Booting a GELI encrypted hard disk

Steve Bertrand iaccounts at
Thu Oct 11 09:22:06 PDT 2007

> That's a heck of a lot of trouble to go to, considering someone would
> have to steal your drive, alter it and put it back without you knowing it!

Essentially, what I'm looking for is thus:

- someone breaks into my always-locked equipment room
- someone steals the box(es) in question, which obviously means shutting
down the unit

I don't want said thief to be able to retrieve the data after the box is
stolen, which is why I'd like a passphrase, and a removable key. Even if
the passphrase is captured, the data will still be protected because I
have the only key to the system 35 miles away on my person.

> If the intruder has physical access to the machine, it would be much
> easier to put a keylogger device between the keyboard and the machine.

There is no possible way this would go unnoticed. Anyone that could gain
access to the already secured room would have a window of about 15
seconds to break into the building after hours (secured/alarmed), smash
in the secured equipment room door, grab the box (out of about 40) and run.

>> It's questionable though, whether you should leave your computer in an 
>> environment where this can happen undetected and probably better solved by 
>> increasing real life security.

Like I said, it won't go undetected. The equipment is in a very secure
equipment area, inside of a secured and alarmed building. All equipment
is monitored 24/7, so if the box was physically altered, I would be
alerted via SMS/email immediately.

> An important point that too many people forget.

I agree, but this is not the case here. I just want the data protected
if the box goes down, whether by physical intruder, or I force it down


More information about the freebsd-questions mailing list