Date: Thu, 7 Sep 2006 14:29:01 +0200 From: Frank Steinborn <steinex@nognu.de> To: Nikos Vassiliadis <nvass@teledomenet.gr> Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Getting GELI Keys from Floppy Message-ID: <20060907122901.6205EB82C@shodan.nognu.de> In-Reply-To: <200609071019.46529.nvass@teledomenet.gr> References: <20060906210021.C2428B82C@shodan.nognu.de> <200609071019.46529.nvass@teledomenet.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Nikos Vassiliadis wrote: > Are you sure you want to trust a floppy disk for your keys?? > It's not the most safe medium these days... I'll backup the keys on CD. It's just that I don't want to waste a CD-ROM drive in this server. > > > > There is a problem here, because GELI initializes _before_ mounting > > the disks from /etc/fstab (for obvious reasons, of course). So GELI is > > not able to get the keys from the floppy and fails. > > > > So, any hints how I could get the floppy mounted _before_ GELI tries > > to initialize? > > Why don't you use the plain device(/dev/fd0) instead of using a file on a > filesystem on the floppy? I think there are examples in the manual page. I could use /dev/fd0 directly but then I had to use the same key for all 6 HDD's in the server. I got a solution by hacking /etc/rc.d/geli - I'm just mounting the floppy there before it tries to read the key. Thanks for all the people giving suggestions! Frank
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060907122901.6205EB82C>