Booting a GELI encrypted hard disk
Steve Bertrand
iaccounts at ibctech.ca
Thu Oct 25 08:56:48 PDT 2007
Pawel Jakub Dawidek wrote:
> On Thu, Oct 25, 2007 at 12:46:53AM +0800, Daniel Marsh wrote:
>> Even if all data on a drive is encrypted, the partition table is not.
>> Software based disk encryption works on partitions.
>
> That's not true. One can configure full disk encryption using GELI. To
> do it you need to have a small USB pen-drive or CD-ROM with /boot/
> directory, but that's all you need. Then you actually boot from your
> unencrypted pen-drive, but mount all file systems from encrypted disk.
> The pen-drive is not needed for your system to run and you can be easly
> take it with you, which is not always the case for your laptop.
This is EXACTLY what I have now. Soon as the machine is booted, my thumb
disk comes with me.
The ONLY information on the thumb drive is /boot, a directory /keys and
an /etc that has only an fstab (to mount the .eli partitions from the
hard disk) and a loader.conf file to locate the keys.
This was originally my objective and have got it in place. Now the
machine is nearly upgraded to 7.0.
Steve
More information about the freebsd-questions
mailing list