svn commit: r44688 - head/en_US.ISO8859-1/books/handbook/disks
Dru Lavigne
dru at FreeBSD.org
Mon Apr 28 20:42:28 UTC 2014
Author: dru
Date: Mon Apr 28 20:42:28 2014
New Revision: 44688
URL: http://svnweb.freebsd.org/changeset/doc/44688
Log:
White space fix only. Translators can ignore.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/disks/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Mon Apr 28 20:30:28 2014 (r44687)
+++ head/en_US.ISO8859-1/books/handbook/disks/chapter.xml Mon Apr 28 20:42:28 2014 (r44688)
@@ -2509,8 +2509,8 @@ Quotas for user test:
</indexterm>
<para>&os; offers excellent online protections against
- unauthorized data access. File permissions and
- <link linkend="mac">Mandatory Access Control</link> (MAC) help
+ unauthorized data access. File permissions and <link
+ linkend="mac">Mandatory Access Control</link> (MAC) help
prevent unauthorized users from accessing data while the
operating system is active and the computer is powered up.
However, the permissions enforced by the operating system are
@@ -2524,11 +2524,10 @@ Quotas for user test:
<command>geli</command> cryptographic subsystems in &os; are
able to protect the data on the computer's file systems against
even highly-motivated attackers with significant resources.
- Unlike encryption methods that encrypt
- individual files, <command>gbde</command> and
- <command>geli</command> transparently encrypt entire file
- systems. No cleartext ever touches the hard drive's
- platter.</para>
+ Unlike encryption methods that encrypt individual files,
+ <command>gbde</command> and <command>geli</command>
+ transparently encrypt entire file systems. No cleartext ever
+ touches the hard drive's platter.</para>
<sect2>
<title>Disk Encryption with
@@ -2545,13 +2544,13 @@ Quotas for user test:
protect the passphrase used by the encryption
mechanism.</para>
- <para>This facility provides several barriers to protect the data
- stored in each disk sector. It encrypts the contents of a
- disk sector using 128-bit <acronym>AES</acronym> in
- <acronym>CBC</acronym> mode. Each sector on the
- disk is encrypted with a different <acronym>AES</acronym> key. For more
- information on the cryptographic design, including how the
- sector keys are derived from the user-supplied passphrase,
+ <para>This facility provides several barriers to protect the
+ data stored in each disk sector. It encrypts the contents of
+ a disk sector using 128-bit <acronym>AES</acronym> in
+ <acronym>CBC</acronym> mode. Each sector on the disk is
+ encrypted with a different <acronym>AES</acronym> key. For
+ more information on the cryptographic design, including how
+ the sector keys are derived from the user-supplied passphrase,
refer to &man.gbde.4;.</para>
<para>&os; provides a kernel module for
@@ -2565,13 +2564,13 @@ Quotas for user test:
<para><literal>options GEOM_BDE</literal></para>
- <para>The following example demonstrates adding a new hard
- drive to a system that will hold a single encrypted partition
- that will be mounted as
- <filename>/private</filename>.</para>
+ <para>The following example demonstrates adding a new hard drive
+ to a system that will hold a single encrypted partition that
+ will be mounted as <filename>/private</filename>.</para>
<procedure>
- <title>Encrypting a Partition with <application>gbde</application></title>
+ <title>Encrypting a Partition with
+ <application>gbde</application></title>
<step>
<title>Add the New Hard Drive</title>
@@ -2611,10 +2610,11 @@ Quotas for user test:
<para>A <application>gbde</application> partition must be
initialized before it can be used. This initialization
- needs to be performed only once. This command will open the default editor, in order to
- set various configuration options in a template. For use
- with the <acronym>UFS</acronym> file system, set the
- sector_size to 2048:</para>
+ needs to be performed only once. This command will open
+ the default editor, in order to set various configuration
+ options in a template. For use with the
+ <acronym>UFS</acronym> file system, set the sector_size to
+ 2048:</para>
<screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock</userinput># $FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $
#
@@ -2626,30 +2626,29 @@ Quotas for user test:
sector_size = 2048
[...]</screen>
- <para>Once the edit is saved, the user will be asked twice to type the
- passphrase used to secure the data. The passphrase must
- be the same both times. The ability of
+ <para>Once the edit is saved, the user will be asked twice
+ to type the passphrase used to secure the data. The
+ passphrase must be the same both times. The ability of
<application>gbde</application> to protect data depends
entirely on the quality of the passphrase. For tips on
how to select a secure passphrase that is easy to
remember, see <link
xlink:href="http://world.std.com/~reinhold/diceware.html">http://world.std.com/~reinhold/diceware.htm</link>.</para>
- <para>This initialization creates a lock file for
- the <application>gbde</application> partition. In this
+ <para>This initialization creates a lock file for the
+ <application>gbde</application> partition. In this
example, it is stored as
- <filename>/etc/gbde/ad4s1c.lock</filename>.
