-k/-K options for gbde(8).
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Feb 4 09:06:20 PST 2005
On Fri, Feb 04, 2005 at 10:04:53AM -0500, Allan Fields wrote:
+> On Fri, Feb 04, 2005 at 12:04:30AM +0100, Pawel Jakub Dawidek wrote:
+> > Hi.
+> >
+> > Patch below implement -k/-K/-N options from the gbde(8)-TODO list:
+> >
+> > http://people.freebsd.org/~pjd/patches/gbde.3.patch
+>
+> It seems in a previous life now.. I had also done a similar patch,
+> it's on the list a while back and have updated since.
+>
+> Since then, I looked at various ways gbde(8) could be improved,
+> expanded the TODO list, and started work on encrypted root support
+> (Going from memory: phk and I discussed various options and concluded it
+> best to implement an optional signature in metadata for gbde volumes
+> to be detected and auto-mounted at boot before init I believe.)
[...]
I done this some time ago. You have to have /boot/ directory on e.g.
bootable USB device and BDE providers in loader.conf
(in kern.geom.bde.providers tunable).
On boot it will ask for the passphrase before root is mounted:
http://people.freebsd.org/~pjd/patches/gbde.patch
Poul-Henning suggested that taste mechanism should be used instead of
tunable, which should be quite easy to implement.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20050204/4784dd41/attachment.bin
More information about the freebsd-geom
mailing list