Date: Tue, 6 Mar 2012 13:03:00 -0500 From: "xenophon\\+freebsd" <xenophon+freebsd@irtnog.org> To: <freebsd-stable@freebsd.org> Subject: geli keyfiles won't load automatically at boot time Message-ID: <BABF8C57A778F04791343E5601659908236BD6@cinip100ntsbs.irtnog.net>
next in thread | raw e-mail | index | archive | help
Whether I boot from an unencrypted UFS partition or from a CD, I cannot get the boot loader to load my geli keyfiles automatically. I always have to interrupt the boot process and issue "load_geli" commands for each provider and its corresponding keyfile. Other settings in /boot/loader.conf get read and applied correctly - kernel modules, root file system specification, boot hints, etc. Here are the relevant lines from /boot/loader.conf: geom_eli_load=3D"YES" geli_ada0p2_keyfile0_load=3D"YES" geli_ada0p2_keyfile0_type=3D"ada0p2:geli_keyfile0" geli_ada0p2_keyfile0_file=3D"/boot/keys/ada0p2.key" geli_ada1p2_keyfile0_load=3D"YES" geli_ada1p2_keyfile0_type=3D"ada1p2:geli_keyfile0" geli_ada1p2_keyfile0_file=3D"/boot/keys/ada1p2.key" geli_ada2p2_keyfile0_load=3D"YES" geli_ada2p2_keyfile0_type=3D"ada2p2:geli_keyfile0" geli_ada2p2_keyfile0_file=3D"/boot/keys/ada2p2.key" geli_ada3p2_keyfile0_load=3D"YES" geli_ada3p2_keyfile0_type=3D"ada3p2:geli_keyfile0" geli_ada3p2_keyfile0_file=3D"/boot/keys/ada3p2.key" If I boot with this configuration, I get the following error: GEOM_ELI: Found no keyfiles in loader.conf for ada0p2 GEOM_ELI: Found no keyfiles in loader.conf for ada1p2 GEOM_ELI: Found no keyfiles in loader.conf for ada2p2 GEOM_ELI: Found no keyfiles in loader.conf for ada3p2 Instead, I have to issue the following loader commands manually: load_geli ada0p2 /boot/keys/ada0p2.key=20 load_geli ada1p2 /boot/keys/ada1p2.key load_geli ada2p2 /boot/keys/ada2p2.key load_geli ada3p2 /boot/keys/ada3p2.key Then, the system will boot normally. Can anyone tell me what's wrong with my configuration? It matches what's on the geli(8) manual page. I've glanced through the relevant kernel sources, but I won't pretend that I understood everything that I read. Best wishes, Matthew --=20 I FIGHT FOR THE USERS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BABF8C57A778F04791343E5601659908236BD6>