GELI on root partition -- problems
Fluffles
etc at fluffles.net
Sat Jul 22 07:25:12 UTC 2006
Hello guys,
I'm trying to use GELI encryption on my root partition. So the
partitions look like:
/boot = ad0s1a
SWAP = ad0s1b
/ (root) = ad0s1d
In this case the "a" partition holds /boot which is unencrypted and
allows the kernel to be booted and GELI to ask for the passphrase for
the "d" partition, whereas the "d" partition holds root (anything else
than /boot) and is encrypted with GELI. Reading from the manpage of GELI:
o Allows to encrypt the root partition - the user will be asked
for the passphrase before the root file system is mounted.
Though i cannot find anywhere on the internet nor on IRC how to
accomplish this. Sysinstall gave me several mount/install errors when i
tried to use /boot on the a-partition. And if i do it the other way
around (a-partition is encrypted root and d-partition is /boot), then
the boot loader can't find the kernel (because it looks on a-partition i
guess). It seems many things in FreeBSD assume the "a" partition to be /
(root), and that it holds the kernel. So really, *how* do i setup this
GELI-on-root feature?
I've got FreeBSD 6.1 ISO and FreeSBIE (livecd) and supported hardware at
my disposal. If this doesn't work i can use an unencrypted root
partition and only encrypt /usr but i would use that only as last resort.
Anyone who can show me the right direction? Your feedback is appreciated!
Thanks,
Veronica
More information about the freebsd-geom
mailing list