Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How to disable GELI selectively?
9 views
Skip to first unread message
thor
Jun 18, 2018, 12:22:22 PM6/18/18
to
Hello!
Here I have a computer with 2 HDDs partitioned identically with GELI
encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase for /dev/ada0p3
and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want since
the second HDD should be attached manually when needed ONLY and all
other time it should be unmounted. I am to press enter enough times to
make me mad.
I have found
https://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068704.html
but it resolves the problem how to mount /dev/ada1p3.eli on boot but not
how not to mount it.
kern.geom.eli.tries=0 makes geli not to ask for every passphrase
including /dev/ada0p3 and the boot correspondingly totally fails.
What should I do?
Thor
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
Here I have a computer with 2 HDDs partitioned identically with GELI
encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase for /dev/ada0p3
and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want since
the second HDD should be attached manually when needed ONLY and all
other time it should be unmounted. I am to press enter enough times to
make me mad.
I have found
https://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068704.html
but it resolves the problem how to mount /dev/ada1p3.eli on boot but not
how not to mount it.
kern.geom.eli.tries=0 makes geli not to ask for every passphrase
including /dev/ada0p3 and the boot correspondingly totally fails.
What should I do?
Thor
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
Erich Dollansky
Jun 18, 2018, 9:56:05 PM6/18/18
to
Hi,
On Tue, 19 Jun 2018 00:19:01 +0800
thor <th...@irk.ru> wrote:
> Hello!
>
> Here I have a computer with 2 HDDs partitioned identically with GELI
> encrypted root as in
> https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
>
> When I boot the computer it properly asks the passphrase
> for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
>
> Then, it asks "Enter passphrase for gptid...." which I don't want
> since the second HDD should be attached manually when needed ONLY and
> all other time it should be unmounted. I am to press enter enough
> times to make me mad.
>
> What should I do?
>
just take all other partitions / slices out of /etc/fstab.
Erich
On Tue, 19 Jun 2018 00:19:01 +0800
thor <th...@irk.ru> wrote:
> Hello!
>
> Here I have a computer with 2 HDDs partitioned identically with GELI
> encrypted root as in
> https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
>
> When I boot the computer it properly asks the passphrase
> for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
>
> Then, it asks "Enter passphrase for gptid...." which I don't want
> since the second HDD should be attached manually when needed ONLY and
> all other time it should be unmounted. I am to press enter enough
> times to make me mad.
>
>
just take all other partitions / slices out of /etc/fstab.
Erich
thor
Jun 18, 2018, 11:42:51 PM6/18/18
to
The other partitions are NOT in fstab. They are mounted manually with
explicit mount and geli attach commands. Moreover, it occurs during a
boot well before init gets control and spawns the mount process.
explicit mount and geli attach commands. Moreover, it occurs during a
boot well before init gets control and spawns the mount process.
Erich Dollansky
Jun 19, 2018, 12:29:00 AM6/19/18
to
Hi,
On Tue, 19 Jun 2018 11:39:24 +0800
thor <th...@irk.ru> wrote:
> The other partitions are NOT in fstab. They are mounted manually with
> explicit mount and geli attach commands. Moreover, it occurs during a
> boot well before init gets control and spawns the mount process.
>
what is then in your /boot/loader.conf?
Erich
On Tue, 19 Jun 2018 11:39:24 +0800
thor <th...@irk.ru> wrote:
> The other partitions are NOT in fstab. They are mounted manually with
> explicit mount and geli attach commands. Moreover, it occurs during a
> boot well before init gets control and spawns the mount process.
>
Erich
thor
Jun 19, 2018, 6:39:00 AM6/19/18
to
% cat /boot/loader.conf
geom_eli_load="YES"
geli_ada0p3_keyfile0_load="YES"
geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
geli_ada0p3_keyfile0_name="/boot/key"
vfs.root.mountfrom="ufs:ada0p3.eli"
geom_eli_load="YES"
geli_ada0p3_keyfile0_load="YES"
geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
geli_ada0p3_keyfile0_name="/boot/key"
vfs.root.mountfrom="ufs:ada0p3.eli"
kern.vty="sc"
aesni_load="YES"
nvidia_load="YES"
linux_load="YES"
Erich Dollansky
Jun 19, 2018, 9:48:34 AM6/19/18
to
Hi,
On Tue, 19 Jun 2018 18:35:29 +0800
thor <th...@irk.ru> wrote:
> % cat /boot/loader.conf
> geom_eli_load="YES"
> geli_ada0p3_keyfile0_load="YES"
> geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
> geli_ada0p3_keyfile0_name="/boot/key"
I do not understand this ether. It should attach only the partition
mentioned above.
Can you try the following for the partitions not to attach:
geli_adaXp3_keyfile0_load="NO"
replacing the X with the real number.
Erich
thor
Jun 19, 2018, 10:21:35 AM6/19/18
to
Already tried. No effect.
0 new messages