Bug 250644 - boot prompting for geli passphrases even without geli(4) loaded
Summary: boot prompting for geli passphrases even without geli(4) loaded
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: Unspecified
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-geom (Nobody)
Depends on:
Reported: 2020-10-26 18:25 UTC by phryk-ports
Modified: 2021-05-14 08:06 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description phryk-ports 2020-10-26 18:25:58 UTC
Even without `geom_eli_load="YES"` in /boot/loader.conf (or without any loader.conf), you are still prompted for the passphrase to any geli
device with the boot flag.

This means you can't boot a FreeBSD image to repair your install if
you don't have physical, serial or kvm access to just press enter
until all the passphrase prompts are gone and the system actually
boots up and is reachable via network.

I'm currently facing this issue at Hetzner and, at least for me,
it represents a major hurdle for setting up and maintaining
encrypted dedicated machines remotely.

If geli isn't loaded (and it shouldn't be by default, right?)
these prompts should just be skipped to allow rescue systems
to actually boot.

I'm on 12.1-RELEASE but I'm pretty sure this behavior is true
for all FreeBSD versions I have come into contact with in the
last decade.

PS: Very unsure of what the right component to select was,
feel free to re-assign it to whatever fits best.
Comment 1 Graham Perrin 2021-05-14 08:06:35 UTC
Also: bug 204969, bug 221526