Date: Mon, 15 Aug 2022 14:20:32 -0600 From: Warner Losh <imp@bsdimp.com> To: Guido van Rooij <guido@gvr.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: How to use serial console to enter GELI password to boot kernel on a GELI encrypted ZFS pool Message-ID: <CANCZdfoR9TcF71O0O7K2KT-_hsDG_6kxKK9KHpHdoowCoS709g@mail.gmail.com> In-Reply-To: <YvpW59mY6eK5KOQ0@gvr.gvr.org> References: <YvpW59mY6eK5KOQ0@gvr.gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000c61b1305e64d5de3 Content-Type: text/plain; charset="UTF-8" On Mon, Aug 15, 2022 at 8:23 AM Guido van Rooij <guido@gvr.org> wrote: > Currently I have a system with ZFS on GELI. I use the ability in > the EFI loader to enter the GELI password. > > Is it possible somehow to use a serial console to enter the password? > My system does have a COM1 port but it isn't recognised at the early > bot stage. There I only see: > > Consoles: EFI console > GELI Passphrase for disk0p4: > > (Note: this is early in the boot process so there is no access to > boot.config (or any other file in the ZFS pool) as it still on > encrypted storage at that time). > The boot loader.efi will read ESP:/efi/freebsd/loader.env for environment variables. You can use that to set the COM1 port since it appears your EFI system doesn't do console redirection. If you want it to only prompt COM1 for the password, but everything else is on the efi console, that's a lot harder. Warner --000000000000c61b1305e64d5de3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Mon, Aug 15, 2022 at 8:23 AM Guido= van Rooij <<a href=3D"mailto:guido@gvr.org">guido@gvr.org</a>> wrote= :<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.= 8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Currently I ha= ve a system with ZFS on GELI. I use the ability in<br> the EFI loader to enter the GELI password.<br> <br> Is it possible somehow to use a serial console to enter the password?<br> My system does have a COM1 port but it isn't recognised at the early<br= > bot stage. There I only see:<br> <br> =C2=A0 =C2=A0 Consoles: EFI console<br> =C2=A0 =C2=A0 GELI Passphrase for disk0p4:<br> <br> (Note: this is early in the boot process so there is no access to<br> boot.config (or any other file in the ZFS pool) as it still on<br> encrypted storage at that time).<br></blockquote><div><br></div><div>The bo= ot loader.efi will read ESP:/efi/freebsd/loader.env for environment</div><d= iv>variables. You can use that to set the COM1 port since it appears your</= div><div>EFI system doesn't do console redirection.</div><div><br></div= ><div>If you want it to only prompt COM1 for the password, but everything e= lse is</div><div>on the efi console, that's a lot harder.</div><div><br= ></div><div>Warner</div></div></div> --000000000000c61b1305e64d5de3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfoR9TcF71O0O7K2KT-_hsDG_6kxKK9KHpHdoowCoS709g>