Encrypting full disk with several slices
Christian Brueffer
chris at unixpages.org
Sun Jan 29 02:26:33 PST 2006
On Sun, Jan 29, 2006 at 11:15:06AM +0100, OxY wrote:
> Hi!
>
> I would appreciate some help from you..i
> failed to find anything on google and manpages about this topic..
>
> My goal is to encrypt my root partition with geli or gbde. First, I tried
> geli, man page said that it's ok to encrypt root partition (just leave
> unencrypted
> the /boot part, so i put it on other slice), but it's not so simple..
>
> tried to encrypt the full disk first, then create the partitions and slices
> to be able to use just one key/pass, it's not so convinient to type
> 9 passwords per boot..
> i used the cmds:
>
> # dd if=/dev/random of=/boot/ad2.key bs=64 count=1
> # geli init -s 4096 -K /boot/ad2.key /dev/ad2
>
> then partition the disk:
> created fdisk config file (which works on unencrypted partition) (just with
> test length, i know is's small :)
>
> p 1 165 1 8192
>
>
> it said: length must be a multiple of sector size..
> sector size is 4096, so dunno what's the matter..(tried with 16384, so
> on...)
>
> Now, i am thinking about first create partitions and slices,
> (ad2s1a,d,e,f,g ; ad2s2d,e,f,g)
> then encrypt them one-by-one ..my only problem is to how can i manage it to
> ask for one password when
> i boot....
>
> Thank you and sorry for my poor english..
>
Take a look at the following talk which was held at EuroBSDCon and CCC
last year:
https://events.ccc.de/congress/2005/fahrplan/events/1139.en.html
The paper is available on that site as well.
- Christian
--
Christian Brueffer chris at unixpages.org brueffer at FreeBSD.org
GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20060129/ff8cffaa/attachment.bin
More information about the freebsd-hackers
mailing list