GELI - disk encryption GEOM class committed.
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Jul 29 13:42:46 GMT 2005
On Fri, Jul 29, 2005 at 08:37:35AM -0500, Eric Anderson wrote:
+> Hmm - is that really true? How can one decrypt the root partition data
+> without the key, but with the kernel and modules? It seems that if that
+> is a problem, than encrypting any partition without the kernel/modules
+> encrypted would be the same scenario.
+>
+> I think there still is benefit in encrypting the root, but not /boot.
I prefer method below:
- put decrypted /boot/ directory onto small file system on your USB Pen-Drive
or CD-ROM,
- set booting from USB/CD-ROM in your BIOS,
- boot from Pen-Drive/CD-ROM,
- GELI will ask your for the passphrase before root file system is mounted,
- enter passphrase,
- root parition is decrypted and mounted,
- remove your Pen-Drive/CD-ROM.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050729/7d5b9c4c/attachment.bin
More information about the freebsd-current
mailing list