Date: Wed, 9 Sep 2015 12:25:32 +1000 From: Fraser Tweedale <frase@frase.id.au> To: Analysiser <analysiser@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <20150909022531.GW1656@bacardi.hollandpark.frase.id.au> In-Reply-To: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--jAJnlX6Iz2QeVWJH Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 08, 2015 at 10:22:21AM -0700, Analysiser wrote: > Hi, >=20 > I=E2=80=99m trying to perform a whole disk encryption for my boot drive t= o protect its data at rest. However I would like to have a mac OS X-ish ful= l disk encryption that does not explicitly ask for a passphrase and would b= oot as normal without manual input of passphrase. I tried to do it with gel= i(8) but it seems there is no way I can avoid the manual interaction. Reall= y curious if there is a way to achieve it? Thanks! >=20 >=20 > Xiao > If the machine is on a trusted network, and if networking capabilities are available in the boot environment, you can coordinate with another host to decrypt the secret key and boot without operator intervention. In the scheme proposed in [1] the secret is encrypted locally and sent to a trusted server for decryption (TLS protects the secret on the wire). A variation of this protocol that does not expose the secret to the decryption service or on the wire is being investigated. You can watch a demo[2] of the system in action. The tech is all very Red Hat-centric at the moment but the general approach or the specific protocol could be implemented for FreeBSD. [1] http://www.freeipa.org/page/Network_Bound_Disk_Encryption [2] https://www.youtube.com/watch?v=3DlyDmhhVgXEc Cheers, Fraser --jAJnlX6Iz2QeVWJH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJV75iYAAoJEEtTkFJBEeHivGoP/1A0Ts+QzcscmIeBfm/Bo3di hBpemsFyKLd+9aT6Uq5t9H3Uf+6HrUFPOZQbplPUnEW6F2Q5+HBEIkW/T+NQrOsp xJqVCm5/jivZVq5CfAeYhzaKIqD/xwQX/ima++EbQyWktIR64+TJIX3QYcVw80dI UHpKZnzCgFSlqE95Q5budlfrL0nyFcIHUoAYAjol7Y1OffGg30U/AppV+Kw8Qkks mgiWPnz25HB6LqK2+DIy3/tEDtc7GIhWPIyGI30rNeu2ZQUzO1nK2W6/ReI+Jyy0 DQeIeT4QJgGxv1/5CxiT66u0Gx/KdkDMiRbNe2WKnwtGOcZ6HGdBPsS/BeOhAtCf RY1yJMgtH/U2t256KdqQlFjR19+Wh6+Y8eay53ccZMlCgKbdRq1tdj2Uc7lWqNxb N69yV4mnKuNbIjF+03uUocsAjoVFTkmj2QOyBkSLa0aBfl1G/6BGGpnYXEbKyRq0 E5hspPHK9IpG4DvX2vaDn/BxwCDgEjm59vvySbf/TpC6vXOAQMAXlbpsdFfEefr2 OzCGEuN8doxEp5Qac7SUDe8SpS4vOtbTYxQPrebmY+CZCbKaNVT7YxoHqOMeLakN bsmYfeQ2oFkIZWcxzfvuu6mTjQxLAC0eSu8eEwS6/tE6OtL6ns5punxnPRgsXIlu yaSHM1VY5pIYtWcKGs/R =MKDc -----END PGP SIGNATURE----- --jAJnlX6Iz2QeVWJH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150909022531.GW1656>