FreeBSD 10.2 introduced a new loader setting geom_eli_passphrase_prompt to ask for the root device's GELI passphrase in the loader first instead of during the kernel initialization. This works well. However sometimes I just know I mistyped my passphrase and want to type it in again. Currently there is AFAICT no easy way to retype the passphrase. It's annoying to have to wait until the kernel shows its own passphrase prompt.
In this very short howto we add a 7th menu entry to FreeBSD's loader menu, which we can select to get the GELI passphrase prompt back as often as we want. This probably only works with the BIOS loader. The UEFI loader does not show a menu AFAIK.
In this very short howto we add a 7th menu entry to FreeBSD's loader menu, which we can select to get the GELI passphrase prompt back as often as we want. This probably only works with the BIOS loader. The UEFI loader does not show a menu AFAIK.
- I you make a mistake your system might not boot anymore. Be prepared to deal with potential problems or stop reading now.
- Create /boot/menu.rc.local with
Code:: goto_check_password ( N -- N TRUE ) s" check-password" evaluate TRUE ; set mainmenu_caption[7]="Reset GELI Passphrase" set mainmenu_command[7]="goto_check_password" set mainansi_caption[7]="Reset GELI Passphrase" - Done. Pressing 7 when in the loader menu lets you type in the GELI passphrase again.
- This has one caveat however. The GELI prompt shifts the loader menu up by one line which does not look good. It is still usable but ugly. Especially when the menu refreshes after you select one of the other menu options. We can get around that problem by modifying /boot/check-password.4th a bit (if you don't mind altering files that are shipped with FreeBSD). The menu entry works without this so this is optional. Apply the following diff (either manually or download the attachment check-password.txt and run
patch -i check-password.txt):
Code:--- /boot/check-password.4th.orig 2015-10-29 16:26:46.444217391 +0100 +++ /boot/check-password.4th 2015-10-29 16:26:55.550221592 +0100 @@ -109,8 +109,8 @@ dup enter_key = if drop \ Clean up stack cruft - 3 spaces \ Erase the twiddle - 10 emit \ Echo new line + 0 25 at-xy \ Clear ... + cld \ ... line exit else dup ctrl_u = if 3 spaces read-start @ 25 at-xy \ Erase the twiddle
