Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Mar 2013 14:37:24 +0100
From:      Fabian Keil <>
To:        Stephan Schindel <>
Subject:   Re: Attaching GELI device on boot
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Stephan Schindel <> wrote:

> i've got a problem attaching a geli device on boot. My setup:
> ada0 and ada1 full geli setup (no partition schemes). ZFS on both. ada0
> is my root device. I can boot into the system there is no problem with
> it. But now I want to attach ada1 on boot as well using a single
> keyfile. My rc.conf looks like this:
> ...
> geli_autodetach=3D"NO"
> geli_devices=3D"ada1"
> geli_ada1_flags=3D"-p -k /root/ada1.key"
> ...
> The problem is that geli does not want to attach the device at first. It
> claims about (missing?) metadata and inappropriate file format (I dont
> know where geli logs this). It tries to attach the device 3 times which
> is the default option with no success.

Are you sure that "It" is the geli rc script and not the kernel
itself which could happen if the BOOT flag was set on ada1.

You can increase the geli log level with kern.geom.eli.debug.
For details see "man geli".

> BUT once the system is booted up and I can login, I can manually start
> /etc/rc.d/geli onestart
> and it will successfully attach the device.

Does this result in the "Configuring Disk Encryption for ..." message?

>                                             So configuration seems to be
> fine, only the order the services started seems to be wrong (e.g. devd
> is being started AFTER geli tries to attach the device, why??)

devd is supposed to be started between geli and geli2:

fk@r500 ~ $rcorder /etc/rc.d/* | egrep devd\|geli

> Also there is a problem with sabnzbd which is being started before the
> network is set-up, which is wrong as well.

That seems to be an unrelated problem so probably it belongs
in a different thread. I don't use sabnzbd and thus have no
opinion on this.


Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

Version: GnuPG v2.0.19 (FreeBSD)



Want to link to this message? Use this URL: <>