GELI tastes partitions before labels,
prompts for passphrase for both
Michael Sullivan
sullivanms at gmail.com
Wed Sep 26 18:58:38 UTC 2012
Hello,
I'm running 9.1-RC1. I configured an encrypted root disk with GELI
using the GPT label ("gpt/zsystem0") rather than the partition name
("ada0p3"). Everything works fine, but as it boots, I'm prompted for
the passphrase for the partition and have to make that fail before I
get prompted for the passphrase for the label. It's a minor annoyance
but might be worse on a server with many disks. I've seen a few other
people mention this behavior but haven't seen anything to indicate
that anybody is working on it. Is there a solution out there that I'm
not aware of?
My understanding of GEOM is rudimentary at this point, but poking
around in the code the only ideas I have are to create a blacklist of
providers (through a tunable string?) and check against it during
tasting; or something like adding a flag to the ELI metadata and, if
it's set, checking the provider's class and giving up if it's not a
label. Do either of those approaches sound reasonable?
Thanks
Michael
More information about the freebsd-geom
mailing list