From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 14:37:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9D530204; Tue, 4 Nov 2014 14:37:10 +0000 (UTC) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 03603BF9; Tue, 4 Nov 2014 14:37:09 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id n3so9471681wiv.14 for ; Tue, 04 Nov 2014 06:37:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cza4KYBMRaQS8hpEuX3JJal7wGxLut9nner04vsxwTM=; b=aSZ7th9+5vCxncej+hhzqffe60+JrRAh1PujJP5wNqIJozNzHoT7HvfKgEOgX+1TbL tnpCWMd1xNTk3D3jjvqPAWtkfVn05zY1rERtD5C4Ja2QI9i+jxyy1Nynjcv4zsnDjeJd 4A+BVdXFaIMsxMrD9VBEvtC+cdKe/ngvzCeL7ClTYmi3W93i1J1djswSg9n06n4CB5xT xm0g1iMbjd3YzeDV3O3j4PhSKMRf0YWd8t2BDF2Ehs191VPrHJeW0gZPUf7f8Mf27KBf uQoOqhzo/Lv7q3HsBR8yR1OklNStigw7+RCg5tO8ruKUkmjIrNNTe9hMW3oUrgckgGBR jEUw== X-Received: by 10.194.81.70 with SMTP id y6mr10831184wjx.113.1415111826785; Tue, 04 Nov 2014 06:37:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.157.202 with HTTP; Tue, 4 Nov 2014 06:36:46 -0800 (PST) In-Reply-To: <7e30c7a0f28d63af254422a91b28f18a@dweimer.net> References: <7e30c7a0f28d63af254422a91b28f18a@dweimer.net> From: Miguel Clara Date: Tue, 4 Nov 2014 14:36:46 +0000 Message-ID: Subject: Re: Order of geli "passphrase prompt" on boot To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-current X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 14:37:10 -0000 Sorry to bring this one back but I see no changes have been made to this in current. The issue is that USB devices are detected after the geli prompt and so the "geli paraphrase" prompt becomes hidden, and the simple solution would be to change the order the prompt show.... as in wait a few secs for the usb devices to be detected. Also the FreeBSD installer includes the zfs+geli install options, which encrypts root, so any user can do it now, yet when they boot they won't even see the passphrase prompt, which to me is really not inviting when we want to bring over the linux folks! Some linux distros even allow you to type the passphrase for the device in a neat prompt (black background mint logo ec...) but I don't think we need to go that far, that's probably something PC-BSD folks can do though (if they don't already). I understand tough that what some times seems simple from user perspective its really not for devs, so my question is: Is this a hard change to implement, and by change I just mean change the order or wait a few secs for usb device detection, or somehow stop this detection of the devices to "spam" the screen until a passphrase is entered!? Thanks Melhores Cumprimentos // Best Regards ----------------------------------------------- *Miguel Clara* *IT - Sys Admin & Developer* *E-mail: *miguelmclara@gmail.com www.linkedin.com/in/miguelmclara/ On Thu, Aug 28, 2014 at 5:01 PM, dweimer wrote: > On 08/28/2014 10:20 am, Francesco Toscan wrote: > >> On Wed, Aug 27, 2014 at 12:42:31PM +0100, Miguel Clara wrote: >> >>> Hi, >>> >> >> Hi, >> >>> >>> Does any one know if there's a way to change the order of the passphrase >>> prompt when the disk is encrypted? >>> >>> The ways it is now devices get detected after this prompt (usb devices it >>> seems) and makes the prompt kind of hidden which complicates things for >>> less experience users! >>> >> >> I experienced this issue running 9.0. >> 10-RELEASE seems fine (as works for me...) but i didn't investigate. >> >> If your root partition is not encrypted, you can try to mount encrypted >> volumes later, adding the relevant bits into /etc/rc.local or a rc.d >> script. Just remove the BOOT flag from your volumes with >> >> geli configure -B provider >> > > I can confirm the issue on my laptop (Dell Lattitude E6520) with > 10.0-RELEASE-p7 using an encrypted boot on zfs, and booting from usb thumb > drive. It doesn't do it if I have no other USB devices plugged in in > addition to the USB thumb frive. However if its in the port replicator, > with external mouse/keyboard I get a lot of device discovery prompts > following the prompt for the password. Its only a nuisance for me, though > when I built it off the port replicator then took it into the office and > booted it the first time I thought I broke it and hard reset it. The next > boot I was watching closely and saw the prompt go by. > > -- > Thanks, > Dean E. Weimer > http://www.dweimer.net/ >