# stop passphrase prompt



## tsenre (Aug 20, 2012)

Greetings all, and thanks in advance.
Hopefully, the solution is shorter than the explanation.

I had a geli encrypted (passphrase only) 3 drive raidz1 pool. Since I no longer needed encryption I decided to rebuild it as an unencrypted 4 drive raidz2.

I exported the pool and zeroed a few GB at the beginning of each drive. As I did originally, I used glabel to label each drive, built the new pool, copied data, and all was well with the world... untill I rebooted.

Actually, prior to rebooting I added the geom_eli_load line to loader.conf to allow access to a 5th drive containg a 2nd temporary encrypted pool.

Upon reboot, I get the passphrase prompts for the 3 drives from the original pool. if I just press enter for each passphrase request the system ultimately boots and I can access both (4 drive & single drive) pools. Also, if I remove the "geom" line the system boot normally.

After searching google (yes, I actually did), there was a mention that the geom data might be at the end of the drive. In any case, is there a way to stop the passphrase prompts on these 3 drives -- without losing data and keeping the ability to access other encrypted drives.


----------



## Crivens (Aug 21, 2012)

The geom data usually is at the end of the drive. You may look up the "clear" parameter from the geli command.

But I missed the part where it comes to backup and (planned) restore. Since you already zeroed several GB of each drive, I assume the data on these drives is assumed to be gone anyway. Else, you are in trouble.


----------



## tsenre (Aug 21, 2012)

thanks for the reply.   no the data was restored (copied) just the old geom metadata remained. after my post I did go back to handbook and saw the clear option, which I missed before. since I wasn't sure "clear" was safe --at this point-- I decided to destroy/rebuild (many hours to go) the pool with properly cleared drives.


----------



## Crivens (Aug 21, 2012)

Just to be on the safe side: you do know that clearing the geli metadata would not decrypt the data on the drive, do you? So there really is no way to change this in place and a backup-restore cycle is needed in any case?


----------

