DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Installation and Upgrading

FreeBSD Installation and Upgrading Installing and upgrading FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th March 2013
libertas libertas is offline
New User
 
Join Date: Jan 2012
Posts: 8
Default geli attach during boot problems

Hi all!

I'm building one of my home server (very small) with FreeBSD 9.1, and have a problem trying to open an encrypted partition for data at boot.

I followed http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html"]http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html

Used gpt for disk partitioning.
There's no problem when I issue the command:
geli attach -k /root/da2.key /dev/da2 (from the handbook example).

It is said that that I should include the following two lines in rc.conf
geli_devices="da2"
geli_da2_flags="-p -k /root/da2.key"

I really don't understand the following paragraph, as it's referring to '-P' option, but it's '-p' that is shown in the `geli_da2_flags`.

The problem is that when the server is booting, it asks for a key. I enter the key, via keyboard, but the system always says that it's wrong.

I tried also the following line instead:
geli_da2_flags=" -k /root/da2.key"
without the '-p' but always get the same result.

What should I do?

Another thing: Should I place a 'noauto' line for mounting this encrypted partition in /etc/fstab or does it need to be mounted afterwards from some script?
Reply With Quote
  #2   (View Single Post)  
Old 28th March 2013
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
There's no problem when I issue the command:
geli attach -k /root/da2.key /dev/da2 (from the handbook example).

[...]

geli_da2_flags="-p -k /root/da2.key"
In geli_da2_flags you are passing the -p flag, which you're not using in your command. The geli manpage says:

Quote:
-p Do not use passphrase as the key component.
So, remove the -p flag and it will (probably) work.



Quote:
I really don't understand the following paragraph, as it's referring to '-P' option, but it's '-p' that is shown in the `geli_da2_flags`.
You're confusing two flags. The flags in geli_da2_flags are passed to geli attach, the -P flag refers to geli init (quoting from the handbook):

Quote:
geli will not use a passphrase when attaching to the provider if -P was given during the geli init phase.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 9th April 2013
libertas libertas is offline
New User
 
Join Date: Jan 2012
Posts: 8
Default

That was it, I was confusing things. Thank you for your time and help!
Reply With Quote
Reply

Tags
geli boot

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
three problems :) craze OpenBSD Packages and Ports 6 6th March 2011 03:26 PM
Xtracting Data after Fragmentation / Block Count / Partition Problems on Boot IronForge OpenBSD Installation and Upgrading 3 16th December 2010 01:09 AM
GDM Problems Saint OpenBSD Packages and Ports 4 29th August 2010 09:42 AM
FreeBSD + Geli graudeejs Guides 9 26th October 2008 10:03 AM
Dual-boot laptop won't boot OpenBSD after upgrade to 4.3 kbeaucha OpenBSD Installation and Upgrading 17 30th May 2008 02:40 PM


All times are GMT. The time now is 04:34 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick