Does 9.0-stable installer support full disc encryption
wojtek at wojtek.tensor.gdynia.pl
Fri Apr 20 15:08:47 UTC 2012
> Wasn't able to find something about this: Do I have a chance to do
> direct installation of a FreeBSD into a full encrpyted environment where
> not only /home, but also e.g. /usr is encrypted? Currently I've got such
as i always say the best installer is no installer, as it supports
everything you want exactly because YOU do the (simple) instalation steps
as you want.
Actually except the really first time i tried FreeBSD, i never used it.
both old sysinstall and new that i even don't know as i don't compile it.
REALLY - grab some usable self-containted DVD/CD/pendrive that boots into
complete FreeBSD, add compressed install files (may be like distro or your
own), then just make partitions, newfs then, perform bsdlabel -B (or
gpart), and unpack.
or make partitions, geli init+geli attach right one, newfs and unpack.
if you want ALL encrypted then:
- make very small /b partition like 100-200 megs unencrypted
- after unpacking from your / partition move /boot to /b/boot, then make a
link /boot -> b/boot
- in loader.conf add
with standard generic kernel you need
geom_eli_load="YES" in loader.conf too
after all works compile your kernel, make sure GEOM_ELI is compiled in (no
need for module), and - if you have one of the latest intel CPU, or one of
the "less latest" VIA CPU apply a driver for hardware accelerated AES
encryption. speedup of encryption from 50MB/s to 2-3GB/s is quite normal
actually i usually encrypt everything on such hardware as encryption load
is not noticable.
More information about the freebsd-questions