Add a second Geli key at boot

Hey,

I have an encrypted zpool and an encrypted storage pool.

Does Freebsd only support to attach one encrypted pool at boot ? My second statement in /boot/loader.conf is ignored.

While boot, I can see that the second geli /boot/geli.key is found , but the storage pool is not automatically attached like the zroot system.


This is the part from /boot/loader.conf


geli_ada0p5_keyfile0_load="YES"
geli_ada0p5_keyfile0_type="ada0p5:geli_keyfile0"
geli_ada0p5_keyfile0_name="/boot/encryption.key"

geli_ada1p2_keyfile1_load="YES"
geli_ada1p2_keyfile1_type="ada1p2:geli_keyfile1"
geli_ada1p2_keyfile1_name="/boot/geli.key"

geli_ada2p2_keyfile1_load="YES"
geli_ada2p2_keyfile1_type="ada2p2:geli_keyfile1"
geli_ada2p2_keyfile1_name="/boot/geli.key"

geli_ada3p2_keyfile1_load="YES"
geli_ada3p2_keyfile1_type="ada3p2:geli_keyfile1
geli_ada3p2_keyfile1_name="/boot/geli.key""



What works is to use a bash script and start it at boot, but I can image that this is the right way to do.
 
Could fix it !

/boot/loader.conf sems to be the wrong place.

Using /etc/rc.conf works fine !

Code:
# attach geli key to storage at startup

geli_devices="ada1p2 ada2p2 ada3p2"
geli_ada1p2_flags="-p -k /root/geli.key"
geli_ada2p2_flags="-p -k /root/geli.key"
geli_ada3p2_flags="-p -k /root/geli.key"
 
Back
Top