Date: Mon, 12 Jan 2015 23:43:01 -0800 From: Julian Hsiao <madoka@nyanisore.net> To: freebsd-questions@freebsd.org Subject: FreeBSD 10.1 encrypted root-on-ZFS without passphrase Message-ID: <m92ia5$e5k$2@ger.gmane.org>
next in thread | raw e-mail | index | archive | help
Hi, I'm trying to install FreeBSD 10.1 with all partitions (except /boot, of course) encrypted, but without a passphrase. I chose "Auto (ZFS)" and then "Encrypt Disks? YES" in the installer, entered a dummy passphrase, and proceeded with the rest of the install. Afterwards, I dropped into the manual configuration shell: # zpool status zroot | grep eli | cut -w -f 2 ada0p4.eli # geli setkey -k /boot/encryption.key -K /boot/encryption.key -P ada0p4 Note, that the master key encrypted with old keys and/or passphrase may still exists in a metadata backup file. # geli configure -B ada0p4 # exit However, upon reboot I get this error during startup: Trying to mount root from zfs:zroot/ROOT/default []... Mounting from zfs:zroot/ROOT/default failed with error 2. If I omit "geli configure -B" during manual configuration, then I'd be prompted for a passphrase during boot, but no passphrase would work. I'm pretty sure the passphrase was removed, however, since I also tried to unlock the partition with a working system with just "geli attach -p -k" and that worked. I also tried adding to loader.conf: geli_ada0p4_flags=" -p" And that didn't help. What else am I overlooking?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m92ia5$e5k$2>