Date: Tue, 18 Mar 2008 16:04:52 +0100 From: Raphael Becker <rabe@uugrn.org> To: freebsd-stable@freebsd.org Subject: Using /etc/rc.d/geli with labeled devices on 6.3 Message-ID: <20080318150452.GA1561@ma.sigsys.de>
next in thread | raw e-mail | index | archive | help
--yrj/dFKFPuw6o+aM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
given that /dev/ad12 is a geli encryptet device, you might set up
/etc/rc.conf like
geli_enable=3D"YES"
geli_devices=3D"ad12"
geli_ad12_flags=3D"-k /root/keys/geli.ad12.key"
I don't like absolute device names (they might change) so I label them
e.g. FOOcrypt so it show up like /dev/label/FOOcrypt
Attaching the FOOcrypt manually works like
# geli attach -k /root/geli.FOO.key /dev/label/FOOcrypt=20
Enter passphrase:
The UFS on /dev/label/FOOcrypt.eli is labeled FOO[1] so=20
it will be available on /dev/ufs/FOO and can be mounted:
# mount /dev/ufs/FOO
How should I set up /etc/rc.conf to get this by /etc/rc.d/geli on boot?
geli_enable=3D"YES"
geli_devices=3D"label/FOOcrypt"
geli_label/FOOcrypt_flags=3D"-k /root/keys/geli.FOO.key"
^^^^^^^^^^^^^^=20
This won't work. How?
TIA.
Regards
Raphael Becker
[1] newfs -L FOO ... /dev/label/FOOcrypt.eli --> /dev/ufs/FOO
--=20
Raphael Becker <rabe@uugrn.org> http://rabe.uugrn.org/
GnuPG: E7B2 1D66 3AF2 EDC7 9828 6D7A 9CDA 3E7B 10CA 9F2D
=2E........|.........|.........|.........|.........|.........|.........|..
--yrj/dFKFPuw6o+aM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFH39oUnNo+exDKny0RAsMMAKDIo/CqzVPHtDasexT51OajwJW+pACdFR7c
n2lFbL4xKIq1frV8XOyljds=
=7iJg
-----END PGP SIGNATURE-----
--yrj/dFKFPuw6o+aM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080318150452.GA1561>