# Add a second Geli key at boot



## Sebastian (Sep 8, 2017)

Hey, 

I have an encrypted zpool and an encrypted storage pool. 

Does Freebsd only support to attach one encrypted pool at boot ? My second statement in /boot/loader.conf is ignored. 

While boot, I can see that the second geli /boot/geli.key is found , but the storage pool is not automatically attached like the zroot system.


This is the part from /boot/loader.conf 

`geli_ada0p5_keyfile0_load="YES"
geli_ada0p5_keyfile0_type="ada0p5:geli_keyfile0"
geli_ada0p5_keyfile0_name="/boot/encryption.key"

geli_ada1p2_keyfile1_load="YES"
geli_ada1p2_keyfile1_type="ada1p2:geli_keyfile1"
geli_ada1p2_keyfile1_name="/boot/geli.key"

geli_ada2p2_keyfile1_load="YES"
geli_ada2p2_keyfile1_type="ada2p2:geli_keyfile1"
geli_ada2p2_keyfile1_name="/boot/geli.key"

geli_ada3p2_keyfile1_load="YES"
geli_ada3p2_keyfile1_type="ada3p2:geli_keyfile1
geli_ada3p2_keyfile1_name="/boot/geli.key""`

What works is to use a bash script and start it at boot, but I can image that this is the right way to do.


----------



## Sebastian (Sep 8, 2017)

Could fix it !

/boot/loader.conf sems to be the wrong place.

Using /etc/rc.conf works fine !


```
# attach geli key to storage at startup

geli_devices="ada1p2 ada2p2 ada3p2"
geli_ada1p2_flags="-p -k /root/geli.key"
geli_ada2p2_flags="-p -k /root/geli.key"
geli_ada3p2_flags="-p -k /root/geli.key"
```


----------

