Automatic Geli?

Fa bio fa-h-2007 at hotmail.com
Mon Apr 9 18:34:13 UTC 2012 

Hi!



Is it possible to recompile geli/kernel to automatically enter with password and/or key? I´ll explain with an example:



If you see a cache system called SpeedR (http://www.speedr.com.br/?locale=en), in their site you can download the ISO and burn it to a CD (http://www.speedr.com.br/rc/speedr-0...rc18.2-x64.iso)



It´s very interesting, because all partitions are encrypted with Geli, 
but there is no passphrase to enter at boot time or key directions in loader.conf file.



If you mount the partition with another FreeBSD you see only /boot dir. All files are secure!



At boot time you can see this:

Timecounters tick every 1.000 msec
ipfw2 initialized, divert enabled, nat enabled, rule-based forwarding enabled, default to accept, logging disabled
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched PRIO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
load_dn_sched dn_sched WF2Q+ loaded
usbus0: 12Mbps Full Speed USB v1.0
ad0: 20480MB <QEMU HARDDISK 0.10.2> at ata0-master WDMA2 
ugen0.1: <Intel> at usbus0
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ad1: 30720MB <QEMU HARDDISK 0.10.2> at ata0-slave WDMA2 
WARNING: ad0s1 expected rawoffset 0, found 63
uhub0: 2 ports with 2 removable, self powered
GEOM_ELI: Wrong key for ad0s1d. Tries left: 2.
ugen0.2: <QEMU 0.10.2> at usbus0
ums0: <Endpoint1 Interrupt Pipe> on usbus0
ums0: 3 buttons and [Z] coordinates ID=0
GEOM_ELI: Device ad0s1d.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI:     Crypto: software
acd0: CDROM <QEMU DVD-ROM/0.10.2> at ata1-slave WDMA2 
SMP: AP CPU #2 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #1 Launched!
GEOM_ELI: Wrong key for ad0s1cd. Tries left: 2.
GEOM_ELI: Cannot create device ad0s1cd.eli.
Trying to mount root from ufs:ad0s1d.eli
GEOM_ELI: Device ad0s1g.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI:     Crypto: software
GEOM_ELI: Device ad0s1f.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI:     Crypto: software
GEOM_ELI: Device ad0s1e.eli created.
GEOM_ELI: Encryption: AES-XTS 128
GEOM_ELI:     Crypto: software
How is it possible?



Important: I don't want to get inside this system! I just want to 
understand how it is possible to automatically mount geli partitions 
without entering any key or passphrase.



I saw many tutorials but they all ask to enter a passphrase!



Any ideas?



Thanks

Felix

More information about the freebsd-geom mailing list