Date: Mon, 21 Sep 2009 23:35:13 +0300 From: Alaksiej C <ac@belngo.info> To: freebsd-geom@freebsd.org Subject: Re: geom_eli, N disks, zfs Message-ID: <5709ce310909211335s25aba206i33571558e4aeb92f@mail.gmail.com> In-Reply-To: <20090921143821.27380@gmx.net> References: <20090921143821.27380@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
You can allocate one small disk/slice to be encrypted with passphrase (and - if you like - with keyfile(s) too). Inside of it you will store keyfiles for other disks, which should be encrypted without using passphrase(s). In such configuration it's necessary to know passphrase to unlock any disk, but you need to type it only once. P.S. And, actually, I think your question is fit better for freebsd-questions@. On Mon, Sep 21, 2009 at 5:38 PM, Evgeny Solovyov <a.n.s.i@gmx.net> wrote: > Is there any better way to configure a system to encrypt N-disk with passphrase for using under zfs as write in loader.conf following: > > geom_eli_load="YES" > geli_da0p1_keyfile0_load="YES" > geli_da0p1_keyfile0_type="da0p1:geli_keyfile0" > geli_da0p1_keyfile0_name="/boot/keys/da0.key" > > geli_da2p1_keyfile0_load="YES" > geli_da2p1_keyfile0_type="da2p1:geli_keyfile0" > geli_da2p1_keyfile0_name="/boot/keys/da2.key" > > ... > > geli_da<N>p1_keyfile0_load="YES" > geli_da<N>p1_keyfile0_type="da<N>p1:geli_keyfile0" > geli_da<N>p1_keyfile0_name="/boot/keys/da<N>.key" > > > The problem is we must enter the passphrase N-times. > > Thanks. > > Evgeny Solovyov > -- > Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 - > sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser > _______________________________________________ > freebsd-geom@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5709ce310909211335s25aba206i33571558e4aeb92f>