Geli questions

Michael Vince mv at thebeastie.org
Thu Aug 24 04:53:03 UTC 2006 

Jeff Palmer wrote:

>Hello,
>
>
>Let me preface the email by saying I'm not overly familiar with geli,  and
>it may already have the ability to do what I'm about to describe.
>
>The scenario:   A FreeBSD based appliance at a customer premise.  The
>customer really can't be trusted not to disasemble the box,  and gain
>knowledge about the box configuration, software, and design.
>
>The idea:  I'd like to use geli to encrypt *everything* on the disk.  So
>if someone (a competitor maybe) removes the disk from the machine,   he
>can't gain any data off of it easily.  I know nothing is 100%,  but why
>make the process easy for him?
>
>The problem:  I don't want the end user to have to do anything to the box,
>  to have it "come back up" after a reboot/power failure.   The goal is an
>appliance that the client just plugs in,  and forgets about it.
>
>The plan:  the appliance would be persistantly connected to an SSL based
>VPN server at my central office. (Think OpenVPN server)  I'd like a way
>for geli to encrypt the entire disk,  but fetch the key from a server
>located on the VPN.  this would require the appliance to boot up,  access
>the internet (static IP), access the VPN (ssl key'd) and fetch the key
>that geli needs.
>  
>
I think its possible,
Geli is a great crypto subsystem but I would say you would have to come 
half way and have probably the base FreeBSD system use a passphraseless 
Geli key just for the base system, and a second passphrase protected 
second file system that would hold the really important stuff, this 
still prevents your customer from having to do anything.

You could symlink bits of the file system that don't prevent it from 
booting into your passphrase protected second geli file system,  this 
would be needed if you need base bits of FreeBSD extra encrypted.

Once the box is up it can be reached via VPN and you could script it so 
the another machine connects in via VPN and auto enters the Geli private 
key passphrase and mounts the encrypted file system.
The security would be based around how strong the passphrase is to 
protect your private key for the second Geli filesystem compared to 
someone else just getting access to the private key.

Mike

>Is this currently possible using geli (or even other software that I may
>not have heard of)  or if not,   would it be overly difficult to
>implement?
>
>
>Any feedback or brainstorming would be GREATLY appreciated.
>
>
>DrkShdw @ freenode (##FreeBSD)
>
>P.S.  Sorry for the cross post from questions@,   I realized hackers@
>would probably be more suited to this discussion.
>
>_______________________________________________
>freebsd-hackers at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>  
>

More information about the freebsd-hackers mailing list