Re: geli load key before rootfs is mounted
Chris wrote: I think you maybe running into a bug in 6.1 where the keyboard wont respond during the boot process. Of course you don't notice because keystrokes have no visual feedback at password input. Try adding this line to "/boot/device.hint" on your boot media: hint.kbdmux.0.disabled="1" I'm booting an encrypted root file system fine with GELI. Thank's for the tip. After reinitializing the geli device with -b flag, it works. Before, I used an rc script to geli attach, my mistake. Of course, rc scripts are read after boot. It seems loader.conf contents (which are exactly as before) are somehow ignored if the -b flag for that device is missing. I didn't dig for the details. Without the hint for kbdmux, it freezes. Or at least appears so, because it has no reaction to anything pressed. After adding the hint, it will attach the geli device correctly, however, the kernel fault traps right after that. I'm wondering if this is still a kbdmux issue, perhaps removing it from the kernel is better. -- Alin-Adrian Anton GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA) gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA "It is dangerous to be right when the government is wrong." - Voltaire ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: geli load key before rootfs is mounted
I think you maybe running into a bug in 6.1 where the keyboard wont respond during the boot process. Of course you don't notice because keystrokes have no visual feedback at password input. Try adding this line to "/boot/device.hint" on your boot media: hint.kbdmux.0.disabled="1" I'm booting an encrypted root file system fine with GELI. On 18/12/06, Alin-Adrian Anton <[EMAIL PROTECTED]> wrote: I've been playing around with geli and I was wondering if anyone managed to actually use the feature which loads the keyfile before the root filesystem is mounted. Specifically, to use something similar in /boot/loader.conf: geli_da1s3a_keyfile0_load="YES" geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" If it worked, please let me know. I couldn't do it on a 6.1-REL0. (keeps saying password is wrong, probably because it doesn't "see" the keyfile). Of course, the .key file is on unencrypted media. I appreciate your time and suggestions. Thanks, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
geli load key before rootfs is mounted
Hi, I've been playing around with geli and I was wondering if anyone managed to actually use the feature which loads the keyfile before the root filesystem is mounted. Specifically, to use something similar in /boot/loader.conf: geli_da1s3a_keyfile0_load="YES" geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0" geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key" If it worked, please let me know. I couldn't do it on a 6.1-REL0. (keeps saying password is wrong, probably because it doesn't "see" the keyfile). Of course, the .key file is on unencrypted media. I appreciate your time and suggestions. Thanks, -- Alin-Adrian Anton GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785 2F7C 5823 ABA0 1830 87BA) gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA "It is dangerous to be right when the government is wrong." - Voltaire ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"