Date: Mon, 11 Mar 2019 09:40:20 +0100 From: Polytropon <freebsd@edvax.de> To: Alexandre Leonenko <alex@esecuredata.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Automatic unencryption using /etc/fstab Message-ID: <20190311094020.12d9aad9.freebsd@edvax.de> In-Reply-To: <BL0PR16MB265912877178BADC1490E109C7480@BL0PR16MB2659.namprd16.prod.outlook.com> References: <BL0PR16MB265912877178BADC1490E109C7480@BL0PR16MB2659.namprd16.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Mar 2019 08:20:46 +0000, Alexandre Leonenko wrote: > Is it possible to use /etc/fstab to point to encryption key file > to unencrypt a second drive on boot up? > > The idea that / root is already encrypted and the file will be > as well. I want to avoid entering passwords multiple time for > few different drives. > > I know Linux can already do that with the LUKS encryption and > was wondering if same thing is possible on FreeBSD. I think FreeBSD supports this approach natively for decades now. Check "18.12.2. Disk Encryption with geli" in The FreeBSD Handbook: https://people.freebsd.org/~rodrigc/doc/handbook/disks-encrypting.html It is possible to use a key file without a passphrase and use it in an automatic decrypt + mount scenario, but be aware of the security implications. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190311094020.12d9aad9.freebsd>