Add scripts for GELI device configuration on boot.

rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
             detach on last close.

Sponsored by:	Wheel Sp. z o.o.
		http://www.wheel.pl
MFC after:	3 days

1 files changed, 17 insertions, 1 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index e9d86e46e79d..e56ac8548d89 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -59,7 +59,23 @@ gbde_devices="NO" 	# Devices to automatically attach (list, or AUTO)
 gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices
 gbde_lockdir="/etc"	# Where to look for gbde lockfiles
 
-geli_swap_flags="-a aes -l 256 -s 4096 -d"	# Options for GELI-encrypted swap partitions.
+# GELI disk encryption configuration.
+geli_devices=""		# List of devices to automatically attach in addition to
+			# GELI devices listed in /etc/fstab.
+geli_tries=""		# Number of times to attempt attaching geli device.
+			# If empty, kern.geom.eli.tries will be used.
+geli_default_flags=""	# Default flags for geli(8).
+geli_autodetach="YES"	# Automatically detach on last close.
+			# Providers are marked as such when all file systems are
+			# mounted.
+# Example use.
+#geli_devices="da1 mirror/home"
+#geli_da1_flags="-p -k /etc/geli/da1.keys"
+#geli_da1_autodetach="NO"
+#geli_mirror_home_flags="-k /etc/geli/home.keys"
+
+geli_swap_flags="-a aes -l 256 -s 4096 -d"	# Options for GELI-encrypted
+						# swap partitions.
 
 root_rw_mount="YES"	# Set to NO to inhibit remounting root read-write.
 fsck_y_enable="NO"	# Set to YES to do fsck -y if the initial preen fails.