diff --git a/lib/geom/eli/geli.8 b/lib/geom/eli/geli.8
--- a/lib/geom/eli/geli.8
+++ b/lib/geom/eli/geli.8
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd April 24, 2024
+.Dd May 19, 2024
 .Dt GELI 8
 .Os
 .Sh NAME
@@ -1197,6 +1197,11 @@
 # geli attach -k /root/private0.key /dev/md0
 Enter passphrase:
 # mount /dev/md0.eli /private
+.Pp
+If two slots are used with passphrase and keyfile, the prompt about
+passphrase during boot can be disabled:
+.Bd -literal -offset indent
+geli_da1s3a_skip_passphrase="YES"
 .Ed
 .Sh ENCRYPTION MODES
 .Nm
diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c
--- a/stand/libsa/geli/geliboot.c
+++ b/stand/libsa/geli/geliboot.c
@@ -32,11 +32,11 @@
 
 struct known_dev {
 	char			name[GELIDEV_NAMELEN];
-	struct geli_dev 	*gdev;
+	struct geli_dev		*gdev;
 	SLIST_ENTRY(known_dev)	entries;
 };
 
-SLIST_HEAD(known_dev_list, known_dev) known_devs_head = 
+SLIST_HEAD(known_dev_list, known_dev) known_devs_head =
     SLIST_HEAD_INITIALIZER(known_devs_head);
 
 static geli_ukey saved_keys[GELI_MAX_KEYS];
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -1247,6 +1247,27 @@
 	return (g_eli_destroy(sc, FALSE));
 }
 
+static bool
+geli_skip_passphrase(const char *provider)
+{
+	char name[64];
+	char *value;
+	bool skip;
+
+	skip = false;
+	snprintf(name, sizeof(name), "geli_%s_skip_passphrase", provider);
+	value = kern_getenv(name);
+
+	if (value != NULL && strcasecmp(value, "YES") == 0) {
+		printf("Skip passphrase for %s", provider);
+		skip = true;
+	}
+	if (value != NULL)
+		freeenv(value);
+
+	return (skip);
+}
+
 static int
 g_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider)
 {
@@ -1325,7 +1346,7 @@
 	u_char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
 	u_int i, nkey, nkeyfiles, tries, showpass;
 	int error;
-	bool skippassphrase;
+	bool skippassphrase, diskskippassphrase;
         struct keybuf *keybuf;
 
 	g_trace(G_T_TOPOLOGY, "%s(%s, %s)", __func__, mp->name, pp->name);
@@ -1387,6 +1408,7 @@
                 }
         }
 
+	diskskippassphrase = geli_skip_passphrase(pp->name);
         for (i = 0; i <= tries; i++) {
                 g_eli_crypto_hmac_init(&ctx, NULL, 0);
 
@@ -1409,7 +1431,7 @@
                         return (NULL);
                 }
 
-		skippassphrase = false;
+		skippassphrase = diskskippassphrase;
 		if (i == 0 && nkeyfiles > 0 && md.md_iterations != -1) {
 			tries += 1;
 			skippassphrase = true;
@@ -1462,6 +1484,13 @@
                 error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
                 explicit_bzero(key, sizeof(key));
                 if (error == -1) {
+			if (diskskippassphrase) {
+				G_ELI_DEBUG(0,
+				    "Cannot decrypt Master Key for %s.",
+				    pp->name);
+                                g_eli_keyfiles_clear(pp->name);
+                                return (NULL);
+			}
                         if (i == tries) {
                                 G_ELI_DEBUG(0,
                                     "Wrong key for %s. No tries left.",