ZFS Is it possible to start a machine with geli password and a keyfile, located on a usb and geli boots from the local disks

Hi,

On this forum and on internet many things are found about GELI.

What I was looking for is:
- That GELI boots from the local disks on the machine
- It works with a passphrase and a keyfile.
- The keyfile is located on a USB

I have the impression this setup is not possible, but I want to have confirmation from this forum.

Thanks in advance!
 
I'm also looking for a way to attach separate key storage to loader process, to make geli-module able to find it's keys on it.
 
If the key could just be put on a normal USB stick, which is not that secure as a smart card, but at least one can avoid long passwords that always have to be typed in. It's much cheaper, if the stick is stolen or lost, always keep backups, login with backup and change it immediately.
 
I tried to figure out before, but it seems like it's impossible to do so.
 
Thanks for your reply and thanks for sharing this thread. I remember reading it. I am seeking confirmation to be sure I did not missed something or made a mistake.
 
I am using a password in two parts: a 8 characters long password I memorised (I use apg to generate a pronounceable one) which I type on the keyboard. The 32 bytes long second part is stored in my Yubikey which is activated by a long touch.
 
Back
Top