xenophon\+freebsd
2012-Mar-06 18:19 UTC
geli keyfiles won't load automatically at boot time
Whether I boot from an unencrypted UFS partition or from a CD, I cannot get the boot loader to load my geli keyfiles automatically. I always have to interrupt the boot process and issue "load_geli" commands for each provider and its corresponding keyfile. Other settings in /boot/loader.conf get read and applied correctly - kernel modules, root file system specification, boot hints, etc. Here are the relevant lines from /boot/loader.conf: geom_eli_load="YES" geli_ada0p2_keyfile0_load="YES" geli_ada0p2_keyfile0_type="ada0p2:geli_keyfile0" geli_ada0p2_keyfile0_file="/boot/keys/ada0p2.key" geli_ada1p2_keyfile0_load="YES" geli_ada1p2_keyfile0_type="ada1p2:geli_keyfile0" geli_ada1p2_keyfile0_file="/boot/keys/ada1p2.key" geli_ada2p2_keyfile0_load="YES" geli_ada2p2_keyfile0_type="ada2p2:geli_keyfile0" geli_ada2p2_keyfile0_file="/boot/keys/ada2p2.key" geli_ada3p2_keyfile0_load="YES" geli_ada3p2_keyfile0_type="ada3p2:geli_keyfile0" geli_ada3p2_keyfile0_file="/boot/keys/ada3p2.key" If I boot with this configuration, I get the following error: GEOM_ELI: Found no keyfiles in loader.conf for ada0p2 GEOM_ELI: Found no keyfiles in loader.conf for ada1p2 GEOM_ELI: Found no keyfiles in loader.conf for ada2p2 GEOM_ELI: Found no keyfiles in loader.conf for ada3p2 Instead, I have to issue the following loader commands manually: load_geli ada0p2 /boot/keys/ada0p2.key load_geli ada1p2 /boot/keys/ada1p2.key load_geli ada2p2 /boot/keys/ada2p2.key load_geli ada3p2 /boot/keys/ada3p2.key Then, the system will boot normally. Can anyone tell me what's wrong with my configuration? It matches what's on the geli(8) manual page. I've glanced through the relevant kernel sources, but I won't pretend that I understood everything that I read. Best wishes, Matthew -- I FIGHT FOR THE USERS
Dewayne Geraghty
2012-Mar-06 22:08 UTC
geli keyfiles won't load automatically at boot time
> -----Original Message----- > From: owner-freebsd-stable@freebsd.org > [mailto:owner-freebsd-stable@freebsd.org] On Behalf Of > xenophon\+freebsd > Sent: Wednesday, 7 March 2012 5:03 AM > To: freebsd-stable@freebsd.org > Subject: geli keyfiles won't load automatically at boot time > > Whether I boot from an unencrypted UFS partition or from a > CD, I cannot get the boot loader to load my geli keyfiles > automatically. I always have to interrupt the boot process > and issue "load_geli" commands for each provider and its > corresponding keyfile. Other settings in /boot/loader.conf > get read and applied correctly - kernel modules, root file > system specification, boot hints, etc. Here are the relevant > lines from /boot/loader.conf: > > geom_eli_load="YES" > geli_ada0p2_keyfile0_load="YES" > geli_ada0p2_keyfile0_type="ada0p2:geli_keyfile0" > geli_ada0p2_keyfile0_file="/boot/keys/ada0p2.key"Suggest that you try geli_ada0p2_keyfile0_name="/boot/keys/ada0p2.key" Etc. Regards, Dewayne.