geli - why do I need a keyfile
Lee Brown
leeb at ratnaling.org
Sat Sep 15 00:56:05 UTC 2018
I want to create a geli provider as authentication only, no password, no
encryption. I do:
# geli init -a HMAC/SHA256 -e NULL -P -s 4096
geli: No key components given.
instead I tried
# touch /tmp/key
# geli init -a HMAC/SHA256 -e NULL -P -s 4096 -k /tmp/key
test it
# geli attach -p -k /tmp/key
but during boot that fails with with "Cannot find key file size for
/boot/keys/key"
# ls -l /boot/keys/key
-rw-r--r-- 1 root wheel 0 Sep 14 11:44 /boot/keys/key
Instead:
# echo " " > /tmp/key
solves that issue, but I still don't get why I even need a key file with -e
NULL?
I'm fine if this is a corner case to be ignored (keyfile required), but I
do think the attach with a zero length key file should fail if it's not
going to work at boot time. It should be consistent one way or another.
Let me know if I should file a bug report and which way it should be filed
(ie zero length keyfile attach should fail, or zero length keyfile should
work at boot)
Thanks -- lee
More information about the freebsd-geom
mailing list