Date: Tue, 8 Sep 2015 17:57:03 +0000 From: "Li, Xiao" <xaol@amazon.com> To: RW <rwmaillists@googlemail.com>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <D2146CB4.19FE%xaol@amazon.com> In-Reply-To: <20150908184240.0c368300@gumby.homeunix.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <20150908184240.0c368300@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the reply! My problem is: I trust the booted system since the boot process is protected by trusted gpt boot, and a randomly generated login password. My machine only allows remote ssh access. I=B9m trying to protect the machine if the it is lost or intercepted and the attacker is trying to gain access to the files and data on the boot disk of it by attaching the boot disk to another system. I found a thread here and I have the same questions with the OP:http://serverfault.com/questions/412857/freebsd-encryption-concept-autom atic-boot-without-password-or-key-when-mounted?newreg=3D8066eff445b44f8f85b= 2a 7092f92b29f But since I=B9m using TPM I=B9m wondering if I could store the key or passphrase in TPM to achieve the automatic boot without manual interaction. Thanks again! Xiao On 9/8/15, 10:42 AM, "owner-freebsd-hackers@freebsd.org on behalf of freebsd-hackers@freebsd.org" <owner-freebsd-hackers@freebsd.org on behalf of freebsd-hackers@freebsd.org> wrote: >On Tue, 8 Sep 2015 10:22:21 -0700 >Analysiser wrote: > >> Hi, >>=20 >> I?m trying to perform a whole disk encryption for my boot drive to >> protect its data at rest. However I would like to have a mac OS X-ish >> full disk encryption that does not explicitly ask for a passphrase >> and would boot as normal without manual input of passphrase. I tried >> to do it with geli(8) but it seems there is no way I can avoid the >> manual interaction. Really curious if there is a way to achieve it? > >What exactly do you want to do? Without some form of manual interaction >disk encryption is pointless. >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D2146CB4.19FE%xaol>