On Fri, May 6, 2016 at 3:36 PM, Allan Jude <allanj...@freebsd.org> wrote:
> On 2016-05-06 07:38, Miguel C wrote:
> > Hi,
> > In recent current build BTX loader now prompts for a geli passphrase, but
> > typing the correct passphrase always fails.
> It is not the BTX loader, but 'boot2' (gptzfsboot)
> > After the 2 trys I get to the next part where loader.conf is loaded and I
> > am prompted again for a GELI Passphrase (I have
> > set to "YES") this is the one that's saved to be used later and it does
> > work.
> > The main diference seems to be the first one is trying to decrypt
> > while the other is doing it for "ada0p4" which should mean the same thing
> > for geli (I think) but they are not.
> This is because device names have not been assigned yet
> > I've misstyped the passphrase on purpose in the second prompt and let it
> > the normal boot until it tries to attach the devices and ask for a
> > passphrase for ada0p4, should like the "old days" and if I fail here 3
> > times it then swtichs to "disk0p4" or "DISKIDblahblah" and all of this
> > with a correct passphrase.
> > I've uses FreeBSD installer with ZFS + GELI to do this and it seems geli
> > only knows how to decrypt "ada0..." but nothing else, probably due to how
> > its was created, or maybe its by design...
> > Anyway for me it works great if I get asked the passphrase when
> > quicks in, and use it later.
> > But I am curious about the BTX loader prompt... even if it did work for
> > disk0p4 how will it load the keyfile? I can type the passphrase but it
> > wouldn't know about the keyfile or be able to access it.
> It does not currently support loading key files, and that is why it did
> not work.
> This change was committed a while ago, and has since been protected
> behind a new GELI flag, so you have to specifically turn this feature
> (prompting for the passphrase in gptzfsboot, which allows you to boot
> without having to have an unencrypted /boot) on.
> If you upload your source to a more recent -current, and install that
> version of gptzfsboot and /boot/zfsloader, this should stop happening to
> In the future, the plan is for gptzfsboot to support loading your key
> file from a new dedicated partition type, freebsd-gelikey
Cool, I had a "somewhat recent" source (March something), but I am now
updating to the latest and I'll confirm the change after the kernel/world
That does sound like a a perfect solution, can't wait.
> > _______________________________________________
> > firstname.lastname@example.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to "
> Allan Jude
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"