CFS Cryptographic file system.

Julian Stacey jhs at berklix.org
Wed Jun 11 21:52:06 UTC 2008 

To:             Howard Goldstein <hg at queue.to>,
                Lorenzo Perone <lopez.on.the.lists at yellowspace.net>
cc:             fs at freebsd.org
bcc:            freebsd-ports at freebsd.org	
		(bcc to avoid list dups, any follow up to fs@ I suggest)

Howard Goldstein wrote:
> Date: Wed, 11 Jun 2008 14:00:55 -0400 (20:00 CEST)
> Cc: freebsd-ports at freebsd.org

> Julian Stacey wrote:
> > Is there some replacement of /usr/ports/security/cfs 
> > (encryped file system) for 7.0 ?
> 
> It's not fully responsive to your question, and it's a little clunky, 
> but the technique at this blog entry 
> https://www.endries.org/josh/blog/posts/5 seems to show a way to run 
> geli on a file-based backingstore using the the md driver as a geom 
> provider.  I haven't tried it.

Thanks Howard, 
As I was in a rush & no quick reply to ports@, I posted a similar question
to fs at freebsd 12 hours or so later & later replied:

> > From: Lorenzo Perone <lopez.on.the.lists at yellowspace.net>
> > Date: Tue, 10 Jun 2008 13:11:50 +0200
> > To: Julian Stacey <jhs at berklix.org>
> > Cc: fs at freebsd.org

> > > Is a crypting file system being worked on for src/ somewhere ?
> > 
> > Did you have a look at gbde / geli?
> > 
> > http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html
> 
> No, (I did have a look at doc index before I posted, but I missed this).
> Looks like what I need.
> Thanks Lorenzo

So I did this, which worked:
        dd if=/dev/zero of=CRYPT_FS_IMAGE bs=10k count=50k
        mdconfig -a -t vnode -f CRYPT_FS_IMAGE
        mkdir /etc/gbde
        gbde init /dev/md0 -i -L /etc/gbde/md0.lock
                2048
                random_flush            uncommented
                # long wait
        gbde attach /dev/md0  -l /etc/gbde/md0.lock
        newfs -U -O2 /dev/md0.bde
        mount /dev/md0.bde /mnt
	....
        umount /mnt
        gbde detach md0
        mdconfig -d -u 0

I havent tried geli yet, though it has interesting extras for later.
Thanks Lorenzo & Howard.

Julian
-- 
Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com
	Mail just Ascii plain text.  HTML & Base64 text are spam.

More information about the freebsd-fs mailing list