Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli

Reply: Mel Pilgrim : "Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli"
In reply to: Mel Pilgrim : "Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mariusz Zaborski <oshogbo_at_freebsd.org>
Date: Fri, 10 Feb 2023 11:25:03 UTC

To test decryption in dry mode (can be used on the decrypted device):
echo -n | geli attach -C -p -k - dev

If it succeeds you want to re-encrypt your devices.

On Fri, 10 Feb 2023 at 02:48, Mel Pilgrim <list_freebsd@bluerosetech.com>
wrote:

> On 2023-02-08 11:08, FreeBSD Security Advisories wrote:
> >
> =============================================================================
> > FreeBSD-SA-23:01.geli                                       Security
> Advisory
> >                                                            The FreeBSD
> Project
> >
> > Topic:          GELI silently omits the keyfile if read from stdin
>
> How do I test my existing devices to see if the master key needs to be
> encrypted?
>
> Does the solution change if the keyfiles don't require passwords?  I use
> GELI keyfiles without passwords for unattended reboots.
>
>