Hello all,
This question is going to be an easy one. I have geli(8) encrypted HDD and I use a password to unlock it on boot (encrypted root resides there). I would like to use a keyfile because I'm simply too lazy to write the password every time. Since this is going to be my first attempt I would like to ask you guys whether the following procedure is correct, because I don't want to make something seriously wrong and have to reinstall entire system.
Let's assume the UFS parition on my USB stick containing the keyfile is recognized as da1p2 and is currently mounted to /mnt/tmp.
Is this correct? Thank you very much.
This question is going to be an easy one. I have geli(8) encrypted HDD and I use a password to unlock it on boot (encrypted root resides there). I would like to use a keyfile because I'm simply too lazy to write the password every time. Since this is going to be my first attempt I would like to ask you guys whether the following procedure is correct, because I don't want to make something seriously wrong and have to reinstall entire system.
Let's assume the UFS parition on my USB stick containing the keyfile is recognized as da1p2 and is currently mounted to /mnt/tmp.
# geli setkey -P -K /mnt/tmp/key.file /dev/ada0
# echo 'geli_ada0_keyfile0_load="YES"' >> /boot/loader.conf
# echo 'geli_ada0_keyfile0_type="ada0:geli_keyfile0' >> /boot/loader.conf
# echo 'geli_ada0_keyfile0_name="da1p2:/key.file"' >> /boot/loader.conf
Is this correct? Thank you very much.