Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Nov 2012 12:25:15 +0100
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        Mike Barnard <mike.barnardq@gmail.com>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: GELI Swap password on boot
Message-ID:  <20121108122515.089a7fe8@fabiankeil.de>
In-Reply-To: <CADhH34onF_C7vtFxubrVDzp=uK3izf2Y-9WiFoe7GrpB-jrtuw@mail.gmail.com>
References:  <CADhH34ofeV4N-3vmJAiNvi1+_A_3mMgd1eXjCSR6dUeXanQktw@mail.gmail.com> <CAHu1Y73mZN6KPVDYKhAZaK0a5dE=DVdtQsRM-CuyzoGkA0p0wg@mail.gmail.com> <CADhH34onF_C7vtFxubrVDzp=uK3izf2Y-9WiFoe7GrpB-jrtuw@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
--Sig_/2ue+V7m79US++hZ_VMj2MuH
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Mike Barnard <mike.barnardq@gmail.com> wrote:

> On 8 November 2012 03:30, Michael Sierchio <kudzu@tenebras.com> wrote:
>=20
> > On Wed, Nov 7, 2012 at 4:20 PM, Mike Barnard <mike.barnardq@gmail.com>
> > wrote:
> > > Hi,
> > >
> > > I am running FreeBSD 9.0-RELEASE and I am experiencing some strange
> > > behaviour with GELI.
> > >
> > > Every time I boot up my computer, I get a request to enter the Encryp=
tion
> > > password for swap. swap is not encrypted and should not be asking for=
 an
> > > encryption password.
> > >
> > > I have checked and ensured that there are no providers for geli for t=
he
> > > ada0p3 partition. Any one have pointers on what I could check for to
> > > rectify this.
> >
> > in /etc/fstab you should have:
> >
> > /dev/ada0p3.eli           none            swap    sw
> >  0 0
> >
> > in /etc/rc.conf you should have (something like):
> >
> > geli_swap_flags=3D"-e aes -l 256 -s 4096 -d"
> >
> > /etc/rc.d/encswap will generate a random password
> >
>=20
> I added that when I booted and was prompted again for a password. What
> puzzles me is that this device is not encrypted. Why is it asking me for a
> password? So I encrypted it and added what you have suggested and it still
> asks me for a password.

Maybe the device contains old geli meta data with the
boot flag set, or garbage that looks like geli meta data.

Try to "geli clear" the device and if it fails "geli init" + "geli clear".

Fabian

--Sig_/2ue+V7m79US++hZ_VMj2MuH
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlCblqAACgkQBYqIVf93VJ1JMgCdFKZGXM62Dz9Ba26izlYDtK0F
QNMAoMWTnip8c5VH4tamGHdlIwKDYpvT
=u4s6
-----END PGP SIGNATURE-----

--Sig_/2ue+V7m79US++hZ_VMj2MuH--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20121108122515.089a7fe8>