From owner-freebsd-questions@freebsd.org Tue Jun 26 14:05:57 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 600511028287 for ; Tue, 26 Jun 2018 14:05:57 +0000 (UTC) (envelope-from thor@irk.ru) Received: from mail.irk.ru (mail.irk.ru [195.206.40.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DB38571BEA for ; Tue, 26 Jun 2018 14:05:56 +0000 (UTC) (envelope-from thor@irk.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=irk.ru; s=dkim; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version: Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=R/U0WRhvkwUmneLN50OE0ePu6lj4hpeenXPROIVmbQ0=; b=ex9E+DhkzN43IHBFl8OFCj6f/0 ig2jNm/dJYcuaPen4CHTJKt7H2yjhTl2qrjiPu5qyY+DkMV5cdrcLtBrI29ihxfJSg0sq7yxG8pA7 agrcXr4+q9n42usCpKNcxrh9nQahxtv7N20BWqoXcmzW27F/cTUoO8mcLSRwUYLFVpo8=; Received: from [194.176.114.54] (helo=[192.168.1.130]) by mail.irk.ru with esmtpa (Exim 4.89 (FreeBSD)) (envelope-from ) id 1fXoTW-0003xp-Bo for freebsd-questions@freebsd.org; Tue, 26 Jun 2018 21:57:42 +0800 Subject: Re: How to disable GELI selectively? To: freebsd-questions@freebsd.org References: <07733d85-d212-8866-b3eb-56ee42340294@irk.ru> <99c15b36-0a38-38f7-8fa1-53009759d038@cyberleo.net> From: thor Message-ID: <51a1ff0e-a5ed-7f65-c405-cbf8cdfef150@irk.ru> Date: Tue, 26 Jun 2018 22:05:19 +0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <99c15b36-0a38-38f7-8fa1-53009759d038@cyberleo.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2018 14:05:57 -0000 Not acceptable. It's necessary to keep the option of changing the drives and booting from the second one. It's formatted exactly as the first one just for this purpose. On 06/26/18 21:23, CyberLeo Kitsana wrote: > On 06/18/2018 11:19 AM, thor wrote: >> Hello! >> >> Here I have a computer with 2 HDDs partitioned identically with GELI >> encrypted root as in >> https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/ >> >> >> When I boot the computer it properly asks the passphrase for /dev/ada0p3 >> and mounts /dev/ada0p3.eli as a root. >> >> Then, it asks "Enter passphrase for gptid...." which I don't want since >> the second HDD should be attached manually when needed ONLY and all >> other time it should be unmounted. I am to press enter enough times to >> make me mad. >> >> I have found >> https://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068704.html >> but it resolves the problem how to mount /dev/ada1p3.eli on boot but not >> how not to mount it. >> >> kern.geom.eli.tries=0 makes geli not to ask for every passphrase >> including /dev/ada0p3 and the boot correspondingly totally fails. >> >> What should I do? > Try running geli configure -b on the root and geli configure -B on all > the others. That should set resp. clear the BOOT flag that geli.ko uses > to determine which geoms to attach at boot. > > See the documentation for the 'configure' command in geli(8) for more > information. >