Date: Fri, 14 Sep 2018 17:55:58 -0700 From: Lee Brown <leeb@ratnaling.org> To: geom@freebsd.org Subject: geli - why do I need a keyfile Message-ID: <CAFPNf588xqRYZRoCACr2n_NyfMsMvrXPR4_DjWy4evBY_1HaAQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I want to create a geli provider as authentication only, no password, no encryption. I do: # geli init -a HMAC/SHA256 -e NULL -P -s 4096 geli: No key components given. instead I tried # touch /tmp/key # geli init -a HMAC/SHA256 -e NULL -P -s 4096 -k /tmp/key test it # geli attach -p -k /tmp/key but during boot that fails with with "Cannot find key file size for /boot/keys/key" # ls -l /boot/keys/key -rw-r--r-- 1 root wheel 0 Sep 14 11:44 /boot/keys/key Instead: # echo " " > /tmp/key solves that issue, but I still don't get why I even need a key file with -e NULL? I'm fine if this is a corner case to be ignored (keyfile required), but I do think the attach with a zero length key file should fail if it's not going to work at boot time. It should be consistent one way or another. Let me know if I should file a bug report and which way it should be filed (ie zero length keyfile attach should fail, or zero length keyfile should work at boot) Thanks -- lee
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFPNf588xqRYZRoCACr2n_NyfMsMvrXPR4_DjWy4evBY_1HaAQ>