Kernel asks only for the first GELI passphrase

Fabian Keil freebsd-listen at
Sat Sep 29 11:03:29 UTC 2012

Martin Laabs <mailinglists at> wrote:

> I have two partitions encrypted with GELI: ada0s2 and ada0s3. The loader 
> (located at an unencrypted part of the harddisk) loads the kernel and the 
> kernel asks me for the passphrase for ada0s2 to attach it afterwards.
> However - my root file system is not at ada0s2.elia but on ada0s3.elia. 
> Since the kernel did no attach ada0s3 (but the ada0s2 partition) it is also 
> unable to mount the root filesystem which is somewhat bad.
> So - is there a way (i.e. a loader.conf entry) how I can tell the loader 
> which partition I wanna have attached with a passphrase?

Whether or not the kernel requests the passphrase depends
on whether or not the BOOT flag (0x2) on the provider is set.

You can check with "geli dump" if the flag is already set,
and if it isn't, set it with "geli configure -b".

For details see geli(8).

> I tried to look at the code from the loader but did not find the source 
> file where the attaching is done.

The passphrase is requested by g_eli_taste() in sys/geom/eli/g_eli.c.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list