vince at unsane.co.uk
Wed Apr 11 09:08:25 UTC 2012
On 11/04/2012 00:06, Robert Simmons wrote:
> On Tue, Apr 10, 2012 at 6:25 PM, Fa bio <fa-h-2007 at hotmail.com> wrote:
>> The ideia is: you can run the system but you cannot access the sources
>> inside it, what is very interesting when you work with PHP, for example.
>> So, when machine is off nobody can read data from it because it is encrypted.
>> When you turn the machine on it automatically enter a passphase or key
>> witch are hidden somewhere that we cannot detect! Amazing!
>> My guess is that the keys/passphrase are compiled inside the kernel, so
>> it´s quite impossible to access it, but at the same time you can use the
>> I used the system without internet access and it mounted the partition
>> ok! That´s why I think that the "magic" is in the kernel!
>> Any ideas how it´s done?
> There are two options:
> 1) The key is in a file on the CD.
> 2) It is using geli onetime.
> The first choice above is stupid. Every copy of the software is
> therefore using the same key. If you want to have a key that you
> don't enter a passphrase for at boot: create the geli provider
> yourself, and have the key on a removable device. When the machine is
> booting, the device is available. When it is done, you remove your
> device with the key and store it somewhere safe. You can use a USB
> drive or a CD for this.
> The second choice above is more likely. The cache software that the
> OP mentioned would most likely be best served using geli onetime,
> which makes sense. If you want to read about geli onetime check the
> man page:
>From a quick look in the mfsroot this looks likely
(08:57:31 </mnt/stand/etc/defaults>) 0
root at fbsd2 # grep geli /mnt/stand/etc/defaults/rc.conf
geli_swap_flags="-e aes -l 256 -s 4096 -d"
Running sysinstall in the /stand dir on the mfsroot gives what i assume
is the installer (it was in Portuguese so not certain.)
I didnt look further.
(to the OP, I just mounted the ISO using mdconfig, gunziped the
mfsroot.gz in the boot dir then mounted that mfsroot using mdconfig again.)
> freebsd-geom at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"
More information about the freebsd-geom