From owner-freebsd-geom@FreeBSD.ORG Wed Feb 8 07:58:48 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6972716A420 for ; Wed, 8 Feb 2006 07:58:48 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE72043D49 for ; Wed, 8 Feb 2006 07:58:47 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id B5CE250D3B; Wed, 8 Feb 2006 08:58:45 +0100 (CET) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 6133850B72; Wed, 8 Feb 2006 08:58:39 +0100 (CET) Date: Wed, 8 Feb 2006 08:58:25 +0100 From: Pawel Jakub Dawidek To: Christian Baer Message-ID: <20060208075825.GA11037@garage.freebsd.pl> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: GELI -> What to encrypt? X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 07:58:48 -0000 --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 08, 2006 at 01:20:00AM +0100, Christian Baer wrote: +> Hi folks! +>=20 +> This question may seem a little strange, but don't hit me yet. :-) +>=20 +> I was just sitting here wanting to set up a new GELI-device when it +> struck me: What should I encrypt exactly. If I were to use GBDE, the +> usual concept is to encrpyt (only?) the actual partition ad2s1d. GELI +> suggests to encrypt all of ad2. I guess I could partition the +> pseudo-device then. Would I get something like ad2.gelis1d? +>=20 +> Does this have any advantages oder just encrypting the partition and if +> so how important are these? GELI, just like GBDE or any other GEOM class can work on _any_ GEOM provider (disk, slice, partition, mirror, etc.). Because this is the second such question I'm seeing, I'll probably add a note to the manual page. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD6aShForvXbEpPzQRAnzrAJ9ym1wk+s3uejCXLGnnFS/g2/4zfACg00S5 HbUjGfDRaEUKwrux7iLDumI= =yRoi -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3--