From owner-freebsd-questions@FreeBSD.ORG Sat Oct 11 19:08:09 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3A52A5A6 for ; Sat, 11 Oct 2014 19:08:09 +0000 (UTC) Received: from mail-pd0-f171.google.com (mail-pd0-f171.google.com [209.85.192.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0FD45BEE for ; Sat, 11 Oct 2014 19:08:08 +0000 (UTC) Received: by mail-pd0-f171.google.com with SMTP id ft15so3481763pdb.30 for ; Sat, 11 Oct 2014 12:08:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :subject:message-id:date:to:mime-version; bh=nA5S6X4H86WJJQXVeYQ2JVP2WLbWmXzx//XROonOBLY=; b=FjweAGu98CWECgYP4o9Mkut23cUdEWujByN+x0KG3XO3QiKsmNn7cftiHcRDYqNxQA QNRVKXV39RpbY2axG6DJ9YZYrjiuurn3aoFPzFguwy80b82F+9fuBrMEkUPmnPZfhxMv /ImmyudfIDQ/e2S0mKXJEjuuKyu+2vTIXaxtran2G0R+7uf+NBufKk3dBBwTz316VkT+ 15ZIEoekMDCT7MrHHtufEjga0zODQRdotJ8pKRcVn2n+VDlZAOZ2JO8GkYmrNTvPw5lL wbCHnFfuBaFb5M53K2Xvu23NbQEpl1TKor/BhRrYxQ4btb0q5pY3n6WzphUpaL+hNOBo 0N9w== X-Gm-Message-State: ALoCoQkF8croZBJ3oAQFJz4g1wcEOppZkjYnMRMAyE108P+Z3i4m2rMuRht92YH8VxTTyUVBJENR X-Received: by 10.66.65.110 with SMTP id w14mr3045659pas.130.1413054481805; Sat, 11 Oct 2014 12:08:01 -0700 (PDT) Received: from mac.mso ([36.46.209.99]) by mx.google.com with ESMTPSA id o5sm6792601pdr.50.2014.10.11.12.07.59 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 11 Oct 2014 12:08:00 -0700 (PDT) From: alphachi Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: About GELI root Message-Id: <634BC660-A4FE-4F05-B7D0-8B93D1AF17A6@mediaspirit.org> Date: Sun, 12 Oct 2014 03:07:53 +0800 To: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Oct 2014 19:08:09 -0000 Environment: FreeBSD 10.0R amd64 The root partition is /dev/ada0p1 with gpart label /dev/gpt/rootfs. = /dev/gpt/rootfs.eli is created from /dev/gpt/rootfs, not /dev/ada0p1. # cat /boot/loader.conf vfs.root.mountfrom=3D"ufs:/dev/gpt/rootfs.eli" aesni_load=3D"YES" geom_eli_load=3D"YES" geli_gpt_rootfs_keyfile0_load=3D"YES" geli_gpt_rootfs_keyfile0_type=3D"gpt/rootfs:geli_keyfile0" geli_gpt_rootfs_keyfile0_name=3D"/boot/rootfskey" Question 1. Boot is OK, but many messages like the under can be found in dmesg: ... GEOM_ELI: Found no key files in loader.conf for ad4p1 ... GEOM_ELI: Found no key files in loader.conf for gptid/* ... After adding "kern.cam.ada.legacy_aliases=3D0" to /boot/loader.conf, the = left messages are: GEOM_ELI: Found no key files in loader.conf for ada0p1 GEOM_ELI: Found no key files in loader.conf for gptid/* How to: disable the two messages except to change gpt_rootfs and = gpt/rootfs to ada0p1 in /boot/loader.conf? Question 2 I want to use the two different authentication for the root partition. = The first(geli setkey -n 0) is a key without passphrase. The partition = can be automounted with it. The second(geli setkey -n 1) is a passphrase = without key. The partition can be mounted manually with it on the other = computers. Before I add the second, the partition can be automounted. After adding = it, I have to input the passphrase at booting. It looks like the system = mix the two authentication, instead of independence. Perhaps because of = "geli init -b"? How to: if the key is found, the autobooting is OK; if the key isn't = found, the booting continue after inputting the passphrase? Thanks!=