Date: Thu, 25 Oct 2018 20:38:34 +0300 From: Alaksiej <ac@belngo.info> Cc: freebsd-geom <freebsd-geom@freebsd.org> Subject: Re: GELI without passphrase on ZFS root Message-ID: <CAHsZcQF2AyMpFTPYL60yyjYct9ZGUNPd%2BDqnBtDeR==D2rD9=w@mail.gmail.com> In-Reply-To: <trinity-1e9f4851-d935-4fd2-b2af-d362644295eb-1540463114302@3c-app-mailcom-lxa11> References: <trinity-1e9f4851-d935-4fd2-b2af-d362644295eb-1540463114302@3c-app-mailcom-lxa11>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! I believe geom_eli asks for passphrase, when it finds BOOT flag in metadata. It doesn't check whether you really have passphrase set up, or not, just the flag status. Therefore, you have to do geli configure -B <provider> to clear the flag. See "configure" subcommand in man geli. Best, Alaksiej Carniajeu On Thu, Oct 25, 2018 at 1:25 PM Michael .. <mikey@usa.com> wrote: > Hi, > > Has anyone been able to achieve this? > > I installed FreeBSD 11.2 using AutoZFS option with encryption turned on. > Passphrase is specified as part of install. > > I want to switch to only a keyfile and no passphrase: > > geli setkey -K /boot/encryption.key -P /dev/xyz > > This completes, but I'm still prompted for passphrase on boot. Nothing > appears accepted by the prompt (as the userkey is using only keyfile now?) > > Setting geom_eli_passphrase_prompt="NO" doesn't help. > > Michael. > _______________________________________________ > freebsd-geom@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHsZcQF2AyMpFTPYL60yyjYct9ZGUNPd%2BDqnBtDeR==D2rD9=w>