GELI without passphrase on ZFS root
Alaksiej
ac at belngo.info
Thu Oct 25 17:36:56 UTC 2018
Hi!
I believe geom_eli asks for passphrase, when it finds BOOT flag in
metadata. It doesn't check whether you really have passphrase set up, or
not, just the flag status.
Therefore, you have to do
geli configure -B <provider>
to clear the flag. See "configure" subcommand in man geli.
Best,
Alaksiej Carniajeu
On Thu, Oct 25, 2018 at 1:25 PM Michael .. <mikey at usa.com> wrote:
> Hi,
>
> Has anyone been able to achieve this?
>
> I installed FreeBSD 11.2 using AutoZFS option with encryption turned on.
> Passphrase is specified as part of install.
>
> I want to switch to only a keyfile and no passphrase:
>
> geli setkey -K /boot/encryption.key -P /dev/xyz
>
> This completes, but I'm still prompted for passphrase on boot. Nothing
> appears accepted by the prompt (as the userkey is using only keyfile now?)
>
> Setting geom_eli_passphrase_prompt="NO" doesn't help.
>
> Michael.
> _______________________________________________
> freebsd-geom at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"
>
More information about the freebsd-geom
mailing list