geli encrypted disk

BiZoNiX

BiZoNiX

Hello everyone!
I decided to encrypt the second non-bootable hard drive in the system.
it is unclear why the system during boot asks to enter the password, even though I do not want that this hard drive loaded with the system.

Nowhere to configure autostart nor /etc/rc.conf.[local], /boot/load.conf nor any fstab. FreeBSD 8.4 system.

How do I disable the password prompt at startup?
Code: 
root@fbsd:/root # dd if=/dev/random of=crypto.key bs=64 count=1
root@fbsd:/root # geli init -b -s 4096 -K crypto.key /dev/ad6s1
root@fbsd:/root # geli attach -k crypto.key /dev/ad6s1
root@fbsd:/root # dd if=/dev/random of=/dev/ad6s1.eli bs=1m
root@fbsd:/root # newfs /dev/ad6s1.eli
root@fbsd:/root # mkdir /private
root@fbsd:/root # mount /dev/ad6s1.eli /private
root@fbsd:/root # geli detach /dev/ad6s1.eli

Sorry for my English.
 
It's possible there is an automounter involved, especially if a desktop environment is installed.
 
Your GELI device is attaching on boot because that is what you asked for with the -b flag when you initialised it :) From the geli(8) man page:
The first argument to geli indicates an action to be performed:
init Initialize the provider which needs to be encrypted.
[...]
Additional options include:
-b Ask for the passphrase on boot, before the
root partition is mounted.
Click to expand...

This is no big problem as you can reconfigure so it no longer attaches on boot (you need to attach it first):
Code: 
# geli attach -k crypto.key /dev/ad6s1
# geli configure -B /dev/ad6s1.eli

To configure any future GELI devices like that from the start, just exclude the -b flag when initialising the device with geli init.
 
Yes you were right, the problem was in the key b,
Decided:
# echo kern.geom.eli.tries=0 >> /boot/loader.conf
and after boot
# geli attach -k crypto.key /dev/ad6s1
# geli configure -B /dev/ad6s1.eli
 
You must log in or register to reply here.
Back
Top