From owner-freebsd-questions@FreeBSD.ORG  Wed Oct 10 15:15:41 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CC09F16A46B
	for <freebsd-questions@freebsd.org>;
	Wed, 10 Oct 2007 15:15:41 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E24713C4BE
	for <freebsd-questions@freebsd.org>;
	Wed, 10 Oct 2007 15:15:41 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: (qmail 87335 invoked by uid 1002); 10 Oct 2007 15:15:40 -0000
Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with
	qmail-scanner-1.22 
	(spamassassin: 2.64.  Clear:RC:1(208.70.104.100):. 
	Processed in 16.706303 secs); 10 Oct 2007 15:15:40 -0000
Received: from unknown (HELO ?192.168.30.110?)
	(steve@ibctech.ca@208.70.104.100)
	by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP;
	10 Oct 2007 15:15:23 -0000
Message-ID: <470CECA4.2090402@ibctech.ca>
Date: Wed, 10 Oct 2007 11:15:48 -0400
From: Steve Bertrand <iaccounts@ibctech.ca>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Daniel Marsh <jahilliya@gmail.com>
References: <470CCDE2.9090603@ibctech.ca>
	<ba5e78ea0710100811y56d28b7dma1e0771e7ed2e75b@mail.gmail.com>
In-Reply-To: <ba5e78ea0710100811y56d28b7dma1e0771e7ed2e75b@mail.gmail.com>
X-Enigmail-Version: 0.95.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Booting a GELI encrypted hard disk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Oct 2007 15:15:41 -0000

Daniel Marsh wrote:
> On 10/10/07, Steve Bertrand <iaccounts@ibctech.ca> wrote:
>> Hi all,
>>
>> I am voraciously attempting to get a FreeBSD system to boot from a GELI
>> encrypted hard disk, but am having problems.
>>
>> All of my searches lead to the same problem...GELI passphrase can not be
>> entered correctly upon boot. I have tried everything I have found on the
>> web (including disabling 'kbdmux' in the kernel) to no avail.
>>
>> Is there any chance that anyone here has found a resolution to this
>> problem, in the 6.x branch, and if not, has it been looked/resolved
>> within -current?
>>
>> Does anyone have a suggestion for a workaround?
> 
> 
> You could always use a key without a passphrase... unsafe as it is, put the
> key on a usb device that you remove once the machine has booted?

That is what I was going to try next. The 'howtos' I've been reading
require putting many of the boot files on the thumb drive, so would it
even be possible to unmount/remove the usb stick after the machine is
booted up?

If I was to do it this way, I would likely use two separate key files,
on two separate USB sticks.

Reference:

http://www.proportion.ch/index.php?page=31

Thanks for your feedback.

Steve