From owner-freebsd-questions@FreeBSD.ORG Wed Aug 20 21:13:25 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B429970A for ; Wed, 20 Aug 2014 21:13:25 +0000 (UTC) Received: from bewilderbeast.blackhelicopters.org (mwlucas-2-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:b9c::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BA5F43736 for ; Wed, 20 Aug 2014 21:13:23 +0000 (UTC) Received: from bewilderbeast.blackhelicopters.org (localhost [127.0.0.1]) by bewilderbeast.blackhelicopters.org (8.14.9/8.14.9) with ESMTP id s7KLD8cZ092293; Wed, 20 Aug 2014 17:13:19 -0400 (EDT) (envelope-from mwlucas@bewilderbeast.blackhelicopters.org) Received: (from mwlucas@localhost) by bewilderbeast.blackhelicopters.org (8.14.9/8.14.9/Submit) id s7KLD8iD092292; Wed, 20 Aug 2014 17:13:08 -0400 (EDT) (envelope-from mwlucas) Date: Wed, 20 Aug 2014 17:13:08 -0400 From: "Michael W. Lucas" To: Anton Sayetsky Subject: Re: geli keyfile not loading at boot Message-ID: <20140820211307.GA92271@bewilderbeast.blackhelicopters.org> References: <20140820150557.GA90970@bewilderbeast.blackhelicopters.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (bewilderbeast.blackhelicopters.org [127.0.0.1]); Wed, 20 Aug 2014 17:13:19 -0400 (EDT) Cc: questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2014 21:13:25 -0000 On Wed, Aug 20, 2014 at 06:10:51PM +0300, Anton Sayetsky wrote: > 2014-08-20 18:05 GMT+03:00 Michael W. Lucas : > > Hi, > > > > I have a default FreeBSD 10.0/amd64 install. > > > > I'm trying to make a GELI device attach at boot. I initialized the > > partition with -b, and am prompted at boot. When I try to enter the > > passphrase, I keep getting told that it's incorrect. Once I get into > > multi-user mode and manually attach the device, it attaches just fine. > > > > It seems that GELI isn't finding my key file. > > > > My initial root partition is da0p2. The key is /boot/da1p1.key. The > > GELI partition is da1p1. Here's my loader.conf: > > > > geom_eli_load=YES > > geli_da1p1_keyfile0_load="YES" > > ->>> > > geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0" > -<<< > This is wrong. Thanks, Anton. This stuff is poorly documented. >From looking at https://lists.freebsd.org/pipermail/freebsd-geom/2014-June/005944.html, it looks like this should work, but it doesn't. geli_da1p1key_keyfile0_load="YES" geli_da1p1key_keyfile0_type="da0p2:geli_keyfile0" geli_da1p1key_keyfile0_name="/boot/da1p1.key" boot_verbose=1 Any suggestions, folks? Is there a good explanation out there anywhere? All I've found are PRs and very specific mailing list posts aimed at specific situations. If I can figure out the general case, I'll get it in the man page. Thanks, ==ml -- Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/