How to unlock a md0 device with GELI during boot?
Olav Gjerde
olavgjerde at yahoo.no
Fri Nov 19 19:08:33 UTC 2010
I'm trying to unlock a geli encrypted file which contains multiple GELI keys to unlock several hard drives. The reason for this is that I want to unlock all the harddrives without typing the password for each harddrive for each reboot.
I've created a small file with dd, used mdconfig to create a md0 device, used geli init on the md0 device, attached it and finally I created an ufs filesystem on the /dev/md0.eli device
So far everything works fine.
For the boot process I added this line in /etc/rc.conf
mdconfig_md0="-t vnode -f /boot/geli.img"
This successfully created the md0 device.
I've also added this below the mdconfig line in rc.conf
geli_devices="md0"
geli_md0_flags="-k /boot/geli.key"
If I reboot I get the following error message during the boot:
Creating md0 device (vnode)
fsck: Could not determine filesystem type.
Fsck failed on /dev/md0 not mounting the filesystem.
But file works fine when I after the boot do this:
geli attach -k /boot/geli.key md0
Is it possible to geli to unlock the md0 device during the boot process?
Are there any other alternatives for my problem?
-- Olav
More information about the freebsd-geom
mailing list