In Procedure 17.4 step 2 (Generate the Master Key) there is a wrong description of the master key: "The following commands generate a master key (/root/da2.key) that is protected with a passphrase." /root/da2.key is NOT the master key. The master key is random and each stored copy of the master key is encrypted with a user key, which in turn is generated by the geli utility from a passphrase and/or a key file (see KEY SUMMARY in geli(8)). I suggest changing the sentence into: "The following commands generate a master key that is protected with a key file (/root/da2.key) and a passphrase."
https://reviews.freebsd.org/D15866
A commit references this bug: Author: allanjude Date: Sat Jul 11 16:18:22 UTC 2020 New revision: 54328 URL: https://svnweb.freebsd.org/changeset/doc/54328 Log: Update the GELI handbook to be more accurate The description of the key file incorrectly identified it as the master key PR: 208578 Submitted by: Wout Decre <wout@canodus.be> (original version) Reviewed by: bcr, oshogbo Sponsored by: Klara Inc. Event: July 2020 Bugathon Differential Revision: https://reviews.freebsd.org/D15866 Changes: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml