Hi!
I recreated a similar setup in VirtualBox, and I can confirm: GELI won't
try to attach a provider if there's no BOOT flag, and will ask for a
passphrase if there is. You can report it as a bug, I suppose. Meanwhile,
however, there's an easy workaround.
You can set up a passphrase, then add th
Alaksiej,
You are correct.
I originally tried to configure this on an installation of pfSense (using
UEFI+GPT). The default AutoZFS installer with encryption for this does appear
to create an unencrypted /boot/ with an encryption.key keyfile used along with
passphrase. I tried to set the use
user for passphrase?
>
> Regards,
>
> Michael.
>
> Sent: Friday, October 26, 2018 at 2:06 AM
> From: "John-Mark Gurney"
> To: "Michael .."
> Cc: freebsd-geom@freebsd.org
> Subject: Re: GELI without passphrase on ZFS root
> Michael .. wrote t
to decrypt using just keyfile
before prompting user for passphrase?
Regards,
Michael.
Sent: Friday, October 26, 2018 at 2:06 AM
From: "John-Mark Gurney"
To: "Michael .."
Cc: freebsd-geom@freebsd.org
Subject: Re: GELI without passphrase on ZFS root
Michael .. wrote this
___
freebsd-geom@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-geom
To unsubscribe, send any mail to "freebsd-geom-unsubscr...@freebsd.org"
Michael .. wrote this message on Thu, Oct 25, 2018 at 12:25 +0200:
> Has anyone been able to achieve this?
>
> I installed FreeBSD 11.2 using AutoZFS option with encryption turned on.
> Passphrase is specified as part of install.
>
> I want to switch to only a keyfile and no passphrase:
>
>
Hi!
I believe geom_eli asks for passphrase, when it finds BOOT flag in
metadata. It doesn't check whether you really have passphrase set up, or
not, just the flag status.
Therefore, you have to do
geli configure -B
to clear the flag. See "configure" subcommand in man geli.
Best,
Alaksiej Carniaj
