From nobody Mon Aug 15 14:23:35 2022 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M5xNK14zsz4Z6Hl for ; Mon, 15 Aug 2022 14:23:45 +0000 (UTC) (envelope-from guido@gvr.org) Received: from gvr.gvr.org (2a02-a44b-36d-100--2.fixed6.kpn.net [IPv6:2a02:a44b:36d:100::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "gvr.gvr.org", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M5xNJ1KxMz3fZh for ; Mon, 15 Aug 2022 14:23:44 +0000 (UTC) (envelope-from guido@gvr.org) Received: from gvr.gvr.org (localhost [127.0.0.1]) by gvr.gvr.org (Postfix) with ESMTP id 766C44081B for ; Mon, 15 Aug 2022 16:23:35 +0200 (CEST) X-Virus-Scanned: amavisd-new at gvr.org Received: from gvr.gvr.org ([127.0.0.1]) by gvr.gvr.org (gvr.gvr.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UtHsiOMsdLp9 for ; Mon, 15 Aug 2022 16:23:35 +0200 (CEST) Received: by gvr.gvr.org (Postfix, from userid 657) id 3CD2340408; Mon, 15 Aug 2022 16:23:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gvr.org; s=20220114; t=1660573415; bh=ByZtsfNI/ohyo92PRdA3a6C7mNmcAG8gHc75h8/w9hw=; h=Date:From:To:Subject; b=TxbqZNYhBj9gH6ezRoSX+CNpenngJiiL2svOwGnAKbqKc516/n3dWpdlpNgCk5LIX yvsV/y4gsoXQ1OEGHSspc32VuMgziqa1CF27r64ruryh0/S93neUpg5Z0ZloBF+4EA gFuA2qgpStpEUWLQyqdpt5FBgQIJdNZoIdLy83IGY5CNM3atSqAjYg4vNFG3HUHwf7 hovpOk/0o+DA6Gn+XLdozYz9/tIjwWs0Reiw+Q7xWL0O5+CoEYg/o+7XeJbIlmx9QM /85HsnnY5XmoZFcFlYi4g3bCo2WAHTWZfLq7A9GW+N7CNQ8V95hkDgdtF6uxxa+E8z 03tk4oPHAdOOQ== Date: Mon, 15 Aug 2022 16:23:35 +0200 From: Guido van Rooij To: freebsd-hackers@freebsd.org Subject: How to use serial console to enter GELI password to boot kernel on a GELI encrypted ZFS pool Message-ID: List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 4M5xNJ1KxMz3fZh X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gvr.org header.s=20220114 header.b=TxbqZNYh; dmarc=pass (policy=none) header.from=gvr.org; spf=pass (mx1.freebsd.org: domain of guido@gvr.org designates 2a02:a44b:36d:100::2 as permitted sender) smtp.mailfrom=guido@gvr.org X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gvr.org,none]; R_DKIM_ALLOW(-0.20)[gvr.org:s=20220114]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; DKIM_TRACE(0.00)[gvr.org:+]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; FROM_HAS_DN(0.00)[]; FREEFALL_USER(0.00)[guido]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; ASN(0.00)[asn:1136, ipnet:2a02:a400::/25, country:NL] X-ThisMailContainsUnwantedMimeParts: N Currently I have a system with ZFS on GELI. I use the ability in the EFI loader to enter the GELI password. Is it possible somehow to use a serial console to enter the password? My system does have a COM1 port but it isn't recognised at the early bot stage. There I only see: Consoles: EFI console GELI Passphrase for disk0p4: (Note: this is early in the boot process so there is no access to boot.config (or any other file in the ZFS pool) as it still on encrypted storage at that time). Regards, -Guido