UFS Encrypted Automated Install
su- at tutamail.com
su- at tutamail.com
Wed Mar 6 10:29:45 UTC 2019
I just found it very odd the installer had an option to auto encrypt zfs (which i assume is done on the same principles as you highlighted below) and not for UFS...
--
Securely sent with Tutanota. Get your own encrypted, ad-free mailbox:
https://tutanota.com
6 Mar 2019, 00:04 by freebsd at edvax.de:
> On Tue, 5 Mar 2019 16:19:13 +0100 (CET), > su- at tutamail.com <mailto:su- at tutamail.com>> wrote:
>
>> Are there any plans to have an automated encrypted UFS install option
>> in the freebsd iso's (what encryption options were available prior to zfs)
>>
>
> UFS does not have a native encryption mechanism. It has to be added
> by an additional layer, and GELI is the common suggestion, even though
> you can also use GDBE.
>
> More information here:
>
> https://www.freebsd.org/doc/handbook/disks-encrypting.html <https://www.freebsd.org/doc/handbook/disks-encrypting.html>
>
> Don't be confused by the examples using the MBR slice + BSD partitions
> approach. It works the same for today's disks and SSDs with GPT. :-)
>
> You could probably do something like this: In the installer, drop to
> the command line and prepare the disk. Create the partitions and set
> the required flags; use "geli init", then "geli attach", and then use
> newfs with options as needed. Add a label with "newfs -L" if you wish.
> To check if everything works as intended, mount and umount the partition.
> Then return to the installer, _not_ using "geli detach". The installer
> should then be able to use /dev/ada0p1.eli as / partition.
>
> I have not tested this particular approach (mine are usually entirely
> scripted), but this should be possible with the current version of
> bsdinstall.
>
> Having a convenient option in bsdinstall to automate the tasks of preparing
> (initializing and attaching) target partition(s) for a system installation
> would be nice.
>
>
> --
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...
> _______________________________________________
> freebsd-questions at freebsd.org <mailto:freebsd-questions at freebsd.org>> mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>
> To unsubscribe, send any mail to "> freebsd-questions-unsubscribe at freebsd.org <mailto:freebsd-questions-unsubscribe at freebsd.org>> "
>
More information about the freebsd-questions
mailing list