Pre-boot authentication / geli-aware bootcode

Alaksiej Carniajeu ac at belngo.info
Fri Jun 15 09:31:52 UTC 2012


Hi,

It's not possible. But, you could have your /boot on a bootable
usbstick, together with some keyfiles, and start from it. From
security point of view, it is even better, than the whole drive
encryption TrueCrypt offers, because the former relies on password
only.

On Fri, Jun 15, 2012 at 2:33 AM, Robert Simmons <rsimmons0 at gmail.com> wrote:
> I posted this question to security, but all I got back was the sound
> of crickets...
>
> Would it be possible to make FreeBSD's bootcode aware of geli encrypted volumes?
>
> I would like to enter the password and begin decryption so that the
> kernel and /boot are inside the encrypted volume.  Ideally the only
> unencrypted area of the disk would be the gpt protected mbr and the
> bootcode.
>
> I know that Truecrypt is able to do something like this with its
> truecrypt boot loader, is something like this possible with FreeBSD
> without using Truecrypt?
> _______________________________________________
> freebsd-geom at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe at freebsd.org"


More information about the freebsd-geom mailing list