Booting a GELI encrypted hard disk

Pawel Jakub Dawidek pjd at
Thu Oct 25 08:19:11 PDT 2007

On Thu, Oct 25, 2007 at 03:53:34PM +0200, Oliver Fromme wrote:
>  > The pen-drive is not needed for your system to run and you can be easly
>  > take it with you, which is not always the case for your laptop.
> Are you saying that the USB pen-drive can be removed while
> the system is running (after it has booted)?  I remember
> that it was impossible in the past to remove the root vnode
> (which in this case would be the /boot file system from the
> pen-drive).  Did that change recently?  Or is there a way
> to change the system's root vnode from the pen-drive to the
> root file system on the encrypted disk?  If so, then how?

The boot directory is different that root file system. /boot/ directory
is only accessed by loader before root file system is mounted. The root
file system can be mounted from encrypted disk, because loader loads the
kernel (and eventually geom_eli.ko module) from the /boot/ directory.

Most of the time /boot/ directory is on the root file system, but there
is no need for that - you can boot from different /boot/ directory and
have different /boot/ directory in your root file system.

Pawel Jakub Dawidek             
pjd at                 
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list