harddrive encryption

Roland Smith rsmith at xs4all.nl
Mon Jan 17 22:53:11 UTC 2011

On Mon, Jan 17, 2011 at 09:30:39PM +0100, Alokat wrote:
> Hi,
> is it possible to encrypt my full harddrive (excluding /boot) during a 
> freebsd installation. Or do I have to do this after the installation 
> manually?
Currently you have to do it manually afterwards. 

Personally, I would not bother encrypting the OS data; there is nothing secret
there, and it does have a performance impact. Plus it would provide ample
material for a known-plaintext attack!

What you can do is set apart a partition during installation where you are
going to store your data, be it /home, /var/www or whatever. After
installation, encrypt that partition with geli(8), newfs it and put the name
of the *.eli device in /etc/fstab. That should make the startup scripts ask
for the passphrase.

Do not rely on a keyfile that resides on a disk in the machine (that would
make encryption futile)! Use a passphrase instead.

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20110117/b81045c5/attachment.pgp

More information about the freebsd-questions mailing list