From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 18 03:00:49 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CD74D16A412
	for <freebsd-questions@freebsd.org>;
	Mon, 18 Dec 2006 03:00:49 +0000 (UTC)
	(envelope-from aanton@spintech.ro)
Received: from smtpx.spintech.ro (hop.spintech.ro [81.180.92.69])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2643E43CA1
	for <freebsd-questions@freebsd.org>;
	Mon, 18 Dec 2006 03:00:49 +0000 (GMT)
	(envelope-from aanton@spintech.ro)
Received: from smtpx.spintech.ro (clamsmtp [15.0.0.2])
	by smtpx.spintech.ro (Postfix) with ESMTP id 8F990C9490
	for <freebsd-questions@freebsd.org>;
	Mon, 18 Dec 2006 05:31:28 +0200 (EET)
Received: from [10.0.0.2] (beastie [10.0.0.2])
	by smtpx.spintech.ro (Postfix) with ESMTP
	for <freebsd-questions@freebsd.org>;
	Mon, 18 Dec 2006 05:31:28 +0200 (EET)
Message-ID: <4585FDC9.2080802@spintech.ro>
Date: Mon, 18 Dec 2006 04:32:41 +0200
From: Alin-Adrian Anton <aanton@spintech.ro>
Organization: Spintech Security Systems
User-Agent: Mozilla Thunderbird 1.0 (X11/20041229)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: nice
Subject: geli load key before rootfs is mounted
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: aanton@spintech.ro
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2006 03:00:49 -0000

Hi,

	I've been playing around with geli and I was wondering if anyone 
managed to actually use the feature which loads the keyfile before the 
root filesystem is mounted.

	Specifically, to use something similar in /boot/loader.conf:

geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"

	If it worked, please let me know. I couldn't do it on a 6.1-REL0. 
(keeps saying password is wrong, probably because it doesn't "see" the 
keyfile). Of course, the .key file is on unencrypted media.

	I appreciate your time and suggestions.

Thanks,
-- 
Alin-Adrian Anton
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785  2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA

"It is dangerous to be right when the government is wrong." - Voltaire