Pre-boot authentication / geli-aware bootcode
Simon L. B. Nielsen
simon at FreeBSD.org
Fri Jun 15 17:40:32 UTC 2012
On Jun 11, 2012 1:22 AM, "Robert Simmons" <rsimmons0 at gmail.com> wrote:
>
> Would it be possible to make FreeBSD's bootcode aware of geli encrypted
volumes?
>
> I would like to enter the password and begin decryption so that the
> kernel and /boot are inside the encrypted volume. Ideally the only
> unencrypted area of the disk would be the gpt protected mbr and the
> bootcode.
>
> I know that Truecrypt is able to do something like this with its
> truecrypt boot loader, is something like this possible with FreeBSD
> without using Truecrypt?
I just booted off a USB flash key. Then your entire drive can be encrypted.
--
Simon L. B. Nielsen
Mobile
More information about the freebsd-security
mailing list