From owner-freebsd-current@FreeBSD.ORG Fri Jul 29 12:26:07 2005 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81A6416A41F for ; Fri, 29 Jul 2005 12:26:07 +0000 (GMT) (envelope-from nike_d@cytexbg.com) Received: from mail.interbgc.com (mx01.interbgc.com [217.9.224.225]) by mx1.FreeBSD.org (Postfix) with SMTP id 7B16043D48 for ; Fri, 29 Jul 2005 12:26:05 +0000 (GMT) (envelope-from nike_d@cytexbg.com) Received: (qmail 8619 invoked from network); 29 Jul 2005 12:26:05 -0000 Received: from nike_d@cytexbg.com by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.2.40/v4374. spamassassin: 2.63. Clear:SA:0(-2.6/8.0):. Processed in 2.585833 secs); 29 Jul 2005 12:26:05 -0000 X-Spam-Status: No, hits=-2.6 required=8.0 Received: from 213-240-205-57.1697748.ddns.cablebg.net (HELO tormentor.totalterror.net) (213.240.205.57) by mx01.interbgc.com with SMTP; 29 Jul 2005 12:26:02 -0000 Received: (qmail 12146 invoked from network); 29 Jul 2005 12:26:01 -0000 Received: from qmail by qscan (mail filter); 29 Jul 2005 12:26:01 +0000 Received: from unknown (HELO ?10.0.0.3?) (10.0.0.3) by tormentor.totalterror.net with SMTP; 29 Jul 2005 12:26:01 -0000 Message-ID: <42EA205B.2000907@cytexbg.com> Date: Fri, 29 Jul 2005 15:26:03 +0300 From: Niki Denev User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <20050728205413.GB762@darkness.comp.waw.pl> <42E95E08.80006@datacomm.ch> <42E981B9.5060500@datacomm.ch> <20050729103655.GG609@darkness.comp.waw.pl> In-Reply-To: <20050729103655.GG609@darkness.comp.waw.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: current@freebsd.org Subject: Re: GELI - disk encryption GEOM class committed. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jul 2005 12:26:07 -0000 Pawel Jakub Dawidek wrote: > +> Booting from Encrypted Root: > +> GELI - Works. How'd one load the kernel from an encrypted root though? > > Kernel has to be loaded from a USB Pen-Drive or a CD-ROM. > You need to put /boot/ directory in there. GELI will ask for the passphrase > before root file system is mounted. After that you can remove > Pen-Drive/CD-ROM. > Wouldn't it work if /boot is small separate unencrypted partition? ( Well, there is the possibility that someone replaces your kernel with one with keylogger to catch your password next time you type it :)) I use this method for bootable RAID1+0 with GEOM's stripe and mirror, and it seems to work great. --niki