Passphraseless Disk Encryption Options?

[Li, Xiao]

Thanks for the reply! My problem is: I trust the booted system since the
boot process is protected by trusted gpt boot, and a randomly generated
login password. My machine only allows remote ssh access. I¹m trying to
protect the machine if the it is lost or intercepted and the attacker is
trying to gain access to the files and data on the boot disk of it by
attaching the boot disk to another system.

I found a thread here and I have the same questions with the
OP:http://serverfault.com/questions/412857/freebsd-encryption-concept-autom
atic-boot-without-password-or-key-when-mounted?newreg=8066eff445b44f8f85b2a
7092f92b29f

But since I¹m using TPM I¹m wondering if I could store the key or
passphrase in TPM to achieve the automatic boot without manual
interaction. Thanks again!

Xiao

On 9/8/15, 10:42 AM, "owner-freebsd-hackers at freebsd.org on behalf of
freebsd-hackers at freebsd.org" <owner-freebsd-hackers at freebsd.org on behalf
of freebsd-hackers at freebsd.org> wrote:

>On Tue, 8 Sep 2015 10:22:21 -0700
>Analysiser wrote:
>
>> Hi,
>> 
>> I?m trying to perform a whole disk encryption for my boot drive to
>> protect its data at rest. However I would like to have a mac OS X-ish
>> full disk encryption that does not explicitly ask for a passphrase
>> and would boot as normal without manual input of passphrase. I tried
>> to do it with geli(8) but it seems there is no way I can avoid the
>> manual interaction. Really curious if there is a way to achieve it?
>
>What exactly do you want to do? Without some form of manual interaction
>disk encryption is pointless.
>_______________________________________________
>freebsd-hackers at freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"