This flag indicates that the user wishes to use the GELIBOOT feature, to boot from a fully encrypted root file system.
Currently, GELIBOOT does not support key files, and when it does, they will be done a bit differently.
Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if it exists) to the HMAC before the optional user password, so there is no way to tell if a GELI partition has key files or not.
Since the GELIBOOT code in boot2 and the loader do not support keys, they will only attempt to attach if this flag is set
This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process