From owner-freebsd-questions@FreeBSD.ORG Thu Aug 21 14:55:30 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1268B4BA for ; Thu, 21 Aug 2014 14:55:30 +0000 (UTC) Received: from BLU004-OMC4S2.hotmail.com (blu004-omc4s2.hotmail.com [65.55.111.141]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (Client CN "*.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B15D13FAA for ; Thu, 21 Aug 2014 14:55:29 +0000 (UTC) Received: from BLU437-SMTP13 ([65.55.111.135]) by BLU004-OMC4S2.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22712); Thu, 21 Aug 2014 07:54:22 -0700 X-TMN: [ptnoQff3OCqFsR/ei+RN6NSJ9JYJ2DCz] X-Originating-Email: [f.toscan@hotmail.it] Message-ID: Received: from pillow.thwn ([79.51.50.183]) by BLU437-SMTP13.smtp.hotmail.com over TLS secured channel with Microsoft SMTPSVC(8.0.9200.16384); Thu, 21 Aug 2014 07:54:20 -0700 Received: from localhost (1001@localhost [local]); by localhost (OpenSMTPD) with ESMTPA id 10df3fb4; for ; Thu, 21 Aug 2014 14:54:06 +0200 (CEST) User-Agent: OpenSMTPD enqueuer (Demoostik) Date: Thu, 21 Aug 2014 14:54:05 +0200 From: Francesco Toscan To: questions@freebsd.org Subject: Re: geli keyfile not loading at boot Mail-Followup-To: Francesco Toscan , questions@freebsd.org References: <20140820150557.GA90970@bewilderbeast.blackhelicopters.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20140820150557.GA90970@bewilderbeast.blackhelicopters.org> X-OriginalArrivalTime: 21 Aug 2014 14:54:20.0702 (UTC) FILETIME=[CA0E13E0:01CFBD4F] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2014 14:55:30 -0000 On Wed, Aug 20, 2014 at 11:05:57AM -0400, Michael W. Lucas wrote: > Hi, > > I have a default FreeBSD 10.0/amd64 install. > > I'm trying to make a GELI device attach at boot. I initialized the > partition with -b, and am prompted at boot. When I try to enter the Hi, I have a slightly different setup: a keyfile-only based geli partition sitting on gmirror, loading keyfile from external usb device on boot. I run FreeBSD 9.1-RELEASE/amd64. > My initial root partition is da0p2. The key is /boot/da1p1.key. The > GELI partition is da1p1. Here's my loader.conf: > > geom_eli_load=YES > geli_da1p1_keyfile0_load="YES" > geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0" > geli_da1p1_keyfile0_name="/boot/da1p1.key" > kern.geom.eli.debug=3 Hit and miss here, but I think geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0 should be: geli_da1p1_keyfile0_type="da1p1:geli_keyfile0 as geli_$dev_keyfile0_type="$dev:geli_keyfile0. $dev should read "the whole path to the device to crypt minus /dev". Here's my loader.conf, system is running 9.1-RELEASE: # GEOM MIRROR is /dev/mirror/system # GELI partition is /dev/mirror/system.eli # / is in /dev/mirror/system.elip1 # disk0 is BIOS' idea of USB device geom_mirror_load="YES" geom_eli_load="YES" vfs.root.mountfrom="ufs:/dev/mirror/system.elip1" geli_mirror_system_keyfile0_load="YES" geli_mirror_system_keyfile0_type="mirror/system:geli_keyfile0" geli_mirror_system_keyfile0_name="disk0:/server.key" I hope this could be useful. -- f. "Corruptissima re publica, plurimae leges" -- Publius Cornelius Tacitus