From owner-freebsd-questions@FreeBSD.ORG Sat Sep 29 11:03:29 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 669AB106564A for ; Sat, 29 Sep 2012 11:03:29 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.104]) by mx1.freebsd.org (Postfix) with ESMTP id 228518FC0C for ; Sat, 29 Sep 2012 11:03:27 +0000 (UTC) Received: from [87.79.195.195] (helo=fabiankeil.de) by smtprelay06.ispgateway.de with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1THupN-0007BX-At; Sat, 29 Sep 2012 13:03:21 +0200 Date: Sat, 29 Sep 2012 13:02:26 +0200 From: Fabian Keil To: Martin Laabs Message-ID: <20120929130226.7df196d2@fabiankeil.de> In-Reply-To: <5066152E.5050709@martinlaabs.de> References: <5066152E.5050709@martinlaabs.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/Cw4SPlx0rhaoLbl6fnZ6GvJ"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 Cc: freebsd-questions@freebsd.org Subject: Re: Kernel asks only for the first GELI passphrase X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org, List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Sep 2012 11:03:29 -0000 --Sig_/Cw4SPlx0rhaoLbl6fnZ6GvJ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Martin Laabs wrote: > I have two partitions encrypted with GELI: ada0s2 and ada0s3. The loader= =20 > (located at an unencrypted part of the harddisk) loads the kernel and the= =20 > kernel asks me for the passphrase for ada0s2 to attach it afterwards. > However - my root file system is not at ada0s2.elia but on ada0s3.elia.=20 > Since the kernel did no attach ada0s3 (but the ada0s2 partition) it is al= so=20 > unable to mount the root filesystem which is somewhat bad. > So - is there a way (i.e. a loader.conf entry) how I can tell the loader= =20 > which partition I wanna have attached with a passphrase? Whether or not the kernel requests the passphrase depends on whether or not the BOOT flag (0x2) on the provider is set. You can check with "geli dump" if the flag is already set, and if it isn't, set it with "geli configure -b". For details see geli(8). > I tried to look at the code from the loader but did not find the source=20 > file where the attaching is done. The passphrase is requested by g_eli_taste() in sys/geom/eli/g_eli.c. Fabian --Sig_/Cw4SPlx0rhaoLbl6fnZ6GvJ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBm1UQACgkQBYqIVf93VJ2cbQCgzUltr8UY3ZRNgJLmKS78kcC4 zVcAoMbRt7C4eBIyGH0Kiviq0OSoNdvU =oeUk -----END PGP SIGNATURE----- --Sig_/Cw4SPlx0rhaoLbl6fnZ6GvJ--