I was trying to install 14.1-RELEASE on a machine that predates AES-NI (not sure if it matters). I did a BIOS install.

I first tried the geli init -b method where /boot is unencrypted. This yielded the same kind of hang. I could enter the password, it'd load a couple modules, then hang with no error.

I then did geli init -g to include encrypted rootfs. Not sure if this would impact ZFS or not, but I did it on UFS.

Here's the instructions I followed:

geli(8) encrypted root-on-UFS for BIOS boot only

1. Create partition table

  gpart create -s gpt ada0

2. Create FreeBSD boot code partition, add boot code

  gpart add -t freebsd-boot -s 512k -l gptboot0 ada0
  gpart bootcode -b /boot/pmbr  -p /boot/gptboot -i 1 ada0

3. Create root partition for geli(8) provider

  gpart add -t freebsd-ufs -a 1m -l ufsroot0 ada0

4. Initialize root file system geli(8) provider, attach provider

  geli init -g -l 128 -e AES-CBC -s 4096 ada0p2
  geli attach ada0p2

5. Construct UFS2 (softupdates, TRIM, no journaling) file system on geli(8) provider
 
   newfs -t ada0p2.eli

   Note: -U is default since 14.1

6. Install system distribution files

   mount /dev/ada0p2.eli  /mnt
   cd /usr/freebsd-dist

   tar xfC base.txz  /mnt
   tar xfC kernel.txz  /mnt

7. Configure system bootstrap information

   vi /mnt/boot/loader.conf

       geom_eli_load="YES"


   vi /mnt/etc/fstab

       /dev/ada0p2.eli      /       ufs     rw      1       1

   exit

8. Reboot system, configure system

I ended up with the same hang, this time after starting devd. I simply added '       cryptodev_load="YES"' to /boot/loader.conf and the system came up fine without hanging.

This is using AES-CBC without AES-NI, not sure if it matters.

Thank you!

Related forum thread: https://forums.freebsd.org/threads/freebsd-14-1-hanging-with-encrypted-rootfs-ufs-geli-bios.95138/

Thanks to T-Daemon for help/information about the geli init -g method working with BIOS booting.