wojtek at wojtek.tensor.gdynia.pl
Tue Jan 18 23:28:33 UTC 2011
no at installation if you use standard installer.
as i don't use standard installer at all, i don't have such a problem.
i use any bootable FreeBSD media (actualy my own made pendrive), and then make
labels, do newfs, mount, unpack files etc.
if you can't do that then you may follow my advice
install as usual, but make partitions like
a: root - 10-20GB
b: swap - as you need
d: rest - don't allow to directory
install on a and b.
then after booting your system, and building and installing your kernel with
geli init -s 2048 (or 4096 whatever fragment size you plan) /dev/ad0d (or ada0d
or how is your disk named).
geli attach /dev/ad0d
newfs <options here> /dev/ad0d.eli
mount /dev/ad0d.eli /mnt
tar --exclude /usr -cf - /|tar xpf -
so you have copied all data except /usr to /mnt
then edit /mnt/etc/fstab
make ad0d.eli as root and
ad0a as /usr
then edit /mnt/boot/loader.conf
then reboot to single user mode
/sbin/mount /usr - should mount fine
and delete with rm -rf everything except usr subdirectory
mv usr/* .
rm -rf usr
rm -rf boot
ln -s /usr/boot .
then press CTRL-D and you have your encrypted system up.
You don't have /usr encrypted as your software packages are not secred data.
/usr is a: partition so bootloader boots from here.
/usr/boot is linked to /boot to make it accessible for system programs as
but your /usr/local/etc may be secred so
mv etc /etc/local
ln -s /etc/local etc
this is how i configure my system everywhere i use geli.
More information about the freebsd-questions