UFS Encrypted Automated Install

su- at tutamail.com su- at tutamail.com
Wed Mar 6 10:29:45 UTC 2019

I just found it very odd the installer had an option to auto encrypt zfs (which i assume is done on the same principles as you highlighted below) and not for UFS...   

 Securely sent with Tutanota. Get your own encrypted, ad-free mailbox: 

6 Mar 2019, 00:04 by freebsd at edvax.de:

> On Tue, 5 Mar 2019 16:19:13 +0100 (CET), > su- at tutamail.com <mailto:su- at tutamail.com>>  wrote:
>> Are there any plans to have an automated encrypted  UFS install option
>> in the freebsd iso's (what encryption options were available prior to zfs)
> UFS does not have a native encryption mechanism. It has to be added
> by an additional layer, and GELI is the common suggestion, even though
> you can also use GDBE.
> More information here:
> https://www.freebsd.org/doc/handbook/disks-encrypting.html <https://www.freebsd.org/doc/handbook/disks-encrypting.html>
> Don't be confused by the examples using the MBR slice + BSD partitions
> approach. It works the same for today's disks and SSDs with GPT. :-)
> You could probably do something like this: In the installer, drop to
> the command line and prepare the disk. Create the partitions and set
> the required flags; use "geli init", then "geli attach", and then use
> newfs with options as needed. Add a label with "newfs -L" if you wish.
> To check if everything works as intended, mount and umount the partition.
> Then return to the installer, _not_ using "geli detach". The installer
> should then be able to use /dev/ada0p1.eli as / partition.
> I have not tested this particular approach (mine are usually entirely
> scripted), but this should be possible with the current version of
> bsdinstall.
> Having a convenient option in bsdinstall to automate the tasks of preparing
> (initializing and attaching) target partition(s) for a system installation
> would be nice.
> -- 
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...
> _______________________________________________
> freebsd-questions at freebsd.org <mailto:freebsd-questions at freebsd.org>>  mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>
> To unsubscribe, send any mail to "> freebsd-questions-unsubscribe at freebsd.org <mailto:freebsd-questions-unsubscribe at freebsd.org>> "

More information about the freebsd-questions mailing list