Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 Jul 2005 15:42:44 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Eric Anderson <anderson@centtech.com>
Cc:        current@FreeBSD.org
Subject:   Re: GELI - disk encryption GEOM class committed.
Message-ID:  <20050729134244.GM609@darkness.comp.waw.pl>
In-Reply-To: <42EA311F.1020902@centtech.com>
References:  <20050728205413.GB762@darkness.comp.waw.pl> <42E95E08.80006@datacomm.ch> <42E981B9.5060500@datacomm.ch> <20050729103655.GG609@darkness.comp.waw.pl> <42EA205B.2000907@cytexbg.com> <42EA2EFE.3030800@centtech.com> <20050729133324.GL609@darkness.comp.waw.pl> <42EA311F.1020902@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--5V5c01chtBAiSHoy
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 29, 2005 at 08:37:35AM -0500, Eric Anderson wrote:
+> Hmm - is that really true?  How can one decrypt the root partition data=
=20
+> without the key, but with the kernel and modules?  It seems that if that=
=20
+> is a problem, than encrypting any partition without the kernel/modules=
=20
+> encrypted would be the same scenario.
+>=20
+> I think there still is benefit in encrypting the root, but not /boot.

I prefer method below:

- put decrypted /boot/ directory onto small file system on your USB Pen-Dri=
ve
  or CD-ROM,
- set booting from USB/CD-ROM in your BIOS,
- boot from Pen-Drive/CD-ROM,
- GELI will ask your for the passphrase before root file system is mounted,
- enter passphrase,
- root parition is decrypted and mounted,
- remove your Pen-Drive/CD-ROM.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--5V5c01chtBAiSHoy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFC6jJUForvXbEpPzQRAnksAJ9pAyHvVKGbLaqbFlcwFIq3V42p4ACg9h2X
FGsoGs8d9cl85F58G+3SEB4=
=VYST
-----END PGP SIGNATURE-----

--5V5c01chtBAiSHoy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050729134244.GM609>