Encrypting full disk with several slices

[Christian Brueffer]

On Sun, Jan 29, 2006 at 11:15:06AM +0100, OxY wrote:
> Hi!
> 
> I would appreciate some help from you..i
> failed to find anything on google and manpages about this topic..
> 
> My goal is to encrypt my root partition with geli or gbde. First, I tried
> geli, man page said that it's ok to encrypt root partition (just leave 
> unencrypted
> the /boot part, so i put it on other slice), but it's not so simple..
> 
> tried to encrypt the full disk first, then create the partitions and slices
> to be able to use just one key/pass, it's not so convinient to type
> 9 passwords per boot..
> i used the cmds:
> 
> # dd if=/dev/random of=/boot/ad2.key bs=64 count=1
> # geli init -s 4096 -K /boot/ad2.key /dev/ad2
> 
> then partition the disk:
> created fdisk config file (which works on unencrypted partition) (just with 
> test length, i know is's small :)
> 
> p       1       165       1     8192
> 
> 
> it said: length must be a multiple of sector size..
> sector size is 4096, so dunno what's the matter..(tried with 16384, so 
> on...)
> 
> Now, i am thinking about first create partitions and slices, 
> (ad2s1a,d,e,f,g ; ad2s2d,e,f,g)
> then encrypt them one-by-one ..my only problem is to how can i manage it to 
> ask for one password when
> i boot....
> 
> Thank you and sorry for my poor english..
> 

Take a look at the following talk which was held at EuroBSDCon and CCC
last year:

https://events.ccc.de/congress/2005/fahrplan/events/1139.en.html

The paper is available on that site as well.

- Christian

-- 
Christian Brueffer	chris at unixpages.org	brueffer at FreeBSD.org
GPG Key:	 http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B  B29B 6C76 178C A0ED 982D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20060129/ff8cffaa/attachment.bin