svn commit: r46363 - head/en_US.ISO8859-1/books/handbook/disks

Allan Jude allanjude at FreeBSD.org
Sun Mar 22 19:26:12 UTC 2015 

Author: allanjude
Date: Sun Mar 22 19:26:11 2015
New Revision: 46363
URL: https://svnweb.freebsd.org/changeset/doc/46363

Log:
  Update handbook to remove references to obsolete rc.conf variable: geli_swap_flags
  
  PR:		197755
  Differential Revision:	https://reviews.freebsd.org/D2094
  Submitted by:	Christian Kujau (request)
  Reviewed by:	wblock
  Approved by:	bcr (mentor)
  Sponsored by:	ScaleEngine Inc.

Modified:
  head/en_US.ISO8859-1/books/handbook/disks/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/disks/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/disks/chapter.xml	Sun Mar 22 00:11:50 2015	(r46362)
+++ head/en_US.ISO8859-1/books/handbook/disks/chapter.xml	Sun Mar 22 19:26:11 2015	(r46363)
@@ -2878,7 +2878,7 @@ geli_da2_flags="-p -k /root/<replaceable
     <para>This section demonstrates how to configure an encrypted
       swap partition using &man.gbde.8; or &man.geli.8; encryption.
       It assumes a <acronym>UFS</acronym> file system where
-      <filename>/dev/ad0s1b</filename> is the swap partition.</para>
+      <filename>/dev/ada0s1b</filename> is the swap partition.</para>
 
     <sect2>
       <title>Configuring Encrypted Swap</title>
@@ -2888,34 +2888,73 @@ geli_da2_flags="-p -k /root/<replaceable
 	the current swap partition with random garbage, execute the
 	following command:</para>
 
-      <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ad0s1b</replaceable> bs=1m</userinput></screen>
+      <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ada0s1b</replaceable> bs=1m</userinput></screen>
 
       <para>To encrypt the swap partition using &man.gbde.8;, add the
 	<literal>.bde</literal> suffix to the swap line in
 	<filename>/etc/fstab</filename>:</para>
 
       <programlisting># Device		Mountpoint	FStype	Options		Dump	Pass#
-/dev/ad0s1b.bde		none		swap	sw		0	0</programlisting>
+/dev/ada0s1b.bde	none		swap	sw		0	0</programlisting>
 
       <para>To instead encrypt the swap partition using &man.geli.8;,
 	use the
 	<literal>.eli</literal> suffix:</para>
 
       <programlisting># Device		Mountpoint	FStype	Options		Dump	Pass#
-/dev/ad0s1b.eli		none		swap	sw		0	0</programlisting>
+/dev/ada0s1b.eli	none		swap	sw		0	0</programlisting>
 
       <para>By default, &man.geli.8; uses the <acronym>AES</acronym>
-	algorithm with a key length of 128 bit.  These defaults can be
-	altered by using <literal>geli_swap_flags</literal> in
-	<filename>/etc/rc.conf</filename>.  The following flags
-	configure encryption using the Blowfish algorithm with a key
-	length of 128 bits and a sectorsize of 4 kilobytes, and sets
-	<quote>detach on last close</quote>:</para>
+	algorithm with a key length of 256 bits.  These defaults can
+	be altered in the options field in
+	<filename>/etc/fstab</filename>.  The possible flags
+	are:</para>
+
+      <variablelist>
+	<varlistentry>
+	  <term>aalgo</term>
+	  <listitem>
+	    <para>Data integrity verification algorithm used to ensure
+	      that the encrypted data has not been tampered with.  See
+	      &man.geli.8; for a list of supported algorithms.</para>
+	  </listitem>
+	</varlistentry>
+
+	<varlistentry>
+	  <term>ealgo</term>
+	  <listitem>
+	    <para>Encryption algorithm used to protect the data.  See
+	      &man.geli.8; for a list of supported algorithms.</para>
+	  </listitem>
+	</varlistentry>
+
+	<varlistentry>
+	  <term>keylen</term>
+	  <listitem>
+	    <para>The length of the key used for the encryption
+	      algorithm.  See &man.geli.8; for the key lengths that
+	      are supported by each encryption algorithm.</para>
+	  </listitem>
+	</varlistentry>
+
+	<varlistentry>
+	  <term>sectorsize</term>
+	  <listitem>
+	    <para>The size of the blocks data is broken into before
+	      it is encrypted.  Larger sector sizes increase
+	      performance at the cost of higher storage
+	      overhead.  The recommended size is 4096 bytes.</para>
+	  </listitem>
+	</varlistentry>
+      </variablelist>
+
+      <para>This example configures an encryped swap partition using
+	the Blowfish algorithm with a key length of 128 bits and a
+	sectorsize of 4 kilobytes:</para>
 
-      <programlisting>geli_swap_flags="-e blowfish -l 128 -s 4096 -d"</programlisting>
+      <programlisting># Device		Mountpoint	FStype	Options				Dump	Pass#
+/dev/ada0s1b.eli	none		swap	sw,ealgo=blowfish,keylen=128,sectorsize=4096	0	0</programlisting>
 
-      <para>Refer to the description of <literal>onetime</literal> in
-	&man.geli.8; for a list of possible options.</para>
     </sect2>
 
     <sect2>
@@ -2929,13 +2968,13 @@ geli_da2_flags="-p -k /root/<replaceable
 
       <screen>&prompt.user; <userinput>swapinfo</userinput>
 Device          1K-blocks     Used    Avail Capacity
-/dev/ad0s1b.bde    542720        0   542720     0%</screen>
+/dev/ada0s1b.bde   542720        0   542720     0%</screen>
 
       <para>If &man.geli.8; is being used:</para>
 
       <screen>&prompt.user; <userinput>swapinfo</userinput>
 Device          1K-blocks     Used    Avail Capacity
-/dev/ad0s1b.eli    542720        0   542720     0%</screen>
+/dev/ada0s1b.eli   542720        0   542720     0%</screen>
     </sect2>
   </sect1>

More information about the svn-doc-all mailing list