Prevent GELI password boot prompts


While it can be useful for FreeBSD’s geli to prompt for passwords on boot, it’s not always wanted. Case in point, you can’t BMC or remote access the box to enter the password.

You can prevent this by setting the number of password attempts to zero:

# echo kern.geom.eli.tries=0 >> /boot/loader.conf

And disable the boot flag on your geli volumes. You may want to be more granular than this:

# geli attach [-k secret.key] /dev/[disk]
# geli configure -B /dev/diskid/*.eli

From the geli(8) manpage:

configure      Change configuration of the given providers.
        -b     Set the BOOT flag on the given providers.

Author bio and support


Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!