geli keyfile not loading at boot

Francesco Toscan f.toscan at
Thu Aug 21 14:55:30 UTC 2014

On Wed, Aug 20, 2014 at 11:05:57AM -0400, Michael W. Lucas wrote:
> Hi,
> I have a default FreeBSD 10.0/amd64 install.
> I'm trying to make a GELI device attach at boot. I initialized the
> partition with -b, and am prompted at boot. When I try to enter the


I have a slightly different setup: a keyfile-only based geli partition
sitting on gmirror, loading keyfile from external usb device on boot.
I run FreeBSD 9.1-RELEASE/amd64.

> My initial root partition is da0p2. The key is /boot/da1p1.key. The
> GELI partition is da1p1. Here's my loader.conf:
> geom_eli_load=YES
> geli_da1p1_keyfile0_load="YES"
> geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0"
> geli_da1p1_keyfile0_name="/boot/da1p1.key"
> kern.geom.eli.debug=3

Hit and miss here, but I think
geli_da1p1_keyfile0_type="da0p2:geli_da1p1_keyfile0 should be:


as geli_$dev_keyfile0_type="$dev:geli_keyfile0. 

$dev should read "the whole path to the device to crypt minus /dev". 

Here's my loader.conf, system is running 9.1-RELEASE:

# GEOM MIRROR is /dev/mirror/system
# GELI partition is /dev/mirror/system.eli
# / is in /dev/mirror/system.elip1
# disk0 is BIOS' idea of USB device

I hope this could be useful.

"Corruptissima re publica, plurimae leges"
	-- Publius Cornelius Tacitus

More information about the freebsd-questions mailing list