geli on exisitng laptop
Roland Smith
rsmith at xs4all.nl
Wed Apr 8 12:50:01 PDT 2009
On Wed, Apr 08, 2009 at 10:48:31AM -0700, new_guy wrote:
>
>
> Roland Smith wrote:
> >
> > My advice would be to put /home (where _your_ data resides) on a
> > seperate partition and encrypt only that partition, with a password.
>
> Thanks to everyone for the advice. I really do appreciate it. I like this
> tip a lot. Since the default FreeBSD installer puts /home as a link to
> /usr/home... could I just encrypt /usr and get the same result? I'm thinking
> this would be the best way.
You could do that. But since enabling encryption effectively destroys
the data on the old partition, you might as well split the old /usr into
/usr and /home while you're at it. On my workstation /usr fills about
5GB. So reserving 5-8GB for /usr should be plenty. An encrypted /usr
can be a PITA if you have to boot into single user mode for
maintenance. You'd have to attach and mount the geli device by hand,
instead of having the rc scripts automate it.
A word of warning: make sure you have good recent backups before
enabling encryption, in case it becomes FUBAR.
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090408/5df91a7b/attachment.pgp
More information about the freebsd-questions
mailing list