mhca12 <mhc...@gmail.com> wrote: > On Mon, Feb 4, 2013 at 6:23 PM, Fabian Keil wrote: > > mhca12 <mhc...@gmail.com> wrote: > > > >> On Mon, Feb 4, 2013 at 1:06 PM, Fabian Keil wrote: > >> > mhca12 <mhc...@gmail.com> wrote: > >> > > >> >> I followed the guide on dan.me.uk to install FreeBSD 9.1 amd64 > >> >> but I get always stuck because the kernel doesn't ask me for the > >> >> passphrase and doesn't find the /dev/gpt/enc.eli where enc is the > >> >> label I gave to the root partition. I also tried with /dev/ada0p3.eli > >> >> without success. > >> >> > >> >> Tried the following two /boot/loader.config variations: > >> >> 1: > >> >> geom_eli_load="YES" > >> >> vfs.root.mountfrom=”ufs:/dev/gpt/enc.eli” > >> >> 2: > >> >> geom_eli_load="YES" > >> >> vfs.root.mountfrom=”ufs:/dev/ada0p3.eli” > >> >> > >> >> I can geli attach /dev/gpt/enc or /dev/ada0p3 successfully from > >> >> the livecd. > >> >> > >> >> Can you advise me what I might have done wrong or what I > >> >> should try? > >> >> > >> >> https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/ > >> > > >> > This guide doesn't seem to match your configuration. > >> > It uses ada0p3.eli for swapping and additionally uses keyfiles. > >> > > >> > Without knowing your actual configuration it's impossible to > >> > give proper advice. You could check with "geli list ada0p3" if > >> > the boot flag is set, but that's obviously just a wild guess ... > >> > >> Forgot to list my simpler setup: > >> ada0p1 freebsd-boot > >> ada0p2 freebsd-ufs label boot /boot > >> ada0p3 geli freebsd-ufs label enc / > >> > >> Do I have to set the boot flag for any of them? > > > > The geli passphrase is only requested at boot time for providers that > > have the geli boot flag set (for details see geli(8)). If it isn't set > > on ada0p3 it would explain the described behaviour. > > Fabian thanks a lot. Maybe I forgot -b during geli init but a > geli configure -b /dev/ada0p3.eli fixed it. FreeBSD is so > well structured and logical in this regard and hopefully > in many others as I heard. > > In vfs.root.mountfrom only ”ufs:/dev/ada0p3.eli” works and > the /dev/gpt/enc.eli doesn't. Is it supposed to?
"doesn't" isn't a particular helpful problem description. Probably geli tastes ada0p3 before gpt/enc and once ada0p3 has been attached gpt/enc is hidden and thus can't be attached anymore. gpt labels aren't intentionally designed not to work with geli, but tasting races at boot time are a known limitation and also affect other geom classes. As a workaround you could use glabel labels instead. I use them for external disks to be able to geli attach them automatically using a known name, but for internal disks whose names don't frequently change I usually don't bother. Fabian
signature.asc
Description: PGP signature
