Date: Wed, 14 Jan 2009 12:40:12 -0500 From: Steve Bertrand <steve@ibctech.ca> To: Johann Hasselbach <jhass88@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: freebsd encrypted hard disk? Message-ID: <496E237C.2010606@ibctech.ca> In-Reply-To: <ab52c4f40901140923k58245c1au2b4a2c89adde90bc@mail.gmail.com> References: <ab52c4f40901140923k58245c1au2b4a2c89adde90bc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Johann Hasselbach wrote: > I read the "encrypting disk partitions" section of the Handbook. What > is the preferred method nowdays, geli or gbde? > > Is there another method that would be better? I don't know what is best, but for quite some time I've used GELI to encrypt my entire hard disk, including the / partition. I then copy /boot to a USB thumb drive with the encryption key so I don't need any portion of the hard disk unencrypted. This setup also allows me to pull the USB key from the machine after it has been booted, taking the encryption key with me. I've never had a problem. pearl# df -h Filesystem Size Used Avail Capacity Mounted on /dev/ar0.elia 504M 377M 87M 81% / devfs 1.0K 1.0K 0B 100% /dev /dev/ar0.elie 47G 9.6G 34G 22% /usr /dev/ar0.elif 47G 7.2G 36G 17% /var /dev/ar0.elig 47G 25G 19G 57% /home Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?496E237C.2010606>