Date: Sun, 12 Oct 2014 03:07:53 +0800 From: alphachi <alphachi@mediaspirit.org> To: freebsd-questions@freebsd.org Subject: About GELI root Message-ID: <634BC660-A4FE-4F05-B7D0-8B93D1AF17A6@mediaspirit.org>
next in thread | raw e-mail | index | archive | help
Environment: FreeBSD 10.0R amd64 The root partition is /dev/ada0p1 with gpart label /dev/gpt/rootfs. = /dev/gpt/rootfs.eli is created from /dev/gpt/rootfs, not /dev/ada0p1. # cat /boot/loader.conf vfs.root.mountfrom=3D"ufs:/dev/gpt/rootfs.eli" aesni_load=3D"YES" geom_eli_load=3D"YES" geli_gpt_rootfs_keyfile0_load=3D"YES" geli_gpt_rootfs_keyfile0_type=3D"gpt/rootfs:geli_keyfile0" geli_gpt_rootfs_keyfile0_name=3D"/boot/rootfskey" Question 1. Boot is OK, but many messages like the under can be found in dmesg: ... GEOM_ELI: Found no key files in loader.conf for ad4p1 ... GEOM_ELI: Found no key files in loader.conf for gptid/* ... After adding "kern.cam.ada.legacy_aliases=3D0" to /boot/loader.conf, the = left messages are: GEOM_ELI: Found no key files in loader.conf for ada0p1 GEOM_ELI: Found no key files in loader.conf for gptid/* How to: disable the two messages except to change gpt_rootfs and = gpt/rootfs to ada0p1 in /boot/loader.conf? Question 2 I want to use the two different authentication for the root partition. = The first(geli setkey -n 0) is a key without passphrase. The partition = can be automounted with it. The second(geli setkey -n 1) is a passphrase = without key. The partition can be mounted manually with it on the other = computers. Before I add the second, the partition can be automounted. After adding = it, I have to input the passphrase at booting. It looks like the system = mix the two authentication, instead of independence. Perhaps because of = "geli init -b"? How to: if the key is found, the autobooting is OK; if the key isn't = found, the booting continue after inputting the passphrase? Thanks!=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?634BC660-A4FE-4F05-B7D0-8B93D1AF17A6>