GELI doesn't ask passphrase on boot
Alexey Luckyanchikov
alexl at alkar.net
Mon Nov 14 06:46:41 PST 2005
On Sun, 13 Nov 2005, Pawel Jakub Dawidek wrote:
PJD> +> After boot "dmesg -a | fgrep -i eli" show:
PJD> +> GEOM_ELI[1]: Start tasting.
PJD> +> g_modevent(ELI, LOAD)
PJD> +> g_load_class(ELI)
PJD> +> g_eli_taste(ELI, ad0)
PJD> +> GEOM_ELI[3]: Tasting ad0.
PJD> +> g_destroy_geom(0xc1257300(eli:taste))
PJD> +> g_eli_taste(ELI, ad0s1)
PJD> +> GEOM_ELI[3]: Tasting ad0s1.
PJD> +> g_destroy_geom(0xc1256e80(eli:taste))
PJD> +> GEOM_ELI[1]: Tasting no more.
PJD> +> g_eli_taste(ELI, ad0s1a)
PJD> +> g_eli_taste(ELI, ad0s1b)
PJD> +> g_eli_taste(ELI, ad0s1c)
PJD> +> g_eli_taste(ELI, ad1)
PJD> +> g_eli_taste(ELI, ad1s1)
PJD> +> g_eli_taste(ELI, ad1s1a)
PJD> +> g_eli_taste(ELI, ad1s1c)
PJD> +> g_eli_taste(ELI, ad0s1a)
PJD> +>
PJD> +> It seems that problem is in g_eli.c, line 1092:
PJD> +> SYSINIT(geli_boot_end, SI_SUB_RUN_SCHEDULER, SI_ORDER_ANY, g_eli_on_boot_end, NULL)
PJD> +> geli_boot_end() called before GELI finish tasting.
PJD>
PJD> Use this feature only for encrypting root file system.
PJD> In case of other file systems, check out /etc/defaults/rc.conf for
PJD> examples of geli configuration on boot.
It was just an experiment, actually I want to encrypt root partition.
Let us assume that ad0 contain only unencrypted /boot and /etc/fstab
with:
/dev/ad1s1a.eli / ufs rw 1 1
AIUI GELI doesn't ask passphrase on boot for /dev/ad1s1a.eli.
Could you explain "right way" to create encrypted root partition?
--
Sincerely,
Alexey Luckyanchikov
More information about the freebsd-geom
mailing list