Hi, given that /dev/ad12 is a geli encryptet device, you might set up /etc/rc.conf like geli_enable="YES" geli_devices="ad12" geli_ad12_flags="-k /root/keys/geli.ad12.key" I don't like absolute device names (they might change) so I label them e.g. FOOcrypt so it show up like /dev/label/FOOcrypt Attaching the FOOcrypt manually works like # geli attach -k /root/geli.FOO.key /dev/label/FOOcrypt Enter passphrase: The UFS on /dev/label/FOOcrypt.eli is labeled FOO[1] so it will be available on /dev/ufs/FOO and can be mounted: # mount /dev/ufs/FOO How should I set up /etc/rc.conf to get this by /etc/rc.d/geli on boot? geli_enable="YES" geli_devices="label/FOOcrypt" geli_label/FOOcrypt_flags="-k /root/keys/geli.FOO.key" ^^^^^^^^^^^^^^ This won't work. How? TIA. Regards Raphael Becker [1] newfs -L FOO ... /dev/label/FOOcrypt.eli --> /dev/ufs/FOO -- Raphael Becker <rabe@uugrn.org> http://rabe.uugrn.org/ GnuPG: E7B2 1D66 3AF2 EDC7 9828 6D7A 9CDA 3E7B 10CA 9F2D .........|.........|.........|.........|.........|.........|.........|.. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080318/40bc51a6/attachment.pgp
On Tue, Mar 18, 2008 at 04:04:52PM +0100, Raphael Becker wrote: [ getting /dev/label/FOOcrypt.eli configured through /etc/rc.d/geli ]> How should I set up /etc/rc.conf to get this by /etc/rc.d/geli on boot? > > geli_enable="YES" > geli_devices="label/FOOcrypt" > geli_label/FOOcrypt_flags="-k /root/keys/geli.FOO.key" > ^^^^^^^^^^^^^^ > This won't work. How?geli_label_FOOcrytp_flags="-k /root/keys/geli.FOO.key" ^^^ from /etc/rc.d/geli: provider_=`ltr ${provider} '/' '_'` eval "flags=\${geli_${provider_}_flags}" Seems to work. This should be documented in rc.conf(5) as ppl who use 'geli' for encryption might also know about and use 'glabel'. Regards Raphael Becker -- Raphael Becker <rabe@uugrn.org> http://rabe.uugrn.org/ GnuPG: E7B2 1D66 3AF2 EDC7 9828 6D7A 9CDA 3E7B 10CA 9F2D .........|.........|.........|.........|.........|.........|.........|.. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080320/393e7447/attachment.pgp