Discussion:
How to disable GELI selectively?
(too old to reply)
thor
2018-06-18 16:19:01 UTC
Permalink
Hello!

Here I have a computer with 2 HDDs partitioned identically with GELI
encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/

When I boot the computer it properly asks the passphrase for /dev/ada0p3
and mounts /dev/ada0p3.eli as a root.

Then, it asks "Enter passphrase for gptid...." which I don't want since
the second HDD should be attached manually when needed ONLY and all
other time it should be unmounted. I am to press enter enough times to
make me mad.

I have found
https://lists.freebsd.org/pipermail/freebsd-stable/2012-July/068704.html
but it resolves the problem how to mount /dev/ada1p3.eli on boot but not
how not to mount it.

kern.geom.eli.tries=0 makes geli not to ask for every passphrase
including /dev/ada0p3 and the boot correspondingly totally fails.

What should I do?

Thor
Erich Dollansky
2018-06-19 01:50:59 UTC
Permalink
Hi,

On Tue, 19 Jun 2018 00:19:01 +0800
Post by thor
Hello!
Here I have a computer with 2 HDDs partitioned identically with GELI
encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase
for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want
since the second HDD should be attached manually when needed ONLY and
all other time it should be unmounted. I am to press enter enough
times to make me mad.
What should I do?
just take all other partitions / slices out of /etc/fstab.

Erich
thor
2018-06-19 03:39:24 UTC
Permalink
The other partitions are NOT in fstab. They are mounted manually with
explicit mount and geli attach commands. Moreover, it occurs during a
boot well before init gets control and spawns the mount process.
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 00:19:01 +0800
Post by thor
Hello!
Here I have a computer with 2 HDDs partitioned identically with GELI
encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase
for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want
since the second HDD should be attached manually when needed ONLY and
all other time it should be unmounted. I am to press enter enough
times to make me mad.
What should I do?
just take all other partitions / slices out of /etc/fstab.
Erich
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
Erich Dollansky
2018-06-19 04:24:34 UTC
Permalink
Hi,

On Tue, 19 Jun 2018 11:39:24 +0800
Post by thor
The other partitions are NOT in fstab. They are mounted manually with
explicit mount and geli attach commands. Moreover, it occurs during a
boot well before init gets control and spawns the mount process.
what is then in your /boot/loader.conf?

Erich
Post by thor
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 00:19:01 +0800
Post by thor
Hello!
Here I have a computer with 2 HDDs partitioned identically with
GELI encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase
for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want
since the second HDD should be attached manually when needed ONLY
and all other time it should be unmounted. I am to press enter
enough times to make me mad.
What should I do?
just take all other partitions / slices out of /etc/fstab.
Erich
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
thor
2018-06-19 10:35:29 UTC
Permalink
 % cat /boot/loader.conf
geom_eli_load="YES"
geli_ada0p3_keyfile0_load="YES"
geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
geli_ada0p3_keyfile0_name="/boot/key"
vfs.root.mountfrom="ufs:ada0p3.eli"

kern.vty="sc"
aesni_load="YES"
nvidia_load="YES"
linux_load="YES"
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 11:39:24 +0800
Post by thor
The other partitions are NOT in fstab. They are mounted manually with
explicit mount and geli attach commands. Moreover, it occurs during a
boot well before init gets control and spawns the mount process.
what is then in your /boot/loader.conf?
Erich
Post by thor
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 00:19:01 +0800
Post by thor
Hello!
Here I have a computer with 2 HDDs partitioned identically with
GELI encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase
for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want
since the second HDD should be attached manually when needed ONLY
and all other time it should be unmounted. I am to press enter
enough times to make me mad.
What should I do?
just take all other partitions / slices out of /etc/fstab.
Erich
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
Erich Dollansky
2018-06-19 13:43:41 UTC
Permalink
Hi,

On Tue, 19 Jun 2018 18:35:29 +0800
Post by thor
 % cat /boot/loader.conf
geom_eli_load="YES"
geli_ada0p3_keyfile0_load="YES"
geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
geli_ada0p3_keyfile0_name="/boot/key"
I do not understand this ether. It should attach only the partition
mentioned above.

Can you try the following for the partitions not to attach:

geli_adaXp3_keyfile0_load="NO"

replacing the X with the real number.

Erich
Post by thor
vfs.root.mountfrom="ufs:ada0p3.eli"
kern.vty="sc"
aesni_load="YES"
nvidia_load="YES"
linux_load="YES"
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 11:39:24 +0800
Post by thor
The other partitions are NOT in fstab. They are mounted manually
with explicit mount and geli attach commands. Moreover, it occurs
during a boot well before init gets control and spawns the mount
process.
what is then in your /boot/loader.conf?
Erich
Post by thor
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 00:19:01 +0800
Post by thor
Hello!
Here I have a computer with 2 HDDs partitioned identically with
GELI encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase
for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want
since the second HDD should be attached manually when needed ONLY
and all other time it should be unmounted. I am to press enter
enough times to make me mad.
What should I do?
just take all other partitions / slices out of /etc/fstab.
Erich
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
thor
2018-06-19 14:18:03 UTC
Permalink
Already tried. No effect.
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 18:35:29 +0800
Post by thor
 % cat /boot/loader.conf
geom_eli_load="YES"
geli_ada0p3_keyfile0_load="YES"
geli_ada0p3_keyfile0_type="ada0p3:geli_keyfile0"
geli_ada0p3_keyfile0_name="/boot/key"
I do not understand this ether. It should attach only the partition
mentioned above.
geli_adaXp3_keyfile0_load="NO"
replacing the X with the real number.
Erich
Post by thor
vfs.root.mountfrom="ufs:ada0p3.eli"
kern.vty="sc"
aesni_load="YES"
nvidia_load="YES"
linux_load="YES"
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 11:39:24 +0800
Post by thor
The other partitions are NOT in fstab. They are mounted manually
with explicit mount and geli attach commands. Moreover, it occurs
during a boot well before init gets control and spawns the mount
process.
what is then in your /boot/loader.conf?
Erich
Post by thor
Post by Erich Dollansky
Hi,
On Tue, 19 Jun 2018 00:19:01 +0800
Post by thor
Hello!
Here I have a computer with 2 HDDs partitioned identically with
GELI encrypted root as in
https://forums.freebsd.org/threads/howto-full-disk-encryption-fast-way.19082/
When I boot the computer it properly asks the passphrase
for /dev/ada0p3 and mounts /dev/ada0p3.eli as a root.
Then, it asks "Enter passphrase for gptid...." which I don't want
since the second HDD should be attached manually when needed ONLY
and all other time it should be unmounted. I am to press enter
enough times to make me mad.
What should I do?
just take all other partitions / slices out of /etc/fstab.
Erich
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
Loading...