# geli_device_flags



## xibo (Dec 18, 2012)

Taken from rc.conf():

```
geli_default_flags
                 (str) Default flags to use by geli(8) when configuring disk
                 encryption.  Flags can be configured for every device sepaâ€
                 rately by defining geli_âŸ¨deviceâŸ©_flags variable.
```

IMO the most significant advantage this has over loader.conf()'s undocumented *geli_<name>_keyfile* is (other then obviously to be documented) the ability to attach a large number of disks (with potentially differing secrets) at once from an encrypted root partition without compromising the secret (keyfiles) on the non-encrypted boot medium.

However, in large disk environments it would be straightforward to use geom labels to identify disks rather then scan-order dependend names. Therefore *<device>* would be something like label/somename, i.e. contain the slash character which is AFAIK not valid to be contained in a shell variable name.

Is there any workaround to this?
And when I'm asking here already, can I somehow have the root partition unmounted and replaced by an zraid root one after geli attached it's vdev members?


----------



## t1066 (Dec 18, 2012)

Not sure if it works, but by looking into /var/backup, I see


```
$ ll /var/backups/
total 17015
drwxr-x---   2 root  wheel  -       15 Dec 19 03:01 ./
drwxr-xr-x  25 root  wheel  -       26 Dec  6 18:54 ../
-rw-------   1 root  wheel  -      512 Apr  7  2012 label_47mc.eli
-rw-------   1 root  wheel  -      512 Apr  7  2012 label_9tuc.eli
-rw-------   1 root  wheel  -      512 Mar  1  2012 label_segt1.eli
```

So I would suggest trying label_somename as <device>.


----------



## xibo (Dec 19, 2012)

label_soname seems to do the job. Thanks.


----------

