Pre-boot authentication / geli-aware bootcode
Matt Piechota
piechota at argolis.org
Fri Jun 15 15:05:50 UTC 2012
On 06/15/2012 09:39 AM, Aaron Zauner wrote:
> AFAIK you'd need something similary to initrd
> (http://en.wikipedia.org/wiki/Initrd), which, to the best of my
> knowledge, does not currently exist in freebsd.
>
Even that leaves the initrd (and /boot) unencrypted (as in Linux). The
Windowsy ones I've seen appear to load the decryption driver right out
of the MBR and work from there. I haven't done detailed investigation on
it, but I think TrueCrypt does work this way and is FOSS (although with
their own license that requires attribution and whatnot).
http://www.truecrypt.org/legal/license
--
Matt Piechota
More information about the freebsd-security
mailing list