how-to: encryption + journaling (geli + gjournal)
Volker
volker at vwsoft.com
Mon Jan 14 04:12:11 PST 2008
On 12/23/-58 19:59, RW wrote:
> On Sun, 13 Jan 2008 23:42:07 +0100
> Volker <volker at vwsoft.com> wrote:
>
>> For the archives (as I haven't found a nice how-to on this topic):
>>
>> A short how-to to get geli + gjournal running smoothly (the lazy way,
>> depending mostly on OS infrastructure, no script hacking needed).
>>
>> - set up your geli provider:
>> geli load
>> geli init /dev/ad0s1d # check geli(8) for this
>> geli attach /dev/ad0s1d
>> dd if=/dev/random of=/dev/ad0s1d.eli bs=1m # (use higher values bs=...
>> for faster operation)
>
> It would probably be faster to fill /dev/ad0s1d from /dev/random before
> doing the geli init - there's no point in encrypting the random numbers.
> It would also ensure that the whole of ad0s1d is pre-filled, and not
> just the part accessible as ad0s1d.eli.
If you think it doesn't make sense or is a fault, please file a PR as
filling the data provider with random data has been taken from the
manpage geli(8).
Otherwise I'm considering this being a bike shed.
If you know it better, I'm wondering why you haven't written a how to
in the past?
More information about the freebsd-geom
mailing list