encrypt whole system using zfs
Roland Smith
rsmith at xs4all.nl
Thu Jul 29 12:52:47 UTC 2010
On Thu, Jul 29, 2010 at 01:26:19PM +0200, Jozsi Vadkan wrote:
> With dm_crypt&lvm, i can install a Debian [in sraid1], that has only the
> mbr & the "/boot" unencrypted.
>
> So if someone steals the server/hdds, it can't do anything to them.
> That's ok.
They can wipe the harddrive and re-sell the machine or parts, which is what
most thieves are interested in, I suspect.
> I'm a newbie to FreeBSD, and I want to use it in the future. I'm looking
> for these "features", that i mentioned above.
IMHO, it is a bad idea to encrypt the standard OS data and files, because this
potentially gives an attacker a lot of "known plaintext" to attack the
encryption!
It is better to put your data (and only your data) on a separate partition and
encrypt that with geli(8). Also, read §18.16.2 of the FreeBSD handbook that
deals with geli encryption.
> So, if someone has a little time, can someone post just a few
> howtos/links, how to do this?
Here you go: http://www.xs4all.nl/~rsmith/unix/encryption.xhtml
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100729/a0d7d978/attachment.pgp
More information about the freebsd-questions
mailing list