# zfskeys requires /usr/bin/timeout



## robot468 (Jul 14, 2022)

I'm trying to make system, with all datasets encrypted except root. So, /usr is encrypted.
But zfskeys requires it. Is this legal for /etc/rc.d script to use something from /usr ? 

I tried to register on bugs.freebsd.org, but I don't seem to get any mail from there.

UPS: zfskeys is only script using timeout in /etc/rc.d


----------



## D-FENS (Jul 14, 2022)

If you want to use an encrypted provider in your startup scripts, you would have to decrypt it on startup. Assuming you used geli(8), you could add "-bg" flags to your encrypted volume and in the very beginning of the boot you will get a password prompt to decrypt it:

```
geli configure -bg <provider>
```
You can check if the flags were set like so (check the flags value):

```
geli dump <provider>
```

Of course, this means your startup will be blocked until you enter a password, if this is what you want.

Can you please explain what exactly end goal you are trying to achieve? Maybe there is an easier way?


----------



## robot468 (Jul 14, 2022)

D-FENS said:


> Can you please explain what exactly end goal you are trying to achieve? Maybe there is an easier way?


I want use native zfs encryption(not geli), to encrypt all data on server. Server boots with usb stick, containing root partition with decryption key file on it.


----------



## D-FENS (Jul 14, 2022)

robot468 said:


> I want use native zfs encryption(not geli), to encrypt all data on server. Server boots with usb stick, containing root partition with decryption key file on it.


I don't know how to do that, but I would be interested if someone else knows the solution.


----------



## robot468 (Jul 14, 2022)

D-FENS said:


> I don't know how to do that, but I would be interested if someone else knows the solution.


i know how to do that - script /etc/rc.d/zfskeys should be fixed. I can do it myself, but it would be better if it was fixed in the system


----------



## robot468 (Jul 14, 2022)

submitted a bug  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265221


----------

