Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How to disable GELI selectively?
10 views
Skip to first unread message
thor
Jun 18, 2018, 12:22:22 PM6/18/18
to
Hello!
Here I have a computer with 2 HDDs partitioned identically with GELI
encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase for /dev/ada0p3
and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want since
the second HDD should be attached manually when needed ONLY and all
other time it should be unmounted. I am to press enter enough times to
make me mad.
I have found
https://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068704.html
but it resolves the problem how to mount /dev/ada1p3.eli on boot but not
how not to mount it.
kern.geom.eli.tries=0 makes geli not to ask for every passphrase
including /dev/ada0p3 and the boot correspondingly totally fails.
What should I do?
Thor
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
Here I have a computer with 2 HDDs partitioned identically with GELI
encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase for /dev/ada0p3
and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want since
the second HDD should be attached manually when needed ONLY and all
other time it should be unmounted. I am to press enter enough times to
make me mad.
I have found
https://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068704.html
but it resolves the problem how to mount /dev/ada1p3.eli on boot but not
how not to mount it.
kern.geom.eli.tries=0 makes geli not to ask for every passphrase
including /dev/ada0p3 and the boot correspondingly totally fails.
What should I do?
Thor
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
Erich Dollansky
Jun 18, 2018, 9:56:05 PM6/18/18
to
Hi,
On Tue, 19 Jun 2018 00:19:01 +0800
thor <th...@irk.ru> wrote:
> Hello!
>
> Here I have a computer with 2 HDDs partitioned identically with GELI
> encrypted root as in
> https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
>
> When I boot the computer it properly asks the passphrase
> for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
>
> Then, it asks "Enter passphrase for gptid...." which I don't want
> since the second HDD should be attached manually when needed ONLY and
> all other time it should be unmounted. I am to press enter enough
> times to make me mad.
>
> What should I do?
>
just take all other partitions / slices out of /etc/fstab.
Erich
On Tue, 19 Jun 2018 00:19:01 +0800
thor <th...@irk.ru> wrote:
> Hello!
>
> Here I have a computer with 2 HDDs partitioned identically with GELI
> encrypted root as in
> https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
>
> When I boot the computer it properly asks the passphrase
> for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
>
> Then, it asks "Enter passphrase for gptid...." which I don't want
> since the second HDD should be attached manually when needed ONLY and
> all other time it should be unmounted. I am to press enter enough
> times to make me mad.
>
>
just take all other partitions / slices out of /etc/fstab.
Erich
thor
Jun 18, 2018, 11:42:51 PM6/18/18
to
The other partitions are NOT in fstab. They are mounted manually with
explicit mount and geli attach commands. Moreover, it occurs during a
boot well before init gets control and spawns the mount process.
explicit mount and geli attach commands. Moreover, it occurs during a
boot well before init gets control and spawns the mount process.
Erich Dollansky
Jun 19, 2018, 12:29:00 AM6/19/18
to
Hi,
On Tue, 19 Jun 2018 11:39:24 +0800
thor <th...@irk.ru> wrote:
> The other partitions are NOT in fstab. They are mounted manually with
> explicit mount and geli attach commands. Moreover, it occurs during a
> boot well before init gets control and spawns the mount process.
>
what is then in your /boot/loader.conf?
Erich
On Tue, 19 Jun 2018 11:39:24 +0800
thor <th...@irk.ru> wrote:
> The other partitions are NOT in fstab. They are mounted manually with
> explicit mount and geli attach commands. Moreover, it occurs during a
> boot well before init gets control and spawns the mount process.
>
Erich
thor
Jun 19, 2018, 6:39:00 AM6/19/18
to
% cat /boot/loader.conf
geom_eli_load="YES"
geli_ada0p3_keyfile0_load="YES"
geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
geli_ada0p3_keyfile0_name="/boot/key"
vfs.root.mountfrom="ufs:ada0p3.eli"
geom_eli_load="YES"
geli_ada0p3_keyfile0_load="YES"
geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
geli_ada0p3_keyfile0_name="/boot/key"
vfs.root.mountfrom="ufs:ada0p3.eli"
kern.vty="sc"
aesni_load="YES"
nvidia_load="YES"
linux_load="YES"
Erich Dollansky
Jun 19, 2018, 9:48:34 AM6/19/18
to
Hi,
On Tue, 19 Jun 2018 18:35:29 +0800
thor <th...@irk.ru> wrote:
> % cat /boot/loader.conf
> geom_eli_load="YES"
> geli_ada0p3_keyfile0_load="YES"
> geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
> geli_ada0p3_keyfile0_name="/boot/key"
I do not understand this ether. It should attach only the partition
mentioned above.
Can you try the following for the partitions not to attach:
geli_adaXp3_keyfile0_load="NO"
replacing the X with the real number.
Erich
thor
Jun 19, 2018, 10:21:35 AM6/19/18
to
Already tried. No effect.
0 new messages