Pre-boot authentication / geli-aware bootcode
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Jun 15 20:26:56 UTC 2012
On Fri, Jun 15, 2012 at 04:22:18PM -0400, Robert Simmons wrote:
> On Fri, Jun 15, 2012 at 5:31 AM, Alaksiej Carniajeu <ac at belngo.info> wrote:
> > Hi,
> >
> > It's not possible. But, you could have your /boot on a bootable
> > usbstick, together with some keyfiles, and start from it. From
> > security point of view, it is even better, than the whole drive
> > encryption TrueCrypt offers, because the former relies on password
> > only.
>
> This is what I thought. Now, if I wanted to add this functionality, I
> would need to modify:
> /head/sys/boot/i386/pmbr/pmbr.s
> and
> /head/sys/boot/i386/gptboot/gptboot.c
I'd leave pmbr.s alone, it is definiately too early to play with
decryption. You need to modify gptboot and loader for UFS or gptzfsboot
and zfsloader for ZFS.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20120615/58fd2225/attachment.pgp
More information about the freebsd-geom
mailing list