Paasword from shsec when booting eli encryptet / ?
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Sep 28 01:43:52 PDT 2005
On Tue, Sep 27, 2005 at 01:57:30PM +0200, Frank J. Beckmann wrote:
+> I start to love the new geom classes, they give me many ideas but also rise
+> many questions. The man page og geli states that you can encrypt / when you
+> boot from an USB pen-drive. That mast contain /boot. Does it find / or do I
+> have to set rootdev in loader.conf?
You need to setup USB boot in BIOS and that's actually all.
It will ask you for the passphrase before root file system is mounted and
will find root partition in /etc/fstab after decryption.
+> And is it possible to get the password (or any other needed secret) from a
+> gshsec device instead of a console prompt?
No.
Currently you can use only passphrase strengthened with PKCS#5v2 for the
root partition.
There are no file systems mounted yet, so you cannot get the secret from
a file. In theory it will be possible to get the secret from a raw device
(storing info about this in /boot/loader.conf).
BUT this is hackish and evil, so I'll wait for a better solution.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20050928/070ac415/attachment.bin
More information about the freebsd-geom
mailing list