Date: Sun, 13 Jan 2008 23:42:07 +0100 From: Volker <volker@vwsoft.com> To: freebsd-geom@freebsd.org Subject: how-to: encryption + journaling (geli + gjournal) Message-ID: <478A93BF.4070404@vwsoft.com>
next in thread | raw e-mail | index | archive | help
For the archives (as I haven't found a nice how-to on this topic): A short how-to to get geli + gjournal running smoothly (the lazy way, depending mostly on OS infrastructure, no script hacking needed). - set up your geli provider: geli load geli init /dev/ad0s1d # check geli(8) for this geli attach /dev/ad0s1d dd if=/dev/random of=/dev/ad0s1d.eli bs=1m # (use higher values bs=... for faster operation) - set up journaling gjournal load gjournal label /dev/ad0s1d.eli newfs -J /dev/ad0s1d.eli.journal /etc/fstab: /dev/ad0s1d.eli.journal /anywhere ufs rw,async,late 2 2 /etc/rc.conf: geli_devices="ad0s1d" geli_ad0s1d_flags="" # depends on how you've setup geli geli_ad0s1d_autodetach="NO" /boot/loader.conf geom_eli_load="YES" geom_journal_load="YES" Warning: If you make a mistake, your machine will go into single user mode on reboot. Don't try this w/o console access. For a desktop machine, using a passphrase is not that bad (beware of key loggers). It's probably not *the* solution for everybody, but isn't that easy to get security and fault tolerance?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?478A93BF.4070404>