On Mon, Mar 5, 2012 at 4:14 AM, Gary Jennejohn <gljennj...@googlemail.com> wrote: > On Sun, 4 Mar 2012 19:32:36 -0500 > Robert Simmons <rsimmo...@gmail.com> wrote: > >> I've just finished working though building a FreeBSD box with an >> encrypted root partition as mentioned in the geli(8) man page: "Ask >> for the passphrase on boot, before the root partition is mounted. >> This makes it possible to use an encrypted root partition. One will >> still need bootable unencrypted storage with a /boot/ directory, which >> can be a CD-ROM disc or USB pen-drive, that can be removed after >> boot." >> >> I've noticed something quite interesting about the way that fstab is >> read during boot. If you follow the instructions exactly as they are >> written in the geli(8) man page you soon discover that you also must >> have an /etc/fstab file in that same unencrypted partition. But this >> need not be the complete fstab file. It only needs to have the one >> line that describes /. >> >> Later, after the encrypted partition is mounted, the /etc/fstab inside >> the encrypted partition is then read and all other partitions listed >> in fstab are mounted as written there. >> >> I've tested this by putting empty fstabs and fstabs with just the line >> for / in both locations and booting to see what happens. >> >> Is this the correct behavior? Shouldn't the fstab file be read >> completely once and not twice? >> > > man 5 fstab > > It isn't explicitly stated, but implied, that fsck(8), mount(8) and > umount(8) parse fstab every time they're invoked. > > It's a feature.
Got it. I will submit a patch for the geli(8) man page to include that /etc/fstab needs to exist on the unencrypted volume as well as /boot for an encrypted root partition to work properly (as I have gather through trial and error). _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
