# EFI Full disc encryption with GELI and key file



## Nyakov (Jan 15, 2019)

Can someone clarify how to use removable flash drive with encryption key with new full disc encryption process?

The new approach is to encrypt /boot altogether with /root filesystem.
So, as I understand, initial encryption performed by EFI loader.
Is there a way to pass keyfile to EFI loader?
Is there any man page for this? I failed to find relevant info about subject.


----------



## markmcb (Apr 24, 2022)

Did you ever solve this? I'm also looking for a solution to boot with a key.


----------



## Nyakov (Apr 24, 2022)

Unfortunately no. I also was unable to find documentation for efi boot loader. Have no time to look in source code.

If you find something please share in this thread as well.


----------



## Nyakov (Apr 24, 2022)

markmcb said:


> Did you ever solve this? I'm also looking for a solution to boot with a key.


Also, you can use flash drive with unencrypted kernel and keyfile for root partition.
This is proven to work.

But if you want only efi boot loader on flash drive - my case, then I dont know what to do.


----------



## Nyakov (Apr 24, 2022)

markmcb said:


> Did you ever solve this? I'm also looking for a solution to boot with a key.


As mentioned here - https://www.gnu.org/software/grub/manual/grub/html_node/cryptomount.html

Grub supports GELI encryption, so, perhaps using grub is a solution to chainload fully encrypted freebsd.
Sad one...


----------

