GEOM/GELI Boot Disk Encryption
Eric Crist
mnslinky at gmail.com
Fri Jun 8 12:16:48 UTC 2007
On Jun 7, 2007, at 9:54 AMJun 7, 2007, cpghost wrote:
> On Wed, Jun 06, 2007 at 07:00:44PM +0200, Roland Smith wrote:
> You may wish to (at least) encrypt swap partitions, /tmp and /var/tmp,
> and probably /usr/tmp (if it's not a symlink to encrypted /var/tmp) in
> addition to /home. Most userland programs can leak sensitive date
> there
> that you'd rather have encrypted too.
>
> Add to this: stuff like /var/db (esp. useful for /var/db/pgsql,
> /var/db/mysql, mail spool directories and some such), and maybe
> /var/log as well. Encrypting the complete /var filesystem is
> easier though... Some ports also use /usr/local/www to store
> user-specific data, but what's the point of encrypting this? ;-)
>
> Regards,
> -cpghost.
So, back to encrypting my entire disk, I just need to put the boot
partition on its own slice?
There's all the bits available to start up the decryption stuff after
that loads, so I can make my entire system, swap and all, encrypted,
right?
Eric
More information about the freebsd-questions
mailing list