In Procedure 17.4 step 2 (Generate the Master Key) there is a wrong description of the master key:
"The following commands generate a master key (/root/da2.key) that is protected with a passphrase."
/root/da2.key is NOT the master key. The master key is random and each stored copy of the master key is encrypted with a user key, which in turn is generated by the geli utility from a passphrase and/or a key file (see KEY SUMMARY in geli(8)).
I suggest changing the sentence into:
"The following commands generate a master key that is protected with a key file (/root/da2.key) and a passphrase."
A commit references this bug:
Date: Sat Jul 11 16:18:22 UTC 2020
New revision: 54328
Update the GELI handbook to be more accurate
The description of the key file incorrectly identified it as the master key
Submitted by: Wout Decre <email@example.com> (original version)
Reviewed by: bcr, oshogbo
Sponsored by: Klara Inc.
Event: July 2020 Bugathon
Differential Revision: https://reviews.freebsd.org/D15866