ELI passphrase on boot with USB keyboard
lreid at cs.okstate.edu
Fri Jul 27 20:55:16 UTC 2007
Written by Reid Linnemann on 07/27/07 15:49>>
> Written by Rolf G Nielsen on 07/27/07 15:21>>
>> I recently purchased a new USB keyboard, since my old PS/2 one has
>> seen its best days. This has caused me annoying problems with my ELI
>> disks, though.
>> I have four SATA harddrives, all of which are encrypted using ELI
>> encryption. I've encrypted the raw disks, ad0, ad1, ad2 and ad3. The
>> resulting devices ad0.eli, ad1.eli, ad2.eli and ad3.eli, I've
>> concatenated into a large device, cc0, on which I have several
>> partitions. To get this working, I of course need to boot from a
>> separate device, and for that I use an SD card, which holds a boot
>> directory. With my old PS/2 keyboard, this worked like a charm, but it
>> seems to me, the ukbd driver isnt activated until after the ELI
>> encryption, which means I'm unable to enter the passphrases for the
>> disks, thus I can't get the computer passed the first passphrase prompt.
>> Currently I have both the old keyboard and the new USB one connected.
>> I use the PS/2 one to enter the passphrases, then I put it on the
>> floor under my desk and use the USB keyboard. As you may very well
>> understand, this is quite annoying. Is there a way to get the USB
>> keyboard to work at the point where I enter the passphrases?
>> I've tried to change the keys for the disks to not use a passphrase,
>> but only keyfiles and load them from loader.conf, just as described in
>> the GELI man page (yes I did set the -P option), but that simply will
>> not work (and to be honest, it's not a solution I'd favour); if I set
>> the -b option (ask for passphrase on boot), it still asks for the
>> passphrase, though there is none, and if I set the -B option (don't
>> ask for passphrase on boot), the computer ends up at the "mountroot>"
>> I'd appreciate any help.
>> Rolf Nielsen
> Try setting hints.atkbd0.disabled to 1 in the loader, or in the
> device.hints file. Your usb keyboard may work in early stages with that
> device hint.
Erm, set the hint in the loader _first_, and then only put it in
device.hints if it works!
More information about the freebsd-questions