GELI Passphrase Providers
Bruno Lauzé
brunolauze at msn.com
Fri Nov 8 23:03:08 UTC 2013
Right now, there's only "cngets" used to provide passphrase for GELI disk encryption.
In the future, considering embedded solutiona, and cloud data centers, co-location, etc..,
would different geli passphrase providers be planned?
One thing that I dream of (for embedded projects):
While prompting the passphrase on the console, have some settings in loader.conf to
provide an iface, ip, netmask gateway to mount and implement a Single Packet Authorization mechanism with IPSec.
The impossibility to be on-site to enter passphrase prevent disk encryption for multiple scenarios, and in my humble opinion, those are the same scenarios where encryption is mandatory like embedded Device in the wild, co-location, Off-site servers... even bhyve...
Of course, I know IPMI or KVM solutions are possible, just wandering if we oversee any solutions without those required.
Any opinions?
More information about the freebsd-geom
mailing list