From owner-freebsd-questions@freebsd.org Mon Jun 18 16:19:10 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89DBC1010FD0 for ; Mon, 18 Jun 2018 16:19:10 +0000 (UTC) (envelope-from thor@irk.ru) Received: from mail.irk.ru (mail.irk.ru [195.206.40.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0FB8E86430 for ; Mon, 18 Jun 2018 16:19:09 +0000 (UTC) (envelope-from thor@irk.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=irk.ru; s=dkim; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID :Subject:From:To:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=P3y5f/QIApwBvjf96cFXM4rUSGaMwjREl9Z7c0A1csk=; b=Y+kiQSxwseedA6SxrDc0713Ac0 cM3Afm6NcJcT7//NDIwgHrnv8iXa/izlStAV9cycT+GDfCgT3rGsyAQcGbHx3NW65olfqk4BmUfH7 T4zl6gdqsTG3CzFzywvZ6a3GbfpZS4wIyOYpK0srVjT+zRScXqkN7gECWPwxd8cJT9gM=; Received: from [194.176.114.54] (helo=[192.168.1.130]) by mail.irk.ru with esmtpa (Exim 4.89 (FreeBSD)) (envelope-from ) id 1fUwkG-0001uW-4E for freebsd-questions@freebsd.org; Tue, 19 Jun 2018 00:11:08 +0800 To: freebsd-questions@freebsd.org From: thor Subject: How to disable GELI selectively? Message-ID: <07733d85-d212-8866-b3eb-56ee42340294@irk.ru> Date: Tue, 19 Jun 2018 00:19:01 +0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2018 16:19:10 -0000 Hello! Here I have a computer with 2 HDDs partitioned identically with GELI encrypted root as in https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/ When I boot the computer it properly asks the passphrase for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root. Then, it asks "Enter passphrase for gptid...." which I don't want since the second HDD should be attached manually when needed ONLY and all other time it should be unmounted. I am to press enter enough times to make me mad. I have found https://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068704.html but it resolves the problem how to mount /dev/ada1p3.eli on boot but not how not to mount it. kern.geom.eli.tries=0 makes geli not to ask for every passphrase including /dev/ada0p3 and the boot correspondingly totally fails. What should I do? Thor