From owner-freebsd-current@FreeBSD.ORG Tue Nov 4 17:10:20 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 69840BE5 for ; Tue, 4 Nov 2014 17:10:20 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 43927F0A for ; Tue, 4 Nov 2014 17:10:19 +0000 (UTC) Received: from [172.16.1.137] (50-206-19-250-static.hfc.comcastbusiness.net [50.206.19.250]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id ED65468E59 for ; Tue, 4 Nov 2014 17:10:11 +0000 (UTC) Message-ID: <54590873.8000303@freebsd.org> Date: Tue, 04 Nov 2014 12:10:11 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Order of geli "passphrase prompt" on boot References: <7e30c7a0f28d63af254422a91b28f18a@dweimer.net> <33b02299.70afc6f7@fabiankeil.de> <20141104152426.GP66862@home.opsec.eu> <5458FC23.40105@pcbsd.org> In-Reply-To: <5458FC23.40105@pcbsd.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 17:10:20 -0000 On 11/04/2014 11:17, Kris Moore wrote: > On 11/04/2014 10:24, Kurt Jaeger wrote: >> Hi! >> >>> If you don't need any USB devices to boot, you can delay their >>> detection by loading the modules through /etc/rc.d/kld instead >>> of the loader: >>> >>> fk@r500 ~ $grep kld /etc/rc.conf >>> kld_list="usb.ko usb_quirk.ko ehci.ko umass.ko" >> Does this really help with the GENERIC kernel ? >> >> If I add this to /etc/rc.conf and do >> >> /etc/rc.d/kld start >> >> this spews a load of errors. >> > > Colin added this to HEAD recently: > > https://github.com/freebsd/freebsd/commit/bdb0ac02b9fd8f331fa70c8a4c29495b7ee43293 > > This will allow setting the passphrase at the boot-loader, so it doesn't > get prompted for again during boot. I think there was some work by > dteske@ to add this to the FreeBSD boot menus, but maybe you can use it > manually for now. > > We are using it in PC-BSD to supply the passphrase directly from GRUB, > so we only get prompted a single time. > > (Before somebody asks why we use grub) > We are using grub to do full-disk encryption, without a unencrypted > /boot, among other things :) > > Yes, as Kris mentioned, the solution is being working on here at MeetBSD by dteske@ (with some advice from jmg@) at the request of cperciva@, using the functionality Colin added to head for Kris to be able to do this for PCBSD. Hopefully this problem will be solved soon. -- Allan Jude