I want to create a geli provider as authentication only, no password, no encryption. I do:
# geli init -a HMAC/SHA256 -e NULL -P -s 4096 geli: No key components given. instead I tried # touch /tmp/key # geli init -a HMAC/SHA256 -e NULL -P -s 4096 -k /tmp/key test it # geli attach -p -k /tmp/key but during boot that fails with with "Cannot find key file size for /boot/keys/key" # ls -l /boot/keys/key -rw-r--r-- 1 root wheel 0 Sep 14 11:44 /boot/keys/key Instead: # echo " " > /tmp/key solves that issue, but I still don't get why I even need a key file with -e NULL? I'm fine if this is a corner case to be ignored (keyfile required), but I do think the attach with a zero length key file should fail if it's not going to work at boot time. It should be consistent one way or another. Let me know if I should file a bug report and which way it should be filed (ie zero length keyfile attach should fail, or zero length keyfile should work at boot) Thanks -- lee _______________________________________________ freebsd-geom@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom-unsubscr...@freebsd.org"
