Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 12:40:12 -0500
From:      Steve Bertrand <steve@ibctech.ca>
To:        Johann Hasselbach <jhass88@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: freebsd encrypted hard disk?
Message-ID:  <496E237C.2010606@ibctech.ca>
In-Reply-To: <ab52c4f40901140923k58245c1au2b4a2c89adde90bc@mail.gmail.com>
References:  <ab52c4f40901140923k58245c1au2b4a2c89adde90bc@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Johann Hasselbach wrote:
> I read the "encrypting disk partitions" section of the Handbook. What
> is the preferred method nowdays, geli or gbde?
> 
> Is there another method that would be better?

I don't know what is best, but for quite some time I've used GELI to
encrypt my entire hard disk, including the / partition.

I then copy /boot to a USB thumb drive with the encryption key so I
don't need any portion of the hard disk unencrypted. This setup also
allows me to pull the USB key from the machine after it has been booted,
taking the encryption key with me.

I've never had a problem.

pearl# df -h
Filesystem       Size    Used   Avail Capacity  Mounted on
/dev/ar0.elia    504M    377M     87M    81%    /
devfs            1.0K    1.0K      0B   100%    /dev
/dev/ar0.elie     47G    9.6G     34G    22%    /usr
/dev/ar0.elif     47G    7.2G     36G    17%    /var
/dev/ar0.elig     47G     25G     19G    57%    /home

Steve



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?496E237C.2010606>