How?

TIA.

Regards
Raphael Becker

[1] newfs -L FOO ... /dev/label/FOOcrypt.eli --> /dev/ufs/FOO

-- 
Raphael Becker          <rabe@uugrn.org>          http://rabe.uugrn.org/
GnuPG:                E7B2 1D66 3AF2 EDC7 9828  6D7A 9CDA 3E7B 10CA 9F2D
.........|.........|.........|.........|.........|.........|.........|..

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFH39oUnNo+exDKny0RAsMMAKDIo/CqzVPHtDasexT51OajwJW+pACdFR7c
n2lFbL4xKIq1frV8XOyljds=
=7iJg
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080318150452.GA1561>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation