Date: Fri, 29 Jul 2005 13:45:48 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: freebsd-security <freebsd-security@freebsd.org>, freebsd-geom <freebsd-geom@freebsd.org>, freebsd-hackers <freebsd-hackers@freebsd.org>, "Ronnel P. Maglasang" <rmaglasang@infoweapons.com> Subject: Re: booting gbde-encrypted filesystem Message-ID: <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net> In-Reply-To: <20050729065357.GA617@darkness.comp.waw.pl> References: <42E9BC12.2050401@infoweapons.com> <20050729065357.GA617@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > This is not not possible with current GBDE. > I've patches which allows this here: > > http://people.freebsd.org/~pjd/patches/gbde.patch I fail to see how this allows an encryted root-FS, it doesn't add gbde support to boot0(ext) or to the loader. It needs access to an unencrypted kernel. I don't think this is what Ronnel had in mind (overlooking the fact that his suggestion to save the passphrase in the loader is insecure). Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 The man who can smile when things go wrong has thought of someone he can blame it on.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050729134548.1cc28dr8gg0k4k0g>