To test decryption in dry mode (can be used on the decrypted device): echo -n | geli attach -C -p -k - dev
If it succeeds you want to re-encrypt your devices. On Fri, 10 Feb 2023 at 02:48, Mel Pilgrim <list_free...@bluerosetech.com> wrote: > On 2023-02-08 11:08, FreeBSD Security Advisories wrote: > > > ============================================================================= > > FreeBSD-SA-23:01.geli Security > Advisory > > The FreeBSD > Project > > > > Topic: GELI silently omits the keyfile if read from stdin > > How do I test my existing devices to see if the master key needs to be > encrypted? > > Does the solution change if the keyfiles don't require passwords? I use > GELI keyfiles without passwords for unattended reboots. > >
