From owner-freebsd-current@FreeBSD.ORG Tue Nov 4 16:17:41 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 152EC46A for ; Tue, 4 Nov 2014 16:17:41 +0000 (UTC) Received: from barracuda.ixsystems.com (mail.ixsystems.com [12.229.62.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "barracuda.ixsystems.com", Issuer "barracuda.ixsystems.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E4D35992 for ; Tue, 4 Nov 2014 16:17:40 +0000 (UTC) X-ASG-Debug-ID: 1415117859-08ca0441c502ba0002-XDYc8F Received: from [172.16.1.122] (50-206-19-250-static.hfc.comcastbusiness.net [50.206.19.250]) by barracuda.ixsystems.com with ESMTP id 66B8OhVSd41tKzbH (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 04 Nov 2014 08:17:39 -0800 (PST) X-Barracuda-Envelope-From: kris@pcbsd.org X-Barracuda-AUTH-User: kris@pcbsd.org X-Barracuda-Apparent-Source-IP: 50.206.19.250 Message-ID: <5458FC23.40105@pcbsd.org> Date: Tue, 04 Nov 2014 11:17:39 -0500 From: Kris Moore User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Order of geli "passphrase prompt" on boot References: <7e30c7a0f28d63af254422a91b28f18a@dweimer.net> <33b02299.70afc6f7@fabiankeil.de> <20141104152426.GP66862@home.opsec.eu> X-ASG-Orig-Subj: Re: Order of geli "passphrase prompt" on boot In-Reply-To: <20141104152426.GP66862@home.opsec.eu> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Barracuda-Connect: 50-206-19-250-static.hfc.comcastbusiness.net[50.206.19.250] X-Barracuda-Start-Time: 1415117859 X-Barracuda-Encrypted: ECDHE-RSA-AES128-GCM-SHA256 X-Barracuda-URL: https://10.2.0.41:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at ixsystems.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests= X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.11226 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 16:17:41 -0000 On 11/04/2014 10:24, Kurt Jaeger wrote: > Hi! > >> If you don't need any USB devices to boot, you can delay their >> detection by loading the modules through /etc/rc.d/kld instead >> of the loader: >> >> fk@r500 ~ $grep kld /etc/rc.conf >> kld_list="usb.ko usb_quirk.ko ehci.ko umass.ko" > Does this really help with the GENERIC kernel ? > > If I add this to /etc/rc.conf and do > > /etc/rc.d/kld start > > this spews a load of errors. > Colin added this to HEAD recently: https://github.com/freebsd/freebsd/commit/bdb0ac02b9fd8f331fa70c8a4c29495b7ee43293 This will allow setting the passphrase at the boot-loader, so it doesn't get prompted for again during boot. I think there was some work by dteske@ to add this to the FreeBSD boot menus, but maybe you can use it manually for now. We are using it in PC-BSD to supply the passphrase directly from GRUB, so we only get prompted a single time. (Before somebody asks why we use grub) We are using grub to do full-disk encryption, without a unencrypted /boot, among other things :) -- Kris Moore PC-BSD Software iXsystems