From owner-freebsd-questions@FreeBSD.ORG  Wed Aug 20 15:06:11 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9DDB86E2
 for <questions@freebsd.org>; Wed, 20 Aug 2014 15:06:11 +0000 (UTC)
Received: from bewilderbeast.blackhelicopters.org
 (mwlucas-2-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:b9c::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5E5E7394A
 for <questions@freebsd.org>; Wed, 20 Aug 2014 15:06:11 +0000 (UTC)
Received: from bewilderbeast.blackhelicopters.org (localhost [127.0.0.1])
 by bewilderbeast.blackhelicopters.org (8.14.9/8.14.9) with ESMTP id
 s7KF5vTT091001
 for <questions@freebsd.org>; Wed, 20 Aug 2014 11:06:09 -0400 (EDT)
 (envelope-from mwlucas@bewilderbeast.blackhelicopters.org)
Received: (from mwlucas@localhost)
 by bewilderbeast.blackhelicopters.org (8.14.9/8.14.9/Submit) id s7KF5v21091000
 for questions@freebsd.org; Wed, 20 Aug 2014 11:05:57 -0400 (EDT)
 (envelope-from mwlucas)
Date: Wed, 20 Aug 2014 11:05:57 -0400
From: "Michael W. Lucas" <mwlucas@michaelwlucas.com>
To: questions@freebsd.org
Subject: geli keyfile not loading at boot
Message-ID: <20140820150557.GA90970@bewilderbeast.blackhelicopters.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (bewilderbeast.blackhelicopters.org [127.0.0.1]);
 Wed, 20 Aug 2014 11:06:09 -0400 (EDT)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 15:06:11 -0000

Hi,

I have a default FreeBSD 10.0/amd64 install.

I'm trying to make a GELI device attach at boot. I initialized the
partition with -b, and am prompted at boot. When I try to enter the
passphrase, I keep getting told that it's incorrect. Once I get into
multi-user mode and manually attach the device, it attaches just fine.

It seems that GELI isn't finding my key file.

My initial root partition is da0p2. The key is /boot/da1p1.key. The
GELI partition is da1p1. Here's my loader.conf:

geom_eli_load=YES
geli_da1p1_keyfile0_load="YES"
geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0"
geli_da1p1_keyfile0_name="/boot/da1p1.key"
kern.geom.eli.debug=3

Any suggestions? What am I doing wrong here?

(Yes, I could just use the installer to do an encrypted install, but
then I wouldn't be able to write about this in a book...)

Thanks,
==ml

-- 
Michael W. Lucas  -  mwlucas@michaelwlucas.com, Twitter @mwlauthor 
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/