Temporarily halt boot process to enter encryption keys?

Corey J. Bukolt 0.23 at mail.ru
Thu Dec 10 22:16:40 UTC 2009


RW wrote:
> On Wed, 09 Dec 2009 01:31:47 -0600
> "Corey J. Bukolt" <0.23 at mail.ru> wrote:
>
>   
>> Hello list,
>>
>> I have a FreeNAS box with a CF card for root, and 3 drives (soon to be
>> 4) set up with encryption and raidz on top of them.
>> A less than excellent detailed report of what I did is here:
>> http://bit.ly/5BeZq8
>> This setup is a bit hackish as after the system boots I need to attach
>> each drive using geli, run "zpool import -f primary", and then restart
>> all my services (nfs, samba, etc).
>>
>> It's become a bit of a chore (especially when doing it all from a
>> N810), so I'm looking for a way to temporary halt the boot process so
>> that I can ssh in, attach the drives, and then allow the system to
>> continue to boot.
>>
>>     
>
> It's fairly trivial to write an rc.d script that pauses the boot
> process and waits for devices, but sshd runs after LOGIN, and nfs runs
> before, so you can't easily reorder then without maintaining modified
> rc.d scripts.
>
>
> I don't see the point though. Why not just write a script to do
> what you are doing now? 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>   
You are right that I could very well just write a script and be done
with it, but I'm trying to find a more elegant approch.  Starting up a
whole bunch of services that are going to error, killing them, then
restarting seems to me as a messy approch.

Perhaps if I put a rc.d script before nfs that calls a lightweight sshd,
such as dropbear, and waits for all the drives to be attached with geli. 
Once they are, the script kills sshd and the boot continues as normal.

Think that would work?


More information about the freebsd-questions mailing list