- Lock files must end in
- <quote>.lock</quote> in order to be correctly detected by
- the <filename>/etc/rc.d/gbde</filename> start up
- script.</para>
+ <filename>/etc/gbde/ad4s1c.lock</filename>. Lock files
+ must end in <quote>.lock</quote> in order to be correctly
+ detected by the <filename>/etc/rc.d/gbde</filename> start
+ up script.</para>
<caution>
- <para>Lock files
- <emphasis>must</emphasis> be backed up together with
- the contents of any encrypted partitions. Without the
- lock file, the legitimate owner will be unable to
- access the data on the encrypted partition.</para>
+ <para>Lock files <emphasis>must</emphasis> be backed up
+ together with the contents of any encrypted partitions.
+ Without the lock file, the legitimate owner will be
+ unable to access the data on the encrypted
+ partition.</para>
</caution>
</step>
@@ -2659,10 +2658,10 @@ sector_size = 2048
<screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock</userinput></screen>
- <para>This command will prompt to input the passphrase
- that was selected during the initialization of the
- encrypted partition. The new encrypted device will
- appear in <filename>/dev</filename> as
+ <para>This command will prompt to input the passphrase that
+ was selected during the initialization of the encrypted
+ partition. The new encrypted device will appear in
+ <filename>/dev</filename> as
<filename>/dev/device_name.bde</filename>:</para>
<screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
@@ -2676,10 +2675,10 @@ sector_size = 2048
Device</title>
<para>Once the encrypted device has been attached to the
- kernel, a file system can be created on the device.
- This example creates a <acronym>UFS</acronym> file
- system with soft updates enabled. Be sure to specify the
- partition which has a
+ kernel, a file system can be created on the device. This
+ example creates a <acronym>UFS</acronym> file system with
+ soft updates enabled. Be sure to specify the partition
+ which has a
<filename><replaceable>*</replaceable>.bde</filename>
extension:</para>
@@ -2700,8 +2699,8 @@ sector_size = 2048
<title>Verify That the Encrypted File System is
Available</title>
- <para>The encrypted file system should now be visible
- and available for use:</para>
+ <para>The encrypted file system should now be visible and
+ available for use:</para>
<screen>&prompt.user; <userinput>df -H</userinput>
Filesystem Size Used Avail Capacity Mounted on
@@ -2714,34 +2713,33 @@ Filesystem Size Used Avail Cap
</step>
</procedure>
- <para>After each boot, any encrypted file systems must be
- manually re-attached to the kernel, checked for errors, and mounted,
- before the file systems can be used. To configure these
- steps, add the following lines to <filename>/etc/rc.conf</filename>:</para>
+ <para>After each boot, any encrypted file systems must be
+ manually re-attached to the kernel, checked for errors, and
+ mounted, before the file systems can be used. To configure
+ these steps, add the following lines to
+ <filename>/etc/rc.conf</filename>:</para>
- <programlisting>gbde_autoattach_all="YES"
+ <programlisting>gbde_autoattach_all="YES"
gbde_devices="<replaceable>ad4s1c</replaceable>"
gbde_lockdir="/etc/gbde"</programlisting>
- <para>This requires that the
- passphrase be entered at the console
- boot time. After typing the correct passphrase, the
- encrypted partition will be
- mounted automatically. Additional
- <application>gbde</application> boot options are available
- and listed in &man.rc.conf.5;.</para>
+ <para>This requires that the passphrase be entered at the
+ console boot time. After typing the correct passphrase, the
+ encrypted partition will be mounted automatically. Additional
+ <application>gbde</application> boot options are available and
+ listed in &man.rc.conf.5;.</para>
<!--
What about bsdinstall?
-->
- <note>
- <para><application>sysinstall</application> is incompatible with
- <application>gbde</application>-encrypted devices. All
- <filename>*.bde</filename>
- devices must be detached from the kernel before starting
- <application>sysinstall</application> or it will crash during its initial
- probing for devices. To detach the encrypted device used in
- the example, use the following command:</para>
+ <note>
+ <para><application>sysinstall</application> is incompatible
+ with <application>gbde</application>-encrypted devices. All
+ <filename>*.bde</filename> devices must be detached from the
+ kernel before starting <application>sysinstall</application>
+ or it will crash during its initial probing for devices. To
+ detach the encrypted device used in the example, use the
+ following command:</para>
<screen>&prompt.root; <userinput>gbde detach /dev/<replaceable>ad4s1c</replaceable></userinput></screen>
</note>
More information about the svn-doc-head
mailing list