Other geli and external firewire drive boot question

aorchid

aorchid

Hello,

I have multiple internal drives that are encrypted with geli(8) via a password only. I am running 10.1 presently, and upon reboot I am asked for a password to decrypt the drives and continue the boot process. I do not have anything in /boot/loader.conf about them, other than instructing it to load geli(8). This works great.

I have now encrypted an external drive connected via firewire with a key and no passphrase. I did this because of problems using the password previously (if not there at boot you never get a chance to input the password, drive corruption, and other problems).

My question is can I place the following in /boot/loader.conf and still have the boot drive and other internal drives recognized by geli(8) and be prompted for a password at the console during boot?
Code: 
geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key"
In other words, would geli(8) become confused about the other drives and not ask for the password?

Anything different after an update to 10.2?

Thanks very much, Aric
 
aorchid said:
My question is can I place the following in /boot/loader.conf and still have the boot drive and other internal drives recognized by geli(8) and be prompted for a password at the console during boot?
Click to expand...
That should work. But if you don't need the drive for booting you could do that in /etc/rc.conf as well with something like:
Code: 
geli_devices="da0"
geli_da0_flags="-p -k /etc/geli/da0.key"
aorchid said:
Anything different after an update to 10.2?
Click to expand...
With 10.2 the loader can ask for your passphrase if you add geom_eli_passphrase_prompt="YES" to /boot/loader.conf.
 
Well, this does not appear to work properly and I am not clear why.It seems like it never gets to the point of mounting and being called da0.

I have placed the above flags in /etc/rc.conf but when I turn on the external drive, it is not available. This is what I see in the dmesg output:
Code: 
firewire1: 1 nodes, maxhop <= 0 cable IRM irm(0)  (me)
firewire1: bus manager 0
firewire1: fw_attach_dev:Removing missing device ID:00d04be61e081399
fwohci1: fwohci_intr_core: BUS reset
fwohci1: fwohci_intr_core: node_id=0x00000000, SelfID Count=10, non CYCLEMASTER mode
firewire1: 2 nodes, maxhop <= 1 cable IRM irm(0)  (me)
firewire1: root node is not cycle master capable
firewire1: bus manager 0
fwohci1: too many cycles lost, no cycle master present?
fwohci1: txd err=14 ack busy_X
firewire1: fw_explore_node: node1: explore_read_quads failure
fwohci1: txd err=14 ack busy_X
firewire1: fw_explore_node: node1: explore_read_quads failure
fwohci1: txd err=14 ack busy_X
firewire1: fw_explore_node: node1: explore_read_quads failure
fwohci1: fwohci_intr_core: BUS reset
fwohci1: fwohci_intr_core: node_id=0x00000001, SelfID Count=11, CYCLEMASTER mode
firewire1: 2 nodes, maxhop <= 1 cable IRM irm(1)  (me)
firewire1: bus manager 1
firewire1: New S800 device ID:00d04be61e081399
sbp1: sbp_show_sdev_info: sbp1:0:0: ordered:1 type:14 EUI:00d04be61e081399 node:0 speed:3 maxrec:8
sbp1: sbp_show_sdev_info: sbp1:0:0 'LaCie' '2Big Quadra USB3' '000301'
sbp1: sbp1:0:0
Obj: Unable to specify, Error: Time-out error
sbp1: sbp_recv1:sbp1:0:0 login failed
 
OK. Fixed. Partly at least.

It seems that I needed to run geli restore first, I was then able to attach the disk. Perhaps this is because it was not detached properly?
 
You must log in or register to reply here.
Back
Top