geom_eli, N disks, zfs
Alaksiej C
ac at belngo.info
Mon Sep 21 21:05:41 UTC 2009
You can allocate one small disk/slice to be encrypted with passphrase
(and - if you like - with keyfile(s) too).
Inside of it you will store keyfiles for other disks, which should be
encrypted without using passphrase(s).
In such configuration it's necessary to know passphrase to unlock any
disk, but you need to type it only once.
P.S. And, actually, I think your question is fit better for freebsd-questions at .
On Mon, Sep 21, 2009 at 5:38 PM, Evgeny Solovyov <a.n.s.i at gmx.net> wrote:
> Is there any better way to configure a system to encrypt N-disk with passphrase for using under zfs as write in loader.conf following:
>
> geom_eli_load="YES"
> geli_da0p1_keyfile0_load="YES"
> geli_da0p1_keyfile0_type="da0p1:geli_keyfile0"
> geli_da0p1_keyfile0_name="/boot/keys/da0.key"
>
> geli_da2p1_keyfile0_load="YES"
> geli_da2p1_keyfile0_type="da2p1:geli_keyfile0"
> geli_da2p1_keyfile0_name="/boot/keys/da2.key"
>
> ...
>
> geli_da<N>p1_keyfile0_load="YES"
> geli_da<N>p1_keyfile0_type="da<N>p1:geli_keyfile0"
> geli_da<N>p1_keyfile0_name="/boot/keys/da<N>.key"
>
>
> The problem is we must enter the passphrase N-times.
>
> Thanks.
>
> Evgeny Solovyov
> --
> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 -
> sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
> _______________________________________________
> freebsd-geom at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"
>
More information about the freebsd-geom
mailing list