Geli can ask for a root password at the console to unlock the root fs
but that of course won't work for a remote server.
Ideally I'd like the server to start, do minimal network config, run
a minimal ssh client (dropbear?) and wait for someone to log in,
provide the passphrase to unlock the root filesystem and then mount
the root filesystem and do a normal startup.
I read about a pivotroot call in other OS-es, that would allow for a
too much complexity.
just make simple small partition with OS installed, and just sshd and
maybe few (not requiring security) things services running, then log in,
geli attach main partition, fsck and mount and then run other services.
make script for it.
that's all
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
