Passphraseless Disk Encryption Options?
Igor Mozolevsky
igor at hybrid-lab.co.uk
Tue Sep 8 17:44:42 UTC 2015
On 8 September 2015 at 18:22, Analysiser <analysiser at gmail.com> wrote:
I’m trying to perform a whole disk encryption for my boot drive to protect
> its data at rest. However I would like to have a mac OS X-ish full disk
> encryption that does not explicitly ask for a passphrase and would boot as
> normal without manual input of passphrase. I tried to do it with geli(8)
> but it seems there is no way I can avoid the manual interaction. Really
> curious if there is a way to achieve it? Thanks!
>
Do you mean like DVD "encryption'? If you are able to decrypt the contents
of the disk without something that only the person in front for the
computer either has or knows then *anyone* would be able to decrypt it.
What is the actual problem you're trying to solve? Remember that encryption
is just a tool and not a solution- you need a good security protocol that
will protect your data, and by the sound of it the protocol you propose
(self-decrypting drive) is just broken.
--
Igor M.
More information about the freebsd-hackers
mailing list