Date: Thu, 25 Oct 2007 11:56:44 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: Daniel Marsh <jahilliya@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Booting a GELI encrypted hard disk Message-ID: <4720BCBC.9080800@ibctech.ca> In-Reply-To: <20071024173858.GA1119@garage.freebsd.pl> References: <470CCDE2.9090603@ibctech.ca> <20071010175349.GB9770@slackbox.xs4all.nl> <20071022174629.GA1118@garage.freebsd.pl> <1799.208.70.104.211.1193103682.squirrel@webmail.ibctech.ca> <ba5e78ea0710240946m41582e38g6507df7fe53b1016@mail.gmail.com> <20071024173858.GA1119@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Jakub Dawidek wrote: > On Thu, Oct 25, 2007 at 12:46:53AM +0800, Daniel Marsh wrote: >> Even if all data on a drive is encrypted, the partition table is not. >> Software based disk encryption works on partitions. > > That's not true. One can configure full disk encryption using GELI. To > do it you need to have a small USB pen-drive or CD-ROM with /boot/ > directory, but that's all you need. Then you actually boot from your > unencrypted pen-drive, but mount all file systems from encrypted disk. > The pen-drive is not needed for your system to run and you can be easly > take it with you, which is not always the case for your laptop. This is EXACTLY what I have now. Soon as the machine is booted, my thumb disk comes with me. The ONLY information on the thumb drive is /boot, a directory /keys and an /etc that has only an fstab (to mount the .eli partitions from the hard disk) and a loader.conf file to locate the keys. This was originally my objective and have got it in place. Now the machine is nearly upgraded to 7.0. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4720BCBC.9080800>