UFS Encrypted Automated Install
Polytropon
freebsd at edvax.de
Tue Mar 5 23:10:04 UTC 2019
On Tue, 5 Mar 2019 16:19:13 +0100 (CET), su- at tutamail.com wrote:
> Are there any plans to have an automated encrypted UFS install option
> in the freebsd iso's (what encryption options were available prior to zfs)
UFS does not have a native encryption mechanism. It has to be added
by an additional layer, and GELI is the common suggestion, even though
you can also use GDBE.
More information here:
https://www.freebsd.org/doc/handbook/disks-encrypting.html
Don't be confused by the examples using the MBR slice + BSD partitions
approach. It works the same for today's disks and SSDs with GPT. :-)
You could probably do something like this: In the installer, drop to
the command line and prepare the disk. Create the partitions and set
the required flags; use "geli init", then "geli attach", and then use
newfs with options as needed. Add a label with "newfs -L" if you wish.
To check if everything works as intended, mount and umount the partition.
Then return to the installer, _not_ using "geli detach". The installer
should then be able to use /dev/ada0p1.eli as / partition.
I have not tested this particular approach (mine are usually entirely
scripted), but this should be possible with the current version of
bsdinstall.
Having a convenient option in bsdinstall to automate the tasks of preparing
(initializing and attaching) target partition(s) for a system installation
would be nice.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list