# GELI automatic attach on boot without password prompt



## stefarossi (Jun 17, 2013)

Hello,

*I*s it possible to specify, maybe in /boot/loader.conf, the password (obviously in clear) of a GELI partition and make it attach automatically on boot, without asking for the password?

I know this would defeat the purpose of having an encrypted partition, but I no longer need the encryption, I'd just like it to be available at boot.

Thanks.


----------



## fonz (Jun 17, 2013)

I'm not sure a password file or specifying it in a config file would be possible (although my money is on "no")  but you should be able to replace the password by a keyfile: delete the current password-using key, create a random keyfile (e.g. by using dd and /dev/random) and set a new keyfile-using key.

Edit: Or perhaps just _add_ a keyfile-using key if you're not currently using both key slots.


----------



## michaelmichael (Jan 20, 2014)

Hi,

I am also tinkering around with `geli` and disk encryption and stumbled upon the following:

Chapter 18.14.2.1. Using the geli rc.d Script in the FreeBSD Manual (http://www.freebsd.org/doc/handbook/disks-encrypting.html) states, that you can use the `-p` flag when configuring your rc.conf for mounting encrypted disks during startup. If you do this, geli will not ask for a password.

However, it is not clear to me how the security of the encrypted drive or partition can be preserved with an option like this. The only possibility is - and I am not sure if I understood it correctly - that during the `geli init <etcetc>` command the parameter `-P` needs to be provided to enable the option for a passwordless mount during boot time for that volume. I have not tried this yet, would be great if somebody else could confirm my theory.

best,
mm


----------

