From owner-freebsd-geom@freebsd.org Thu Oct 25 17:36:55 2018 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C216F108772A for ; Thu, 25 Oct 2018 17:36:55 +0000 (UTC) (envelope-from a@carniajeu.com) Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 38B926A945 for ; Thu, 25 Oct 2018 17:36:54 +0000 (UTC) (envelope-from a@carniajeu.com) Received: by mail-lj1-x22f.google.com with SMTP id z21-v6so9031324ljz.0 for ; Thu, 25 Oct 2018 10:36:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=belngo-info.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:cc; bh=s7OqWuaziniQO5QkTqa27cYRDhJabtWKZdGt7A2N7eY=; b=qIdKckgUCdw1faigkG2kiLC/On2RZltbAM99uuDYwd7iHSrEuCe95s4ABhLJ/awFZX 5mIrHzfI+rjahpU0tJeABX3wtlK0R3qsmDHWG4/eAiz6CgN+BJaUM2u1XgReDS/TEZqZ YPAPGbGhpnp/VY8QgUOf7mg2U8GgLQDvD+djmv3uhNdjJreQ9X3og9IEMVsGnvWc//le 5NHTcrmvpMOMw1Z7nlLzMXk+ctrvT+BAlWa6JUeYvkfh7F7Nt1PVWQKpVk+FjCRGQavJ tuH5vrSS7vaedrjzbtTiCMFZxqqfxOBeqFr9WMIp7JVxeeYFvgaOIXjo0oLVdQRRW5ey 9pYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=s7OqWuaziniQO5QkTqa27cYRDhJabtWKZdGt7A2N7eY=; b=GIxuxYZSJG+6+uwoXSdIqbtJ+39aZCZcvP5McO5OgPHvn+GYSYY9ktzQR328ltjt5v dBQPm29dzVz5bgjpSxYAzdD2sof+Wu6Ep1MRCusj43cCf53Gp5SvYSdbtFc8+3ei+eOn xXxD7OTxTFoE+Ty+IWlD4rCojW/qaPOxDUDdkw+/fSr4aanH+kYbSo471Is6+YYgsyde qKM2chTsxbJ8eyF0skRbVTTBujRRJ39AJUGXnyKVfIHWaUv4b14CrazzQw0k6DC7DSqD HOnyMVqQ/7HtlUfBaaC5cte4dNAhWv4Q8jXnKgyHWHEfDkT4HvCL95ANgKq6/8yLaaNN iwgQ== X-Gm-Message-State: AGRZ1gL2OH+ST81ZMN7roMYYfetn8Ym/6TLogMk5XFPtjCN1CWLsurac JfEQGVvtjlGZ4qTaEaIxR0i3XwUmkSY7piMUafsQ++ShWAY= X-Google-Smtp-Source: AJdET5c4Wy+a5SLT4cmipxUCutOnced9GybrTUrvSEdoLlc59igGZtmAfQFALiKGeirkkd6f9Wfl48zYFO+HjYluoXg= X-Received: by 2002:a2e:93ca:: with SMTP id p10-v6mr118023ljh.158.1540489013169; Thu, 25 Oct 2018 10:36:53 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alaksiej Date: Thu, 25 Oct 2018 20:38:34 +0300 Message-ID: Subject: Re: GELI without passphrase on ZFS root Cc: freebsd-geom Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2018 17:36:56 -0000 Hi! I believe geom_eli asks for passphrase, when it finds BOOT flag in metadata. It doesn't check whether you really have passphrase set up, or not, just the flag status. Therefore, you have to do geli configure -B to clear the flag. See "configure" subcommand in man geli. Best, Alaksiej Carniajeu On Thu, Oct 25, 2018 at 1:25 PM Michael .. wrote: > Hi, > > Has anyone been able to achieve this? > > I installed FreeBSD 11.2 using AutoZFS option with encryption turned on. > Passphrase is specified as part of install. > > I want to switch to only a keyfile and no passphrase: > > geli setkey -K /boot/encryption.key -P /dev/xyz > > This completes, but I'm still prompted for passphrase on boot. Nothing > appears accepted by the prompt (as the userkey is using only keyfile now?) > > Setting geom_eli_passphrase_prompt="NO" doesn't help. > > Michael. > _______________________________________________ > freebsd-geom@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" >