Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Aug 2014 14:54:05 +0200
From:      Francesco Toscan <f.toscan@hotmail.it>
To:        questions@freebsd.org
Subject:   Re: geli keyfile not loading at boot
Message-ID:  <BLU437-SMTP137B5CCADD73E5901334C0FFD30@phx.gbl>
In-Reply-To: <20140820150557.GA90970@bewilderbeast.blackhelicopters.org>
References:  <20140820150557.GA90970@bewilderbeast.blackhelicopters.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Aug 20, 2014 at 11:05:57AM -0400, Michael W. Lucas wrote:
> Hi,
> 
> I have a default FreeBSD 10.0/amd64 install.
> 
> I'm trying to make a GELI device attach at boot. I initialized the
> partition with -b, and am prompted at boot. When I try to enter the

Hi,

I have a slightly different setup: a keyfile-only based geli partition
sitting on gmirror, loading keyfile from external usb device on boot.
I run FreeBSD 9.1-RELEASE/amd64.

> My initial root partition is da0p2. The key is /boot/da1p1.key. The
> GELI partition is da1p1. Here's my loader.conf:
> 
> geom_eli_load=YES
> geli_da1p1_keyfile0_load="YES"
> geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0"
> geli_da1p1_keyfile0_name="/boot/da1p1.key"
> kern.geom.eli.debug=3

Hit and miss here, but I think
geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0 should be:

geli_da1p1_keyfile0_type="da1p1:geli_keyfile0

as geli_$dev_keyfile0_type="$dev:geli_keyfile0. 

$dev should read "the whole path to the device to crypt minus /dev". 

Here's my loader.conf, system is running 9.1-RELEASE:

# GEOM MIRROR is /dev/mirror/system
# GELI partition is /dev/mirror/system.eli
# / is in /dev/mirror/system.elip1
# disk0 is BIOS' idea of USB device
geom_mirror_load="YES"
geom_eli_load="YES"
vfs.root.mountfrom="ufs:/dev/mirror/system.elip1"
geli_mirror_system_keyfile0_load="YES"
geli_mirror_system_keyfile0_type="mirror/system:geli_keyfile0"
geli_mirror_system_keyfile0_name="disk0:/server.key"

I hope this could be useful.
-- 
f.

"Corruptissima re publica, plurimae leges"
	-- Publius Cornelius Tacitus

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU437-SMTP137B5CCADD73E5901334C0FFD30>