FreeBSD 10.1 encrypted root-on-ZFS without passphrase
Julian Hsiao
madoka at nyanisore.net
Tue Jan 13 07:45:08 UTC 2015
Hi,
I'm trying to install FreeBSD 10.1 with all partitions (except /boot,
of course) encrypted, but without a passphrase. I chose "Auto (ZFS)"
and then "Encrypt Disks? YES" in the installer, entered a dummy
passphrase, and proceeded with the rest of the install. Afterwards, I
dropped into the manual configuration shell:
# zpool status zroot | grep eli | cut -w -f 2
ada0p4.eli
# geli setkey -k /boot/encryption.key -K /boot/encryption.key -P ada0p4
Note, that the master key encrypted with old keys and/or passphrase may
still exists in a metadata backup file.
# geli configure -B ada0p4
# exit
However, upon reboot I get this error during startup:
Trying to mount root from zfs:zroot/ROOT/default []...
Mounting from zfs:zroot/ROOT/default failed with error 2.
If I omit "geli configure -B" during manual configuration, then I'd be
prompted for a passphrase during boot, but no passphrase would work.
I'm pretty sure the passphrase was removed, however, since I also tried
to unlock the partition with a working system with just "geli attach -p
-k" and that worked.
I also tried adding to loader.conf:
geli_ada0p4_flags=" -p"
And that didn't help. What else am I overlooking?
More information about the freebsd-questions
mailing list